Reform candidate gets CISSP tin star sheriff's job
Listen up, e-pilgrim
Reform candidate Dave Lewis has been elected to the (ISC)2 board of directors.
The security certification body, which administers the Certified Information Systems Security Professional (CISSP) qualification, has about 80,000 members worldwide.
Four of the 13 seats on the (ISC)2 board were up for election this year; one of the positions went to Lewis, a Canadian who stood on a platform of seeking to restore the integrity of the CISSP exam.
Three other radicals - Scot Terban, Boris Sverdlik and Chris Nickerson - were unable to get their names on this year's ballot, which closed last Friday. None of the three succeeded as write-in candidates either.
Three of the four board election candidates on the ballot were dismissed as "time-servers" by the (ISC)2's critics. The board is made up of representatives from academia, industry and internet committees. But some in the security world want to see more people, such as Lewis and Wim Remes, with real-world experience heading the organisation.
Remes, who was elected to the (ISC)2 board of directors last year, told El Reg that much of the criticism was unfair.
"The present board are a diverse bunch who are well in touch with what's happening in security, and knowledgeable," he said.
CISSP certification can help boost one's career prospects in information security, but it's not mandatory and is a poor cousin to the professional qualifications in the legal and medical industries. Membership to (ISC)2 costs $85 a year, a bone of contention for some people. ®
A while back, I (with no formal IT qualifications) was called in to fix and secure a server / site that had been hacked. The site advertised the professional IT security services of someone boasting the following:
CISSP (Certified Information Systems Security Professional)
AIISP (Founder-Member of Institute Information Security Professionals)
MCSE (Microsoft Certified Systems Engineer)
CCSA (Checkpoint Certified Security Administrator)
CSSA (Certified SonicWALL Security Administrator)
CFSA (CyberGuard Firewall Security Administrator)
WCSP (WatchGuard Certified System Professional)
This well-qualified individual had left phpmyadmin in an obvious location with no mysql root password set. In addition it turned out that remote desktop was running (Windows server) and the Administrator password was his wife's maiden name - six letters long, all lower-case, and a dictionary word.
Forget the CPEs
And have the pleasure of splashing £440 every 3 years for the delights of the 6 hour multi-choice exam. At least that forces you to revise - and means an average annual cost including membership of circa £200.
Don't forget the CPEs
Gave up my membership years ago when the downturn meant that the £2000+ courses required to get your quotas of CPEs became thinner on the ground. You could top them up with endless vendor meetings, but eventually even the vendors gave up when you bought nothing. You were only allowed to read one book a year.
Being CISSP gave me a certificate and ... and somewhere to register my CPEs.