Readers Respond: Security Cert Provider Cries Foul
Readers respond to Jeff Moad's article "Security Cert Provider Cries Foul."First let me introduce myself, I am Clement Dupuis, the maintainer of the CISSP & SSCP Open Study Guide Web site, located at www.cccure.org. I have been involved with the CISSP certification for many years I have been following the CISSP certification closely and I lately found out that it is changing and is no longer what it used to be. The clientele pursuing their CISSP today is very different from what it was 5 years ago. Today you have people who wish to become CISSP because it is in demand, it is the leading security certification, it is the key for them to find employment. Some of them barely meet the minimum experience requirement. The new CISSP is, in some cases, very technical and no longer only management oriented. The new CISSP is very different from the one done years back by persons with dozen of years of experience. The certification has to evolve to meet these challenges, but this is not taking place. There have been many talks on the CISSP Forum about a master CISSP or some type of specialty within specific domains. The article about (ISC)2 CISSP vs ISACA CISM was quite interesting. However, I do not believe that ISC2s only motive is to become the savior of the security certification world by avoiding the introduction of yet another security certification. The groups motives are diverse and, in some cases, might seem to be motivated by capital gains as much as the well being of its constituents.
You present ISC2 as a single not-for-profit entity; however, this is not exactly the case. There is the (ISC)2 Consortium, which is the non-profit arm of (ISC)2, and there is also the (ISC)2 Institute, a for-profit spin off. This creates a situation where (ISC)2 is attempting through different tactics to have a monopolistic approach towards the certification. It seems that their approach is to own the delivery of any training related to the certification. They do not have a system in place to validate the quality of training delivered by schools other than their own institute. They do not offer these competing schools a way to become accredited, there is no documentation about such a process on their site, their partner selection is unknown and the partners are not even listed on their Web site.