When will DOD accept other certification and realize the CISSP is not best certification available for management?

SSG Robert Edwards — Tue, 25 Mar 2014 09:31:17 -0400

The CISSP lacks definition in experience as any person with 5 years of experience in any one or combination of the ten domains may apply for certification. yet this certification allow a one year waiver for a college degree or if the individual possess one of 40 acknowledged certifications. Of these 40+ certifications only 8 are accepted by the DOD 8570.1-M. I guess a twist to the old saying that the enemy of my enemy is friend does not play true here. As a certification used for the CISSP is not my friend. the process speaks of discrimination. Still if you look at the US Navy, the Naval Validation Certificate requires the completion of CNSS 4012, 4015 and the 4016 (IAE) course in order to validate Naval System. But DOD 8570 does not recognize these courses, Why, the US NAVY recognizes them but not DOD.

Still with the upcoming migration to RMF, points to a risk executive either individual or committee. The CISSSP only lists a single bullet in one of the ten domains, whereby; ISACA has developed the CGEIT with an entire domain for risk and the CRISC that has three (3) domains identified for risk. What is ironic is that the CGEIT has a knowledge statements that reads: 1.
Knowledge of the components of an enterprise governance
framework, 1.
Knowledge of enterprise architecture components, principles and
frameworks, and their implementation. These two statement more than cover the domains for the CISSP and then some as it is a certification for a manager to understand the Return on Investment (ROI) processes.

DOD is creating a top heavy approach to Information technology, because the 8570 allows the agency to pick the certifications. This process calls for the CISSP in over 90% of the positions advertised. Guess what you have 100 position, schools certify 50 individuals a month and roughly twenty personnel transfer to another position, what do you do with the remaining 30 positions unfilled. The Colonel wants CISSP and nothing else, so you wait and hope for a relief column.

Response by SFC Private RallyPoint Member made May 16 at 2014 11:07 AM

SFC Private RallyPoint Member — Fri, 16 May 2014 11:07:45 -0400

The CISSP is, and will remain for the foreseeable future, the de facto top-level vendor neutral security certification. No hiring manager should be choosing an applicant solely based on certifications. It is the combination of experience, education, and certifications (not necessarily in that order) that should serve as the determining factor in personnel selection.

I will add that requiring a CISSP in a job announcement does serve as an effective filter in the hiring process.

Response by SSG Robert Edwards made May 16 at 2014 4:20 PM

SSG Robert Edwards — Fri, 16 May 2014 16:20:43 -0400

See posting below.