It’s a lot to slog through. My shortcut for corporate rule changes is: if I can’t understand it quickly, they’re trying to pull one over on me. Therefore I vote against.
If I can hijack a bit - do any of you find your ISC2 certification actually useful? I had the CISSP for several years but let it lapse when I knew I wouldn’t be changing jobs again.
I’m a contractor to the US Federal Government. They require certain certifications for certain IT security roles. My CISSP covers the requirements the roles I need to perform. My ISC2 certification is useful in that it lets me keep my job. That’s pretty much all. I don’t plan on renewing it when I retire.
I also have a Security+ certification, but I’ve decided to let it go when it expires because I don’t want to take another test (CompTIA changed the requirements), and my CISSP covers the US Federal Government’s requirements.
It will be nice only having to earn, submit, and track continuing professional education courses for 2 organizations instead of 3. I’ll still need CPEs for my CISSP and my employer, but navigating 2 different sets of requirements instead of 3 will be nice.
The ISC2 CAP certification would have been a better for for what I do, but it didn’t exist in 2008 when I needed to certify or lose my job. So I got the Security+ (to cover the basic requirements) and then the CISSP.
In ISC2’s favor, I was at an ISC2 event where they announced scholarships for some early career IT security people. It was like an episode of “Queen for a Day”. These deserving people who’s had difficulties in life were given a hand up to lucrative careers. That was nice!
The ISC2 magazine and conferences are OK, but I can find other conferences, journals, and cybersecurity articles.
For example, there’s a free cybersecurity conference called PancakesCon. All the talks from all 3 conferences are on YouTube. They’re 30 minute talks, 15 minutes introducing a cybersecurity topic, and 15 minutes on a hobby. The talks are well done, accessible, fascinating, fun, and free!
Similar to the Knig, having a CISSP was a condition for my position with a GSIFI, aka Global Systemically Important Financial Institution, or “too big to fail” mega-bank.
Now I’ve traded SOX for HIPAA and am at one of the largest healthcare companies in the world. Having the cert hasn’t come up yet, but it certainly can’t hurt.
Thanks for the replies. Before retiring I worked for 2 different security software vendors so the odds are good that you are customers of one or the other.
I also got that email. IMO it’s a nice recovery from the hand-picked board members all being elected. Note that under 10,000 members voted, out of over 100,000 members total. But of voting members 2/3rds rejected the bylaw changes. Quite the smackdown for such things!
Bumpdate: There are new proposed bylaw changes to ISC2. There’s a webinar tomorrow (02 May 2023) at 8:00 AM Eastern Time, and voting instructions coming by email on 20 June. Votes must be submitted by 17 July. I glanced at the proposed changes, and nothing jumped out at me, but it’s been a long week already.
That webinar was at a ridiculous time. 8AM is bad enough for anyone, but it was 8 AM Eastern. I’m in California. Unless you broke a production server, 5AM doesn’t exist for me!
I wonder what their thinking was - trying to get the meeting in before the start of the workday? I’m not sure that schedule is what an organization that wants to engage with its members would do.
More difficulties for ISC2… Did they not think to maybe let some of the members check it out first?
Bylaws Voting Suspended
A vulnerability has been identified in our bylaws voting platform. We hold the integrity of our member voting paramount and have suspended voting until a secure environment is restored. No data were compromised.
We will provide updates when available. All members will have an opportunity to vote prior to the August 1, 2023, Special Meeting. To ensure the integrity of the results, all members will be asked to resubmit their vote. We are committed to making that process as easy as possible.
We realize this creates inconvenience; however, we want to maintain the high security standards our members expect.
I’d read before that a CISSP was basically a guaranteed ticket to a 6-figure income job for life. Not anymore I guess.
ISC2 sounds like a lot of certification organizations like HRCI, SHRM, Scrum or WorldatWork, raking in the cash for little effort, and utterly oblivious to the very feedback or good practices that it preaches.
I wouldn’t say a CISSP is a guarantee, but there are a lot of cyber security-related jobs for which the US federal government requires a certification, and the CISSP covers most of those roles. The requirement extends to contractors as well as direct federal employees. That’s why I got my CISSP.
I’m mostly with you on the raking in the cash aspect. I’ve been less-than-thrilled with the certification industrial complex for years. Getting my CISSP ages ago made no change in my professional work, except I got to keep doing it. The scholarships ISC2 has offered folks are nice - deserving people get a leg up on a good career.
Right now it seems like the ISC2 leadership really, Really, REALLY wants to go in a direction that the members don’t. And getting hacked in the midst of this is not a good look.