top of page
Search
Writer's pictureNick Lorizio

Moving Beyond CISSP: Developing Comprehensive Cybersecurity Programs

The Certified Information Systems Security Professional (CISSP) certification has long been touted as one of the most prestigious and valuable credentials in the information security industry. However, when it comes to preventing cybersecurity attacks from foreign adversaries, the CISSP is essentially useless.


First of all, the CISSP is an exam-based certification that focuses primarily on theoretical knowledge and best practices. While this is useful for developing a foundational understanding of cybersecurity, it does not necessarily translate to practical skills that can be used to prevent cyberattacks. Cybersecurity threats are constantly evolving, and foreign adversaries are often at the forefront of these attacks. This means that cybersecurity professionals must be able to adapt quickly and respond to new threats in real-time. The CISSP certification does not provide the hands-on experience required to do this effectively.

Furthermore, the CISSP is often seen as a "check the box" certification that is required for certain job roles or government contracts. This has led to a proliferation of CISSP-certified professionals who lack the practical skills and experience necessary to prevent cybersecurity attacks from foreign adversaries. Simply having a CISSP certification does not mean that an individual is capable of defending against advanced cyber threats.


In addition, the CISSP certification is often criticized for being outdated and out of touch with current cybersecurity trends and threats. The exam is based on a body of knowledge that was developed in the late 1990s and early 2000s, and has not been updated significantly since then. This means that the certification does not necessarily reflect current best practices or emerging threats in cybersecurity.



Finally, the CISSP certification is not a guarantee of competency or professionalism. While it is true that individuals who hold the certification have passed a rigorous exam and met certain requirements, this does not necessarily mean that they are ethical or trustworthy. The information security industry is plagued by issues of professional misconduct, unethical behavior, and criminal activity. Simply holding a CISSP certification does not guarantee that an individual will act in a professional or ethical manner.


In conclusion, the CISSP certification is essentially useless when it comes to preventing cybersecurity attacks from foreign adversaries. It is a theoretical certification that does not provide the hands-on experience, practical skills, or current knowledge necessary to defend against advanced cyber threats. It is often seen as a "check the box" certification that is required for certain job roles or government contracts, and does not necessarily reflect competency or professionalism in the field. The information security industry needs to move beyond the CISSP and focus on developing comprehensive cybersecurity programs that address all aspects of cybersecurity, including technical, organizational, and policy-based solutions.

44 views0 comments

Comments


bottom of page