…or at least put in a home for retired security pundits where someone can make sure I take my medication on time, so that I stop pontificating about security issues even though no one is paying me to any more and I have lots of other writing projects demanding my attention. Still, after writing about Robert Slade’s work on preparing CISSP candidates for the exam they have to take as part of the qualification process, I found myself needing to revisit an article I wrote when I originally abandoned my subscriptions to the two organizations that enabled me to add three extra initialisms to my signature.
The article noted the official end of an era, though it was a very minor ripple on the surface of the Sea of Security. As of the end of August 2014, I was no longer entitled to put the initialisms CISSP, FBCS, or CITP in my signature. (In fact, I hadn’t been using those manifestations of alphabetti for quite a while before, in anticipation of that day. Or, more precisely, the 31st August.)
There’s nothing sinister about this: I hadn’t been drummed out of (ISC)2 or the BCS Institute for conduct unbefitting a computer security guru: I was simply dropping my annual subscriptions to those organizations. I was and still am in sympathy with the general aims and ethics of both organizations. There are many otherwise rational people in the security business who are dismissive of any form of certification that results in an artificially lengthened signature, but I’m not one of them. These particular initialisms acknowledge many years of working to improve the security of the organizations for which I’ve worked since 1986 and the community as a whole: I’m honoured by that recognition of whatever I may have achieved in that time, and refuse to be ashamed of having been entitled to use them. So why was I letting them go?
First, let me save you anxiously searching the web for an explanation of all those initialisms:
- CISSP = Certified Information Systems Security Professional: a certification awarded by (ISC)2 (formerly the International Information Systems Security Certification Consortium) to security professionals who meet the required criteria in terms of knowledge (as tested by a lengthy exam), relevant experience (at least 5 years), compliance with the ISC)2 code of ethics, endorsement by a member in good standing, and maintenance of your own good standing by earning at least 20 CPE (Continuing Professional Education) credits each year and keeping up to date with the subscription fee.
- FBCS = Fellow of the BCS Institute (formerly the British Computing Society): to quote the Institute’s own criteria, Fellows “demonstrate leadership in the profession by influencing significant numbers of professionals and/or others to achieve common goals, understanding or views within the IT profession.” So maybe all those books do count for something, even if they didn’t benefit my bank balance much.
- CITP = Chartered IT Professional: I was actually grandfathered into this certification, also awarded by the BCS Institute, because I met the requirements for acceptance as a Fellow. I’m not sure if BCS still does that: the normal CITP process is quite stringent, and has in fact been made more demanding in recent years.
So, to answer the question “why was I dropping my subscriptions?”, I first have to make a confession. I didn’t maintain those subscriptions out of some purely altruistic desire to further the aims of (ISC)2 and the BCS, though of course I’m happy that my money went towards the attainment of goals that I’m generally in sympathy with. But – shock! horror! – my primary aim was to demonstrate that I had certifiable skills and acknowledged achievements that gave me credibility in the eyes of my peers and enhanced value in the job market. Like most people, even the good people who run (ISC)2 and the BCS (not to mention other organizations like ISACA and SANS), I had to make a living, though I’m fortunate in that I was able to do so by doing work that I enjoyed and (I like to think) for which I have – or at least had – some ability. Over the last year of my subscription, I made a cost/benefit analysis (as all CISSPs are taught to do!), and while the cost of those subscriptions wasn’t high, the benefits (to me personally) were not what they were:
- I was already past the age where I could, if I chose, have been drawing my state pension. When either ESET – where I still held the title Senior Research Fellow – or I chose to terminate our current arrangement, it was unlikely that I’d look for another job. (I didn’t!) If I had, it probably wouldn’t have been in security. And if it had been in security, it certainly wouldn’t be the sort of managerial role where being a CISSP is often sine qua non.
- I hadn’t been seriously engaging with BCS for some time, at any rate not at the level where being a Fellow mattered. And I didn’t see myself as a candidate for the sort of academic milieu where being FBCS might carry weight.
- I no longer found it amusing to flaunt my alphabetti on those lists where it’s assumed that anyone with the letters CISSP after their name must be either a cheat or an idiot with delusions of grandeur and competence. Or, according to one person who commented on one of my articles for ESET, as compensation for underdeveloped genitalia. I can’t imagine how he knew. 😉
- I actually have certifications that don’t entitle me to a string of acronyms or initialisms. Not that I was ever likely to look for work as a security auditor (for instance) at this stage, but it was time to relegate all this stuff to my c.v., which I haven’t needed for a long time now and don’t anticipate needing much in the future. And wikipedia, maybe. 🙂
So from then on, I had to stand or fall by the quality (or lack of it) of my published work. But then, most of the time, I always did. And if I feel the need to expand my signature, I’ll have to fall back on my humble BA. (Now that’s a qualification I am proud of, having completed it under stressful circumstances: that is, as a new parent with a full-time job.)
I probably won’t return to the topic of certifications, though I addressed it at some length in a chapter in the AVIEN Guide,.
David Harley
The Geek Peninsula 