Two thoughts as a counter argument: Government and OSCP

scheduleOctober 4, 2019

First, the CISSP is used as the defacto standard for senior level information security positions related to government work.

Counter the “old white security guy,” by having the OSCP too. The OSCP smacks of Millenial “I’m here, I expect an award,” so that will balance it out.

It’s also intersting that this argument is self defeating.

”Unfourtunately, a lot of people are afraid to speak the truth, to let their CISSP lapse because they feel it’s a risk.” 
”Most shockingly on the latter is the fact that members can’t renew due to website issues and then incure hundreds of dollars of late penalties.”

So either people are renewing their CISSP’s (not letting them lapse) or they are not. I’m calling bullshit on your “late penalties” until you produce something that shows this exists. I’ve never known anyone to have a problem with registering CPE’s or paying the maintenance fee. You’d need more than one or two anecdotes to demonstrate there’s a problem here. And you just imply it, you don’t provide evidence.

I also call bullshit on, “I couldn’t afford the upkeep on my own.” CPE’s are literally free, they’re a time based thing. Write an article, teach a class, go to free classes (I’ve received CPE’s for going to Infragard meetings that cost NOTHING). And upkeep is barely more than $5 a month. What position did you leave at Microsoft, janitorial?

You’ve never heard anyone say, “I like this candidate but they aren’t certified?” Well, that’s because they didn’t make it to the table. EVERY HR system I’ve interacted with over the past two decades uses screening terms in your resume. If they expect a CISSP, and you don’t mention the title on your resume, your resume is ignored and you don’t get the interview. People that aren’t interviewed don’t end up being talked about.

Every position I’ve had in the Denver Tech Center over the past decade was because of experience and certifications (including the CISSP).

If you want to talk about what needs to be done away with, the requirement for college degrees is a better place to start. Oh wait, the big companies are already doing that (Apple, Google, IBM). So if not a degree or a certification to provide evidence of a qualification, what then? Your promise that you are qualified?

I’m not afraid to speak the truth. I can’t tell you the number of candidates I’ve caught in phone interviews googling their answers (and how funny it was that I could take their answer, put it in google and find the page they got it from). There HAS to be some standard. The CISSP is meant to be a minimum standard. A way to show that a candidate has minimum qualifications.

You let your CISSP lapse and didn’t spend $2000. Good for you. I’ve not, and I’m well over a million dollars in the black over the almost ten years I’ve had mine. I’ll take my million dollars over your $2000 any day.