A Global Security            Solutions Publication
Chief Security Officer Journal
A Global Career and Data Warehouse for Security Professionals


This Week's Top “Career Opportunities”

1. Associate CIO - Cyber & Privacy Policy / Oversight - U.S. Department of Agriculture
2. CISO & Director of  IT Risk Management - First Horizon


 On-line Educational Opportunities for the Security Professional
         

1. Stanford University - Introduction to Cryptography
2. New York University - Certificate - Information Systems Security
3. Capella University - Certificate in Information Assurance & Security (endorsed by NSA)
4. Iowa State University - Graduate Certificate in Information Assurance
5. University of Idaho - Certificate in Secure and Dependable Computing Systems
6. James Madison University - M.S. in Computer Science; INFOSEC Concentration (endorsed by NSA)
7. University of Maryland - Certificate in Information Assurance
8. DePaul University - Master of Science in Computer, Information & Network Security (endorsed by NSA)
9. Norwich University - Master of Science, Information Assurance (endorsed by NSA)
10. Columbia University - M.S. Computer Science - Computer Security
 11. Capitol College - Master of Science in Information Assurance (endorsed by NSA)
12. Stevens Institute of Technology - Advanced Certificate in Security Management & Forensics
13. ITT Technical Institute - Bachelor of Science in Information Systems Security
14. University of Southern California - Master  of Science in Computer Science (Computer Security)
15. Saint Petersburg College - Certificate in Computer Related Crime Investigations
16. University of Dallas - Master of Science, Information Assurance
17. Walsh College - Master of Science, Information Assurance
18. Stanford University - Advanced Computer Security Certificate
19. Canyon College - Bachelor of Science, Information Technology (Security)
20. Boston University - Master of Science, Computer Information Systems - Security  (endorsed by NSA)
21. University of London - Master of Science, Information Security
22. University of Illinois - Certificate in Security (Information Assurance)
23. Iowa State University - Master of Science in Information Assurance
24. Regis University - Master of Science in Information Assurance
25. University of California, Santa Cruz - Certificate in Systems & Network Security
26. Stanford University - Certificate in Software Security Foundations
27. Villanova University - Master's Certificate in Information Systems Security
28. Harvard University - Security, Privacy & Usability
29. Stanford University - Computer & Network Security
30. Carnegie Mellon University - M.S. - Information Technology - Information Assurance & Security
31. New York University - B.S. Information Systems Management (Network Management & Security)

Articles of Interest for Security Practitioners


Is a Certified Information Systems Security Professional (CISSP) Certification Worth The Time, Money and Effort?

C.L. Freeman, CISSP-ISSAP

Information Technology (IT) Certification Programs have been around for quite a while. Several started out with a bang and then fizzled out after a few years. The Data Processing Management Association (DPMA) certification is a prime example. The main reason why so many Certification Programs have failed to maintain public / private sector recognition, is due to one primary factor: They did not require on-going, documented, “Skills Maintenance”. The “Certified Information Systems Security Professional (CISSP)” certification, awarded by ISC2, is designed to address this challenge.

After you pass the exam and are awarded the "CISSP" designation, there is a mandatory minimum of points you must submit to ISC2 (every three years) to keep your Certification.

The examination is tough and comprehensive. It requires on-the-job exposure and a clear understanding of a wide range of security technologies / concepts. There are prerequisites that must be validated by ISC2 before you are allowed to take the exam.

Don't assume a CISSP certification will suddenly “launch your career to new heights”. It will not help you understand or effectively apply the most important skill you need: Effective application of "Soft Skills". For example, it won’t make you an effective leader or member of a Team. It will not give you a better attitude about your company or your career. You still need to acknowledge and actively manage your soft skills if you hope to realize the full potential this coveted certification has to offer.

