The UK’s designated national agency responsible for providing information and expert guidance on qualifications (UK NARIC
) recently announced that the Certified Information Systems Security Professional (CISSP
) credential offered by (ISC)2
is rated RQF Level 7, thereby placing it equal to a particular level of a Master’s Degree. This declaration is not without precedent. It follows the announcement made by a similar assessment organization in the U.S. that granted college credit eligibility for six (ISC)2
credentials. One would expect that this would cause a cheer in the InfoSec community.
Well, not so fast there, cowboy.
It turned out that the UK NARIC announcement caused an equal amount of groaning. Cries of “Total Bullocks” and even more colorful language were shared across social media platforms. Those who completed Master’s Programs were outraged. Others who knew of people who had passed the CISSP exam “without studying” were equally dismayed. This quickly became a heavyweight bout in the making. Or is it just another day in InfoSec?
Certification-bashing has been taking place for many years, so it is not surprising to see it continue today. Some highly qualified individuals in the InfoSec profession have often made their feelings known about the value of a certification. Now that universities are offering Master’s Degrees in Cybersecurity, it just adds to the rabble.
However, is all this anger misplaced? Does it serve us well as a community?
The most disturbing part about this most recent kerfuffle is that it occurred on the same day that an article ran in this publication about the CyBOK project
. CyBok is the Cyber Security Body of Knowledge Project. It is an 800+ page document that “seeks to ‘map to’ established knowledge sets via a structured framework.” What an amazing addition to all the knowledge that is available. This should have been the buzz in the social circles instead of the usual bickering about the value of any
It is hard to imagine a time when new knowledge will cease to emerge in information security. Every day brings new insight, new discoveries and new innovations. Every year, we hear new ideas, and we see new demonstrations at conferences. Wonder, curiosity and the pursuit of knowledge are what drove most of us to this magnificent profession in the first place. It is what makes us all keep coming back every day with renewed vitality and a desire to share our understanding with the public in our efforts to keep everyone safe.
Whether it is a Master’s Degree, a certification or years of hard-earned knowledge and experience, your path in InfoSec is only just beginning. I say that to everyone regardless of how many years they have worked in the field. Just as the pursuit of medical knowledge is called a “practice,” so is information security. Until all of the vulnerabilities are patched and until all the threats are neutralized, we are all still merely practitioners.
Do you have a Master’s Degree? Excellent! Now, think about how you can improve your skill-set by looking at certifications. Are you a CISSP? Excellent! Now, think about if it’s feasible for you to attain a Master’s Degree. If you can, it will certainly improve your skill-set.
(ISC)2 acted immediately to clarify the information.
As we move more towards a “knowledge economy,” the more you gain, the more you will benefit yourself, your employer, the InfoSec profession and society more generally. Isn’t that our true goal, after all?
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.