So what should we do about the CISSP? Fight to destroy it? Or fight to reform it?
Well, some erstwhile critics are trying to reform it by getting elected to the (ISC)² board, displacing the incompetent/corrupt boobs who currently sit there. This started last year with the election of Wim Remes (@wimremes), and continues this year with four more:
(1) Boris Sverdlik (@JadedSecurity) [http://jadedsecurity.net/2012/08/22/isc2-bod-vote-2012/]
(2) Dave Lewis (@gattaca) [http://www.liquidmatrix.org/blog/vote-for-dave/]
(3) Chris Nickerson (@indi303) [http://change.isc4thepeople.com/]
(4) Scot Terban (@krypt3ia) [http://krypt3ia.wordpress.com/2012/08/23/isc2-board-candidacy/]
These people are different than the existing board members for two reasons. The first reason is that they are technically competent, “doers” rather than “managers” or “academics”. The second reason is that rather than cheerleaders for (ISC)²/CISSP, they’ve been vocal critics.
Critics are necessary to the health of any organization. The more criticism is resisted, the more group-think sets in, and the more corrupt it gets. That the (ISC)² is run by cheerleaders and ignores critics has been a grave problem.
The more of these five that get elected to the board, the more they will be able to reform it. You can read their petitions for each of their specific platforms, which are actually fairly minor reforms (like transparency and accountability).
I’m not saying that reform is necessarily a good idea; I’d rather destroy the CISSP. But, if you are a member in good standing with the (ISC)² and want to increase the value of your CISSP certification, then you should probably vote for these guys.
Update: more info here: http://www.novainfosecportal.com/2012/08/23/unofficial-isc2-board-petition-central/
Update: By "doer" I mean "somebody with a published body of work". For example, Wim Remes (who got on the board last year) is a "manager", but he is also the only board member which lists "speaker at Blackhat" as part of his bio. It's this published work that makes him a "doer". We can all check out his published works, his podcast, and his twitter feed in order to judge for ourselves whether he's competent. The same can't be said for the other board members, their competency is opaque for us to easily judge.