ISC2 and CISSP maintenance

I just finished listening to a Packet Pusher’s Healthy Paranoia podcast “To CISSP or not to CISSP” and reading the several referenced articles bashing the certification. The podcast featured Wendy Nather of 451 Research who declared on her Idoneous Security blog that she would not be paying her CISSP maintenance fee this year (which I think was the genesis for the cast). So if you want to hear the over-the-top Greg Ferro and crew bash yet another established icon of the IT industry, check it out.


 For me, it was just the same old tired rehash of the certification argument. The more interesting points came out in Wendy’s blog where she questions the value of forking over the annual fee.

It still chafes me to think of paying good money every year to be allowed to do something I don’t want to do anyway: put letters after my name. At this point, CISSPs are so common, they’re like a bachelor’s degree: if you have to brag about it, you probably don’t have anything else going for you… You don’t have to keep maintaining a college degree; once you’ve obtained it, that’s good enough for anyone who requires it.

I, too, question this yearly contribution. I value the cert and don’t regret the initial expenses there, but what value does (ISC)2 provide in return for the continuing fees? At least with the CISM and CISA, I still get access to an ever-expanding volume of information produced by ISACA (although that comes with membership rather than the cert). I will keep paying my fee as along as I stay in the industry, but I will gripe about it and continue to expect more from ISC2.

For a chuckle, catch Javvad Malik’s mocking video on the benefits of the CISSP…