Once you have the Certification, you can let the certificate “hang on the wall” or you can use it in a wide range of ways to benefit both you and your company. CISSP certification can further your professional goals in many ways you may not have considered. If you are willing to apply yourself, you can positively impact not only your career, but the future of your company and the careers of others. You can also have a positive impact on the Information Systems Security Profession. Consider the following possibilities:

1. If You Choose, You Can Influence the Future of the Profession

 You can help Professional Security Organizations communicate their message. You can speak at Conferences, Symposiums, Leadership meetings at your company, etc. You now have a credible voice and you can speak if you desire. You can help ISC2 maintain their CBK Curriculum. You can actively influence the careers of Junior Security practitioners. The opportunities to influence the profession at your company and internationally are available, if you choose to seek out and act on available opportunities.

2. Provides the Opportunity to Support Information Systems Security Organizations (Board Member, etc).

 Joining Professional organizations is easy. Pay the fee and you’re a member. You may want to get involved in your local security professional organizations (ISSA, NCMS, etc). The CISSP designation gives you instant credibility when you request “active” involvement in local activities. It can also help if you choose to campaign for a leadership position on the Board of one of these organizations.

3. You Add Value to your Company (this should be your Number One Priority)

 Your “Value” to your organization should be the focus of your all of your efforts. Decisions made by management (concerning you) are influenced by your real or perceived value to your company. You are responsible for ensuring that your contribution continues to support the mission and goals of the company. The CISSP Certification and your focus on effective maintenance of it will only support the view that you are of real value to the company.

4. Recognition by Companies

 Companies (and the Federal Government) are recognizing the value of the CISSP designation. More CIO’s and IT managers are requiring CISSP designation for their IT Security positions. This is evident for staff, middle management and Executive level positions. Search any job site on the internet and you will see the influence this Certification is having on Job Descriptions.

5. Recognition by Peers and Management

 Recognition by Management has it's benefits in terms of your job description / responsibilities, future salary growth and surviving a downsizing or lay-off exercise. It also helps with your working relationship with peers. They will seek you out to gain your prospective on their challenges and approaches to solving them.

6. Credibility if you Author a Paper or Give a Presentation at a Conference, etc.

 The CISSP designation can immediately offer credibility to White papers or Articles you write for Industry publications. You can also be asked to present on Information Systems Security topics at various conferences, symposiums and professional organizations (Local ISSA meetings, for example). Opportunities like this don’t just happen. You must create them by your own action.

7. Keeps You Focused on Learning New Technology and Security Concepts

This is one of the most powerful features of this Certification. Maintenance of your CISSP requires you to take a class, write an article, attend a conference, etc. If you don't, you can lose the designation. Most certifications do not require "Skills maintenance". You can focus your efforts on concepts you have a handle on or take a risk and focus your attention on technologies or processes you don’t feel confident with.

8. Increases Your Chances for Promotion

 As mentioned before, this is only possible if you are taking care of the “Soft Skills”. If you are, CISSP certification will increase your value to the company, therefore, your company will likely consider you in their Leadership planning.

9. Gives You a View of Where You are Strong and Where You are Weak

 Everyone who takes the CISSP examination has admitted that they were strong in various areas, but weak in others. Most are strong in areas that link to their current job responsibilities. CISSPs now have a unique prospective on the "scope" of technologies and concepts a Security Practitioner needs to remain competitive. The CBK is a great roadmap for your professional development plan. Focus on your weaknesses and continue to care and feed your strengths.

10. You Can Define Effective Training Plans for Your Staff

 As noted above, you can plan your professional development strategy to address your weaknesses. However, you can provide effective training plans for your staff and peers who have chosen Information Systems Security as a career path.

11. You Can Teach or You May be Asked to Conduct Research

 The CISSP credential will offer the opportunity to teach others what you know. Your company may ask you to teach a CBK subject to junior personnel (to support their preparation for the CISSP exam). You may be asked to teach a subject at a conference or professional organization. As stated previously, these opportunities don’t just happen. You must seek out all opportunities to keep your skills sharp.


     We want to hear from you. Do you have an article of interest for our subscribers? Please contact the Chief Editor at ChiefEditor@csojournal.net. We use a "Question/Answer" format in all articles.