Cyber Management Alliance’s CEO and co-founder, Amar Singh, talked to Adrian Davis, Managing Director EMEA at (ISC)2 about their new CISSP and SSCP qualifications, and the changes that were implemented in 2015.
(ISC)2 is a professional body that serves members globally. From Adrian’s point of view, it is an organisation that helps create a profession that is defined by a common body of knowledge, a code of ethics and behaviour, and a set of requirements for entry and continuing practice. The organisation encourages people to follow the ethics, laws and regulations of the organisations and countries in which they work.
Whilst it is possible to become a member of (ISC)2 through their Regional Chapters, most people become a member by passing an exam. This can either be the SCCP qualification, which is an entry level stage for people with one year’s experience and a broader range of general knowledge, or the CISSP qualification which requires five years’ experience, or four years’ with a recognised college/university degree.
The CISSP qualification is the benchmark that is renowned worldwide. It’s is more than just book learning; it also tests your level of knowledge learnt from experience. But becoming a member of (ISC)2 is more than that, according to Adrian. He believes that membership is about the ‘5 Es’ – Education, Experience, Exam, Endorsement and Evolution. You need a certain level of Education and Experience to be able to sit the certification; you need to pass the Exam; you need to be Endorsed by a current member of (ISC)2 who will back-up your experience and knowledge. With these you’ve earnt the right to put CISSP after your name, but it doesn’t end there. Adrian believes that you need to keep learning, the Evolution stage. Without learning, it is harder to satisfy the demands of the industry and he strongly says that there is a moral incentive to keep developing your skills and to give back to the community your knowledge.
The New CISSP
(ISC)2’s qualifications are reviewed on a regular basis. Adrian explains that they have a process whereby they call in experts from around the global, i.e. those who revise the CBK, those that advise how jobs and demands are changing. They pull together their valuable information and release updates to their qualifications.
The CISSP and SSCP were significantly overhauled in 2015 and have been reduced in terms of the number of domains – CISSP now has eight domains whilst the SSCP now has seven. But Adrian is quick to reassure that that doesn’t mean the content has been reduced; actually, it’s the opposite. More content has been added but they have re-organised and refined how it is presented, highlighting key areas of learning for an information security professional. But he was also quick to reassure members don’t need to re-take the exam, but do need to keep up their CPEs through the use of their webinars and online sources.