Dear Bloggers,

No matter how many employees hold a security certification, no environment is perfectly secure. There will always be an employee who opens an infected email or clicks on an attachment for a nasty infection to occur. You will not be able defend your environment from human error. It is the “Achilles’ heel of most security operations” (Kaplan, 2012).

CISSP stands for Certified Information Systems Security Professional. In the world of Information Security, this is THE certification to have. Fresh out of college candidates for employment do not have the security skills sought by most companies. The process of obtaining the CISSP certification impresses on employers that the skills they are looking for can be found in a candidate that has obtained this accomplishment. Obtaining (and keeping) this certification is a selling feature. The certification is obtained by individuals who have achieved five years of full-time security work experience and have trained for and passed the test. Those certified CISSP individuals must also keep up with changes in security as the certification requires 120 continuing professional education (CPE) credits every three years. Don't take the endeavor of studying for this test lightly though, just last December 3,700 certification exams were taken and only half of those test takers passed.

If you can get the certification you are in luck! The demand for security professionals far outweighs the supply. More demand + few supplies = More money to be had.

The professional environment has recently evolved though. It had gotten to the point where there were multiple certification bodies and each with their own certification which has the effect of bringing down the value of the CISSP since organizations didn’t know which certification was the better one to look for.

On a positive note, this washing out of security certifications did not go unnoticed. Organizational bodies such as the Cyber Security Credentials Collaborative (C3) and the National Initiative for Cyber Security Education are working together to create a common classification allowing security roles to be matched with security competencies enabling hiring agencies to better perform their job. This type of classification will better the security environment providing for the advancement of careers while meeting the needs of the organizations. That’s very good news indeed!

Until next time…..

Reference

Kaplan, D. (May, 2012). Seal of approval: Security certifications. Retrieved from http://www.scmagazine.com/seal-of-approval-security-certifications/article/236301/