Posted on Mar 25, 2014
SSG Robert Edwards
8.15K
0
3
0
0
0
The CISSP lacks definition in experience as any person with 5 years of experience in any one or combination of the ten domains may apply for certification. yet this certification allow a one year waiver for a college degree or if the individual possess one of 40 acknowledged certifications. Of these 40+ certifications only 8 are accepted by the DOD 8570.1-M. I guess a twist to the old saying that the enemy of my enemy is friend does not play true here. As a certification used for the CISSP is not my friend. the process speaks of discrimination. Still if you look at the US Navy, the Naval Validation Certificate requires the completion of CNSS 4012, 4015 and the 4016 (IAE) course in order to validate Naval System. But DOD 8570 does not recognize these courses, Why, the US NAVY recognizes them but not DOD. 

      Still with the upcoming migration to RMF, points to a risk executive either individual or committee. The CISSSP only lists a single bullet in one of the ten domains, whereby; ISACA has developed the CGEIT with an entire domain for risk and the CRISC that has three (3) domains identified for risk. What is ironic is that the CGEIT has a knowledge statements that reads: 1.    
Knowledge of the components of an enterprise governance
framework, 1.    
Knowledge of enterprise architecture components, principles and
frameworks, and their implementation. These two statement more than cover the domains for the CISSP and then some as it is a certification for a manager to understand the Return on Investment (ROI) processes. 

        DOD is creating a top heavy approach to Information technology, because the 8570 allows the agency to pick the certifications. This process calls for the CISSP in over 90% of the positions advertised. Guess  what you have 100 position, schools certify 50 individuals a month and roughly twenty personnel transfer to another position, what do you do with the remaining 30 positions unfilled. The Colonel wants CISSP and nothing else, so you wait and hope for a relief column. 







































Posted in these groups: Dod color DoDCertification Certifications
Avatar feed
Responses: 2
SSG Robert Edwards
0
0
0
Edited >1 y ago
See posting below.
(0)
Comment
(0)
Avatar small
1px xxx
Suspended Profile
The CISSP is, and will remain for the foreseeable future, the de facto top-level vendor neutral security certification. No hiring manager should be choosing an applicant solely based on certifications. It is the combination of experience, education, and certifications (not necessarily in that order) that should serve as the determining factor in personnel selection.

I will add that requiring a CISSP in a job announcement does serve as an effective filter in the hiring process.
SSG Robert Edwards
SSG Robert Edwards
>1 y
he CISSP only requires experience in two out of ten domains. If the person is lucky enough to pass the exam; where do they get the experience to cover the other eight domains for the job?

Certifications should be treated as AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS
Control: The organization establishes and institutionalizes contact with selected groups and associations within the security community:
- To facilitate ongoing security education and training for organizational personnel;
- To stay up to date with the latest recommended security practices, techniques, and technologies; and
- To share current security-related information including threats, vulnerabilities, and incidents.

The CISSP does not guarantee experience in all ten domains only two for 5 years.
(0)
Reply
(0)

Join nearly 2 million former and current members of the US military, just like you.

close