I am studying for and will take my CISSP exam because I want to maintain a career differentiator. I recognise that at a high level, your degrees, certifications, and other stuff don’t matter as much as what you’ve done and who knows that. At a high level, it is about who you know and how much they trust you.
Taking and passing the CISSP is not going to make me a CISO, if that is what I pursue. Nor will it be the differentiator on a job. But it still is valuable.
It is valuable because customers ask our consultants to prove their knowledge and the CISSP is a good generalist certificate to have to prove that knowledge. It is valuable because it requires long-term, focused, generalist study, ensuring I can talk about many security domains. It’s valuable because if I have to leave my job I can fairly easily get a new one.
A key reason I’m taking the time to study, sit in a course, and take the test is because my company is paying for it. I do not mean that I am taking advantage. Quite the opposite. Corporate finance is strict. The company would not pay for the CISSP unless the company found value in it. Will CISSP make me a hacker? No. Will it make me a good executive? No. But there is value and the company clearly values it enough to take many people through certification. The company sees value in it, and the company as experience, insight, and resources that I don’t have. At some level, trust that they wouldn’t choose to throw money away. The CISSP is good for them. And at some level, that means it’s good for me and you.
The CISSP is not a magic bullet. It is generalist. It won’t make me a good architect or consultant. It will just force me to re-study a lot of the stuff I’ve studied in my work life and my master’s degrees.
It won’t make me a hacker. It won’t make me amazing. (Hint: I can’t be made amazing; I already am amazing.)
But that’s okay. If you have the time, energy, and support to study CISSP, do it. You’ll learn a lot, you won’t get rejected from a job because of it, and it proves you know enough to pass a test, which counts for something.