In my 25 years of experience serving MNCs and small businesses alike around the world, I have met fantastic practitioners who are CISSP certified and those who are not CISSP certified. I have also presided over a harrowing experience of protecting an organisation from a live cyberspace attack and bringing the situation back to business-as-usual. Believe me, during those stressful moments, the first thing that struck my mind was definitely not what certifications I hold, but how I could effectively quell the attack with minimum disruption to the business.
CISSP® - Certified Information Systems Security Professional - is a globally recognized certification in the field of information security, hosted by (ISC)2.
It has ten domains:
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
The CISSP® examination consists of 250 multiple choice questions with four (4) choices each, within 6 hours.
Multiple choice question style of examination is efficient and highly scalable, and so can be extended worldwide to measure and certify information security professionals,
However, in real life, I have not had a problem that is so explicitly stated that it comes with four possible answers, out of which one will be definitely correct and the other three definitely wrong. Real life is a lot fuzzier and ambiguous, and often, we will not even know what the real problem is on the outset. Usually, we confront a 'situation', interprete it and construct a scenario based on the information that is obtained or presented before us. Sometimes, there are information that we have failed to uncover, and/or information that are deliberately kept away from us.
So is CISSP bad? No.
Is it super? No either.