As I was scanning the presentations delivered last week at Defcon/SkyTalks, one really jumped out at me. Presenter Timmay delivered a provocative session entitled “Why You Should Not Get a CISSP” — a topic I recall as being hotly debated five years ago. As Timmay puts it, “For two decades, the flagship offering of the (ISC)2 [International Information Systems Security Certification Consortium] has been the CISSP, widely regarded as the only must-have certification for information security practitioners. But has it stood the test of time?… We explore the 10 domains of the CBK [the “common body of knowledge” upon which the certification exam is based], how the test has changed, and whether or not bothering with this certification can even help your career.”

Leave a Reply