This article can also be found in the Premium Editorial Download "Information Security magazine: Spotlight on the incident response hot seat."
Download it now to read this article plus other related content.
For five years, James E. Duffy has been the face of (ISC)2 and its vaunted CISSP certification. As he passes into retirement, the CEO and president of the security certification body reflects on the expansion of the CISSP's ranks to more than 33,000 worldwide and where the gold standard of security certifications should go in the future.
Retirement is a time for reflection. How will you reflect on your (ISC)2 tenure?
I certainly will look back with pride that, under my leadership, we've grown from a small community that was primarily U.S.-centric to a strong, well-respected international certification. We've reached a point where companies make hiring decisions based on the CISSP certification. I'm also very proud of our international growth. When I took over, we had 300 CISSPs outside the U.S. That number has grown to more than 12,000 in 110 countries. I've worked very hard to build alliances around the world.
With such rapid growth in the CISSP ranks, is there a concern of watering down the certification's importance or prestige?
We have just touched the surface of the information security practitioner population. Our workforce study determined that there are 1.3 million information security practitioners around the world. Let's say 10 percent show interest in becoming a CISSP; that's only 130,000. We've only scratched the surface.
What shape is the CISSP in today, and what work remains to be done?
The CISSP is in the best shape it's been in--not that it was ever in bad shape. We still need to increase the rigor, offer it in more languages and promote the certification concentrations, such as the Information Systems Security Architecture Professional (ISSAP) and Information Systems Security Management Professional (ISSMP). (ISC)2 must also focus on constituent services. This year, for the first time, we will recertify more people than we will certify. We must continue to inform practitioners of the value of having the cert to make them want to retain it.
Study for the CISSP exam with our free online course at searchsecurity.com/CISSPessentials.
This was first published in March 2005