We have heard from a number of readers who see little value in requiring cybersecurity workers to have security-related industry certifications.
They were responding to our report about a Senate bill that would require contractors to license and certify anyone providing cybersecurity-related services to a federal agency.
Several of these readers are not impressed specifically with Certified Information Systems Security Professional (CISSP) certifications. But certification, in general, is a bit of a red herring they said, because it does not reflect work experience, which is more valuable than test experience.
Blog Results:
* I've been certified since 2003 and have contact with many "certified" folks who have no experience with actual skills on the job. The cost of getting certified is high for both individuals and companies, yet the government still wants to award to the low bidder. Companies can't afford to spend a lot of money and not get a return on their investment in the people. It is also very difficult to retain trained 'professionals' no matter if they are trained while under government sponsorship or by their company. There is a lot of job hopping to increase salaries without remaining long enough to actually learn/perfect skills or truly contribute to the agency's mission.
* Great. Another worthless paper certification. And I include CISSP in that. Took me 45 minutes to parse the exam questions for the correct answers to pass that test then ISC2 wanted "maintenance" fees throughout the 3 year certification period. Those fees were not disclosed when I got the CISSP cert. Now I have to pay the "overdue" fees to re-certify since the 3 years ended. WTF? ISC2 is just about the money and they are going to exploit this one for all it's worth.
No comments:
Post a Comment