Vote for Boris Sverdlik aka JadedSecurity for ISC2 Board

Thursday, August 23, 2012

Boris Sverdlik


I know you must be all shocked to see this and frankly so am I. Wim Remes truly believes that bringing fresh blood to the board is working in a positive way to drive change for the better.

Seeing that Dave Lewis is running (Vote for Dave) makes me feel that instead of sitting on the sidelines and fraking about it I should join the fight to drive change at ISC2.

I’m not going to promise things that I may or may not be able to deliver on, but I can promise I will stick to what I believe is a shared vision in the community for a value add certifying body. In order to change perception of the certification and the certifying body we need to change. The platform that I have is relatively straight forward:

1. The current test does not adequately provide any assurance that the candidate has a firm grasp of real world security as a whole. It is geared towards individuals that are good at memorizing text and being able to test well on the subject. It is very reminiscent of the MSCE/CCNA of the 90s. The format needs to change beyond just being updated with the latest technology. I’d like to see some form of essay driven questions that would truly test the candidates knowledge of real world security problems and identify their logical thinking on how they would address them. This would be akin to the CCIE where candidates are required to actually fix hw/sw problems on Cisco gear to demonstrate aptitude.  This is one of the few ways I feel we can test true knowledge and eliminate the bootcamp mentality.

2. The pre-certification audit process also needs to be updated to provide assurance that the candidate has “real” security experience and to do this we must change the current endorsement process. ISACA requires that candidates have former employers and/or colleagues sign off on the attestation. ISC2 should do the same as this is the only way to attest to experience.

3. CPE requirements should be expanded so that they treat content producers and consumers equally. We produce a daily podcast, yet can only submit one hour of CPEs for the production of the content, while individuals who listen to the podcast can submit per episode. This is somewhat biased and puts off individuals from producing content and contributing to the community. We all agree that to be a good security practitioner you need to always stay up to date on the industry and there are many ways this can be done, outside of vendor driven conferences.

4. Financial Transparency is what we have all been asking for. ISC2 collects annual dues and has a responsibility as every responsible 501(c) to be transparent with accounting.

So Vote for Boris Sverdlik aka JadedSecurity HERE.

Cross-posted from JadedSecurity

Possibly Related Articles:
Security Awareness
Information Security
Certification CISSP Security Infosec Professional Board of Directors ISC2 Boris Sverdlik
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.