|
Is the CISSP cert going the way of the MCSE? by Sean Walberg |
|
|
|
Now that colleges are beginning to offer the Certified Information
Systems Security Professional certification as part of their undergraduate
degree programs, this highly valued certification just might lose its
luster, much like the once prestigious Microsoft Certified Systems
Engineer has.
This fall, Peirce College will join Florida, St. Petersburg College as
the second school offering classes tied to the domains of knowledge for
both the CISSP and the SSCP. Combined with other college courses, a
student can not only enter the workforce with either an associate or
bachelor degree, but also having passed one of the International Information
Systems Security Certification Consortium exams. Due to experience
requirements for both certifications, the candidate does not actually get
the CISSP or SSCP designation until the experience has been obtained.
This program will not be unique to these two schools, as the ISC(2)
hopes to sign up as many as 100 colleges to offer its courses. The CISSP
is designed for people in a security management position, where they
will use their experience to properly assess and mitigate security risks.
Though the CISSP exam itself asks concrete questions on topics from
business continuity to telecommunications, the spirit and intent of the
CISSP is rooted in experience.
It is certainly possible to teach someone how to perform a
Diffie-Hellman key exchange, but it is the experience that dictates when it is
appropriate.
As laudable as it is that colleges are becoming more aware of the need
to teach students about information security, let's not pretend that
this marriage of colleges and certifications will help the present and
future holders of the CISSP. While offering the SSCP at the college level
is not quite as worrisome -- it is targeted toward junior-level infosec
pros -- offering the CISSP to undergraduates devalues the credential
for those with decades of experience.
Related Items:
|
