I'm curious why CISSP is considered a joke? What alternatives are there for a broad-applicability industry-recognized infosec certification?

A challenge with running an accredited certification of people program is the organizational overhead needed to get and stay accredited, to use standard testing methods, and to maintain the test question database quality. Expensive. Much easier and cheaper to offer training with 'certificate of completion' paperwork - but then there's no backing to the overall quality of the certification.

Re-reading the MS note, they are probably referring to the domain specializations branched from the root CISSP. The latest one being for 'Cloud' IIRC.

Andrew Hughes CISM CISSP 
Independent Consultant
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8

AndrewHughes3000@gmail.com 
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security 


On Wed, Jun 14, 2017 at 1:19 PM, Sarah Squire <sarah@engageidentity.com> wrote:
There was a lot of pushback at RSA against being associated with ISC2 given that CISSP is now literally a joke. I'll chat with Mike Jones the next time I see him about the lessons learned from his attempted cert efforts and how we can avoid them without lowering standards.

Sarah Squire
Engage Identity

On Tue, Jun 13, 2017 at 2:24 PM, Colin Wallis <colin@kantarainitiative.org> wrote:
Taken at face value, it is indeed interesting as a theory.

To get a sense of how well the IS industry might do with Identity certification, one could look back at how good a job have they done with identity more broadly....

As another generalization, is the culture and motivation of ISC2 aligned with ID Pro?
The orgs are at very different ends of the spectrum in terms of maturity.  

Just because a large oligopoly has put some obvious thought into an earnest piece of advice, doesn't necessarily mean it's right....




On Tue, Jun 13, 2017 at 9:48 PM, Andrew Hughes <andrewhughes3000@gmail.com> wrote:
Yes - that is good feedback from MS - interesting that they suggest upgrading an existing pool of certifieds - it's an avenue I hadn't thought of when thinking about the BoK and eventual certification.

Andrew Hughes CISM CISSP 
Independent Consultant
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8

AndrewHughes3000@gmail.com 
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security 


On Tue, Jun 13, 2017 at 1:16 PM, Ian Glazer <iglazer@salesforce.com> wrote:
All -

Both Microsoft and Deloitte are struggling to find funding for IDPro at this time. This is certainly a disappointment and I am pushing them to find a way to fund at a lower membership level.

Mike Jones did include the follow in the conversation I was having with him and Alex. It's worth a read. His concerns are genuine and I am glad he shared them.

-- Mike's text starts here --

Hi Ian,

 

Microsoft had developed the following feedback to help IDPro be successful.  We were hoping to send this to you at the same time as we secured funding for our participation but I wanted to make sure that you had it nonetheless, so that IDPro could act upon it.

 

Ian, we’re really excited about the opportunity here and the positive industry impact it can have. We want to make sure that it is aligned with the key industry standards and leverages existing successful models. To that end, we’d like to propose the following:

 

We believe that the International Information System Security Certification Consortium (ISC)2 has done an excellent task of setting the criteria for the CISSP certification. The concept appeals to use where different companies can provide training and also administer certification tests for a CISSP. There are a vast number of already certified CISSP professionals out in the industry and it would make perfect sense to take advantage of the general certification process and further refine the (ISC)2   requirements for their track on Identity and Access Management and make this a full fledge certification in conjunction with CISSP this way we can pull from the vast number of CISSP professionals and also have the benefit of the knowledge that they have gained from the CISSP certification. 

 

Therefore, we’d like you to coordinate with (ISC)2 to achieve this alignment.  In particular, we’d like assurances that any IDPro certifications will occur through  (ISC)2 and not be created from whole cloth by IDPro.  Creating and validating certification tests is a labor and money intensive process.  We’d rather see IDPro’s resources be spent promoting Identity and Access certifications run by an existing organization than trying to produce a competitive product.  Please get back to us with the results of this coordination.

 

For what it’s worth, I have personal experience being on the board of an organization (USENIX) that created, ran, and ultimately shut down a custom certification program (Certified Professional System Administrators).  I’d be glad to talk to you at CIS about the lessons learned – which helped inform the message above.

 


--
Ian Glazer
Senior Director, Identity

_______________________________________________
IDProSC mailing list
IDProSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/idprosc



_______________________________________________
IDProSC mailing list
IDProSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/idprosc



_______________________________________________
IDProSC mailing list
IDProSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/idprosc