Just to broaden the discussion a bit I think that SANS has an interesting
approach. After the initial certification an annual recertification is
required. The recertification test is a fraction of the cost of the initial
test.

The certification then has a certified since date (much like an American
Express card). Thus someone certified for two years (the certification is
only two years old) will have shown competence through both years. Any
changes from year to year are covered by the recertification.

-jeremy

-----Original Message-----
From: Chip Carpenter [mailto:security@powermmv.com]
Sent: Monday, July 02, 2001 9:01 AM
To: afletch@farm-credit.com; cisspstudy@securityfocus.com
Subject: Re: 3-year rule

Also, tech moves at such a speed that a 3 year old certification if unused,
is worthless. If you have used it, then your resume should speak for
itself.
-chip

At 08:05 AM 6/29/01 -0700, afletch@farm-credit.com wrote:
>Re: The 3 year requirement: I think it's a good idea. The IT world has
>become so certification conscious that many people are simply collecting
>certifications like a stamp collector collects stamps. I don't know if
>it's the intent of the 3-year rule to mitigate this tendency or not, but if
>it were adhered to (and it's not) it would go a long way towards ensuring
>that the candidate was serious about Information Security. Just my $0.02
>worth, and worth every cent of it!! ;-)
>
> On 6/29/2001 Tom Watson wrote:
>
> [SNIP]
>
> >On a separate issue what are people's views about the 3+ year rule for
the
> >CISSP? I don't have that experience but I am more than confident in my
> >knowledge of the CBK and my ability to pass the CISSP. Surely an employer
> >looking at my CV/resume is capable of identifying the extent of my IS
>based
> >experience, and as such, why impose this restriction on those wishing to
> >attain certification of their IS knowledge?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]