
CISSP certification:Are multiple choice tests the best way to hire infosec pros? - jor-el
http://arstechnica.com/security/2016/07/cissp-certification-how-to-hire-infosec-pros/
======
Godel_unicode
The CISSP was never intended to be a technical cert. It's for managers, to
certify that in the week before the test they learned what most of the words
mean by cramming (and then likely forgot half of them). The funniest part to
me is that I've never met anyone who thought it was actually a good measure of
security knowledge, and yet it's widely acknowledged as the benchmark for
being a security professional.

It's also a great example of the network effect; it's only valuable because
lots of people have one. Therefore, you can use it as part of the HR screen
and still get some people through to interview.

~~~
danpalmer
> The funniest part to me is that I've never met anyone who thought it was
> actually a good measure of security knowledge

I've met CISSP qualified managers who think it's amazing.

------
benbenbenben
I feel the best analogy for CISSP is 'an mile wide and an inch deep'. I was
under the impression it was a baseline certification to filter out those who
don't know the basics.

------
prdonahue
No.

------
internaut
No.

