​The CISSP is dead. Or at least it ought to be.

I’ve seen multiple discussions from numerous frustrated CISSP holders about the increasingly perceived lack of value for the certification, the way ISC2 seems more focused on fees and money, and the fact that ISC2’s level of service for members is poor and getting worse. Most shockingly on the latter is the fact that members can’t renew due to website issues and then incur hundreds of dollars in late penalties.

This has led to a lot of discussions about whether the CISSP is worth it.

I’ve said my opinion on these threads and I’m putting it here too.

The CISSP is no longer worth the time or money. Nor is the ISSMP (or any of the other ISC2 certifications).

I retired my CISSP and ISSMP in 2011 when I left Microsoft to go independent. Quite honestly, I couldn’t afford the cost of the upkeep on my own.

I can say in all honestly, I haven’t missed it a bit. When you figure I’ve probably saved nearly US$2,000 in retiring it, I can’t say I’ve felt a $2,000 loss in value.

In hiring discussions I’ve never ONCE heard someone say “well, I like this candidate, but she/he doesn’t have a CISSP”.

I’ve never ONCE heard someone say “I got my job thanks to my work with ISC2”.

Most of all, in my direct experience, the CISSP is becoming synonymous with “old white security guy”. It’s becoming a marker that the holder is a security person from the 90s/00s. Granted, I’m one of those people, but pegging yourself as that in this highly competitive, age-conscious market does you no good. And being aligned with a group that exhibits little diversity, little awareness of its lack of diversity, and doing little about it does you no good either.

Granted this is my opinion. But I don’t think I’m alone in this.

Unfortunately, a lot of people are afraid to speak this truth, to let their CISSP lapse because they feel it’s a risk.

That’s reasonable. For me, I feel it’s worth taking the risk to speak the truth. And wasting time and money on an organization that has become self-serving and focused on raking in fees on autopilot doesn’t seem smart to me.

Crossposted to LinkedInMedium and Reddit.