What the CISSP Won't Teach You?

Certification: ISC CISSP - Certified Information Systems Security Professional

The international Information Systems Security Certification Consortium governs CISSP (Certified Information Systems Security Professional) which is an independent certification for information security. The certification is valid worldwide according to the reports of (ISC)2. The CISSP obtained the ANSI ISO/IEC Standard 17024:2003 accreditation in June 2004. Te certification is also approved by Department of Defense of US, for both of Information Assurance Technical (IAT) and Information Technical Managerial (IAM) categories. It is the baseline certification for the US National Security Agency’s ISSEP program.

An organization cannot be protected by technological solutions only; it has to have security professionals. These professionals will provide the organization a high standard of security to their customers, stake holders, employers and protect the organizational information. The Human Resource department in USA says that the security certification by CISSP is the biggest certification which one has, shows that he/she is qualified and can provide security to the the organization competently than other certifications. The US department stating that is correct in its own terms. The certified professionals who have the CISSP certification need to have five year of experience in the IT industry to secure their certification.

Benefits that CISSP certification provides

Individuals having CISSP certifications, provides an organization the working knowledge of system security. The certification gives them confidence to be committed to their profession. The certification provides them differentiation between career options, on the basis of marketability and credibility of the job option. The certification provides you certain benefits, like exchange of ideas and peer networking. The certification allows you to earn comparatively more than the individuals without the certifications. The certification allows individuals to fulfill requirements of government and private organization for security certifications.

The certification will allow the employers to position the candidates on the field that are recognized internationally. While working with contractors and vendors, the certification provides the employers increased work credibility. The certification circumvents ambiguity with practices and industry accepted terms, giving the employees a universal language. The certification allows the employers to validate experience and commitment towards the work in the industry. The certification needs the employee to renew the certification every three year, which allows the employers individuals with current skills. The certification satisfies the necessary requirements that are required by various contractors and service providers.

But the certification will defiantly not teach you how to apply your knowledge, your skills and to achieve your goals. You who have to decide how to achieve your goals, the certificate will provide your recognition and worth of yours.

Is it worth to have the certification?

If an individual who is looking for a job in IT industry mainly in the security systems, you should get CISSP certified. The course may sound expensive to some people, because it self funding course, but it will benefit you in your coming future. The people who are looking for security certification should go for CISSP. The certification is considered as higher certification in comparison to other certifications.

The individual looking for getting CISSP certified should have five years of IT experience or four years of experience and a degree, in addition to this you have to score 70 percent in the test having 250 multiple choice questions. After being certified you have to renew the certificate every three years, with continuous education requirements: attending classes, conferences, seminars, volunteering, teaching and writing. Without renewing your certification your certification will become invalid after three years. The certification by CISSP is the premier certification having more value but have few counterparts too:

• CEH (certified Ethical Hacker): It ids easier to earn than CISSP, but have a different aspects to it. It stresses more on the practical aspect than the theoretical knowledge, which give better exposure to infosec tools.
• CISA (Certified Information Systems Auditor): this certification provides you auditing approach towards the IT industry. For the certification you need to have five years of experience in the audit control
• OSCP (Offensive Security Certified Professional): this certification emphasizes on hand on experience. You have no multiple choices. You have to attend labs and have to get points by hacking boxes.

Along with these there are many other certifications, which have varying quality and that provide you different capabilities. There is great demand for certified security system professional and its not going to lower any time soon. In 2006 a survey done by Certification Magazine based on the salary of CISSP certification, shows that the employers pay more to the CISSP certified individuals. The survey ranked CISSP certified certifications best paid certifications in IT industry. In 2008, a different study concluded that professionals with CISSP certification have salaries higher than the professionals who don’t have such certificates. CISSP is a certification that meets all the requirements that a personnel certification requires. Though CISSP is the sought after certification, there are a group of people who claim that the value of CISSP is devalued due to the relaxed standards and to inadequate prosecution of ethical lapses.

What CISSP doesn’t teach you?

Though the certification is most sought after certifications; somehow it is an ineffective measure to measure the abilities of a security professional. Most of times customers and employers assume that the individual is capable. But many times it is the opposite. The certification does not give you the idea how to do the stuff. Its you who have to learn the certification will not give you the practical knowledge. There is very fast development in the security domain, you have to be aware of the advances to keep you current. If you are unable to do this, despite of the certification you will be outdated. Go ahead and achieve your certification, but don’t depend on the certification assuming it will provide you everything. Its you who have to work at the end.