Blood pressure is already rising at the mere mention of the word, but stick with me. I have held a few certifications through the years: from ASE Master Auto Technician and Master Heavy Truck Technician many years ago; to MCSE+I on NT 4.0 and CCNA later (one obsolete and the other lapsed); and for the past few years CISSP. I had different reasons for getting each cert, and each served its purpose- but I think the CISSP has been the most valuable.
Some people see the CISSP as a farce, held by people who make a career out of the tedium of security, not "real" security; others think having a CISSP makes you a genius and a security guru. Both are wrong.
The CISSP exam is long and tedious, and it covers a bewildering array of topics. That's the point, a wide-ranging view of information security, not a nuts-and-bolts technical view, not a C-level executive view- but a general grasp of numerous facets of information security.
So, where's the value? It is threefold
- First and most importantly, you have to get outside of your comfort zone and think about ALL of information security to pass the exam. This can only be good.
- Second, you "join the club" and get access to resources not readily available to others.
- Third, it is a high-profile certification that many people recognize.
Information on the CISSP certification is available at the ISC² website.
Also, while not directly related, there was a recent bit of confusion about the nature of the CISSP- Daniel Miessler recently wrote a negative post on CISSP; I don't think he really understands the cert. Martin McKeay later responded with a good commentary on Daniel's post.