Tuesday, May 20, 2008

Not really a defense of the CISSP, but...

It is pretty funny hearing the detractors of CISSP and other "management" certifications (you know, the folks who consider themselves the "real" and "technical" security pros) as they discover amazing concepts such as:

  • Business Continuity and Disaster Recovery Planning
  • Risk Analysis
  • Security Metrics
  • Aligning security with business practices and principals
  • Physical Security (beyond lockpicking at cons)
  • The importance and value of Policies and Procedures
  • The minefield of Corporate Ethics
  • and the rest of the CBK

Imagine that, maybe a wide ranging course of security topics can expose you to things outside of you area of expertise and make you a more well-rounded professional.