It is pretty funny hearing the detractors of CISSP and other "management" certifications (you know, the folks who consider themselves the "real" and "technical" security pros) as they discover amazing concepts such as:
- Business Continuity and Disaster Recovery Planning
- Risk Analysis
- Security Metrics
- Aligning security with business practices and principals
- Physical Security (beyond lockpicking at cons)
- The importance and value of Policies and Procedures
- The minefield of Corporate Ethics
- and the rest of the CBK
Imagine that, maybe a wide ranging course of security topics can expose you to things outside of you area of expertise and make you a more well-rounded professional.
Jack
1 comments:
Certifications are a useful indicator, but no panacaea. In the case of the CISSP, it indicates that the holder has some experience in the field combined with at least theoretical knowledge across a broader base. That's useful in identifying good candidates for mid-level positions, and ones who may be on track for leadership.
Would I hire a good person with no certs. or only "technical" certs? Sure! Would I give a candidate some credit for attaining a relevant cert? You bet!
Tony Higgins CISSP-ISSMP, CISA, CIPP
And yes, I am one of those "management" types ;)
Post a Comment