I came across this article stating that CISSP certification correlates directly to higher salaries in information security.
This upsets me. Not because I have a grudge against the process, per se; if someone wants to get a CISSP, that's fine by me - for my dollar, I've always thought it was a bit too expensive but who am I to judge how people spend their hard-earned money. Rather, what disturbs me is the fact that organizations appear to be using the CISSP as a recruitment aid.
Why are we paying a for-profit company an "entrance tariff" in order to practice information security; what do we as a society or we as information security workers getting back from the certification process? Unions (organized by workers for workers) offer some degree of protection for the individual; professional credentials (CPA's, engineers, doctors, etc.) supply some type of protection to society at large. CISSP does neither - until this credential is a) administered by a non-profit professional entity and b) undergoes independent review to establish the degree to which it protects society, I think we are mistaken to make it a "must-have" in the hiring process.
Of course, there's the other matter of CISSP's favoring other CISSP's in the hiring process, which I won't go into here; suffice it to say that I think we have enough "old boy" networks already...
Posted by Ed at March 7, 2005 02:05 PM