Come ask the CISSP Guruon July 18, 2008 at 7:04 am
So Andrew Hay just got his CISSP. Congrats man. There’s not a lot of people who have as much experience as you do who are actually even considering the CISSP. Maybe that piece of paper is actually worth it!
So he just got his, and meanwhile, I just entered into my third three-year cycle. Yep, I have been a CISSP for 6 years. And while I don’t consider that to be a very long time, it seems like a long time when I keep meeting all these people with these high numbers.
As an example, I went to see a client a couple of weeks ago in San Antonio and noticed one of the guys there wearing an (ISC)2 lanyard around his neck. I struck up a bit of conversation about the CISSP, and he mentioned his number was in the 90k range. I was almost embarrassed to tell him my number because it felt like I was telling the guy how old I was (I am in the low 30k range). At the same time, it made me feel like an experienced security sage on a mountain with a long white beard stuffed full of lost pages of security policies.
Yes, people, I am ready to dole out advice to the brave young security professional who braves the travails of the terrain to make it to my mountaintop! Come to me, you inexperienced infosec practitioner! Seek me out, you untried youth! Ask me the secret to information security!
And I will be there with one of those nebulous answers like "risk management" or "it sure as hell ain’t compliance!" And you’ll probably leave just as confused as when you climbed up. Heck, you might just jump off a cliff while you’re trying to make it back down the mountain. Everybody is searching for the easy answer. Pssst… there ain’t one.