The security certification group has faced criticism from its members regarding the CISSP certification

Dark Reading Staff, Dark Reading

December 6, 2012

3 Min Read

The new year will be bringing some change to the board of directors of the International Information Systems Security Certification Consortium (ISC)2.

The board's recent election has resulted in a mix of old and new blood coming to the board, which come January will include former board member Diana-Lynn Contesti, Hiroshi Yasuda, incumbent board member Corey Schou -- and Dave Lewis, one of agroup of candidates nicknamed the "Four Horsemen" that started petitions to be placed on the ballot and were not endorsed by the board. Of the four, only Lewis garnered enough signatures to be included.

Contesti was also not among the candidates endorsed by the board and got on the ballot after launching a petition for support.

"I was one of those people where I was sitting there going, 'I'm not entirely understanding what the value of the certification is at this point, what am I getting for my annual dues'," Lewis tells Dark Reading.

Not wanting to sit on the sidelines, he decided to run, he says.

(ISC)2 has faced criticism from some its members, particularly in regards to the administration of a certification known as CISSP (Certified Information Systems Security Professional), with some members complaining that the certification is out of touch with the practical realities of the security world. Others have called the organization out regarding issues of transparency.

According to Hord Tipton, executive director of (ISC)2, the CISSP exam has to be constantly updated to reflect changes in technology, threat concerns, and realities such as the boom of mobile devices.

"Each quarter we have workshops that look at the questions ... and each of those are analyzed with respect to success on those questions, the level of difficulty, their relevance, are they current and ... [add] new relevant questions and delete those that become obsolete," Tipton says. "That's an ongoing process of maintaining credentials."

In January, Tipton plans to address some of the issues surrounding testing by bringing a few new ideas before the board for consideration. For example, he says, the fact that tests are now fully computer-based allows the organization to structure questions differently.

"Although the exams currently contain scenario-based questions to test for application of knowledge, additional virtual depictions can test deeper into ones hands on abilities through what we call innovative questions," he explains.

Tipton says there are plans in the works to add new technical credentials and to expand the outreach efforts of the chapters.

"Our chapters will broaden community outreach including security awareness and direct involvement in educational activities in our schools and universities," he says. "Our scholarship program has proved to be very appreciated when awarded to deserving aspiring security professionals and cyber competition winners. These programs will grow with our increasing membership."

Lewis, who works at Advanced Micro Devices and founded Liquidmatrix Security Digest, says there is a disconnect between the organization and some of its members, and that the "shine had gone off the diamond for quite a lot of people."

"I think part of the reason, too, is that the organization as a whole may not have done the best job reaching out to the user base that they could have done, or a very good job of publicizing effectively what programs are going on, and things to that effect," he says.

Though he did not lay out specific plans for any reforms he would push for, Lewis says that part of the reason he was elected was because people want to see some positive change.

"A lot of people voted for me, a lot of people put their trust in me, so I'm going to be on there, and hopefully do a good job for them," he adds.

*This story has been updated.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights