One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 1707593 |
| Date de publication | 2020-05-13 15:31:34 (vue: 2020-05-13 20:08:46) |
| Titre | CISSP is at most equivalent to a 2-year associates degree |
| Texte | There are few college programs for "cybersecurity". Instead, people rely upon industry "certifications", programs that attempt to certify a person has the requisite skills. The most popular is known as the "CISSP". In the news today, European authorities decided a "CISSP was equivalent to a masters degree". I think this news is garbled. Looking into the details, studying things like "UK NARIK RQF level 11", it seems instead that equivalency isn't with master's "degrees" so much as with post-graduate professional awards and certifications that are common in industry. Even then, it places CISSP at too high a level: it's an entry level certification that doesn't require a college degree, and teaches students only familiarity with buzzwords used in the industry rather than the deeper level of understanding of how things work.Recognition of equivalent qualifications and skillsThe outrage over this has been "equivalent to a master's degree". I don't think this is the case. Instead, it seems "equivalent to professional awards and recognition".The background behind this is how countries recognize "equivalent" work done in other countries. For example, a German Diplom from a university is a bit more than a U.S. bachelor's degree, but a bit less than a U.S. master's degree. How, then, do you find an equivalent between the two?Part of this is occupational, vocational, and professional awards, certifications, and other forms of recognition. A lot of practical work experience is often equivalent to, and even better than, academic coursework.The press release here discusses the UK's NARIC RQF framework, putting the CISSP at level 11. This makes it equivalent to post-graduate coursework and various forms of professional recognition.I'm not sure it means it's the same as a "master's degree". At RQF level 11, there is a fundamental difference between an "award" requiring up to 120 hours of coursework, a "certificate", and a "degree" requiring more than 370 hours of coursework. Assuming everything else checks out, this would place the CISSP at the "award" level, not a "certificate" or "degree" level.The question here is whether the CISSP deserve recognition along with other professional certifications. Below I will argue that it doesn't.Superficial not technicalThe CISSP isn't a technical certification. It covers all the buzzwords in the industry so you know what they refer to, but doesn't explain how anything works. You are tested on the definition of the term "firewall" but you aren't tested on any detail about how firewalls work.This is has an enormous impact on the cybersecurity industry with hordes of "certified" professionals who are none-the-less non-technical, not knowing how things work.This places the CISSP clearly at some lower RQF level. The "RQF level 11" is reserved for people with superior understanding how things work, whereas the CISSP is really an entry-level certification.No college degree requiredThe other certifications at this level tend to require a college degree. They are a refinement of what was learned in college.The opposite is true of the CISSP. It requires no college degree.Now, I'm not a fan of college degrees. Idiots seem capable of getting such degrees without understanding the content, so they are not a good badge of expertise. But at least the majority of college programs take students deeper into understanding the theory of how things work rat |
| Envoyé | Oui |
| Condensat | 120 1970s 1980s 370 about above academia academic achievement actual actually all along alternate any anything applications are aren argue around associate associates assuming attempt attention authorities award awards bachelor bachelors background bad badge been behind bell below beneath better between big bit bits bonus: but buzzwords can candidates capable case cases certificate certificates certification certifications certified certify checks cissp clearly closer college common component computer computers concept concepts conclusioni conferring considerable content contrast contribution conversely convince convincing corruptthere countries course coursework covers crap credit critic criticizing crooked cybersecurity days decided deeper defeating definition degree degrees deserve deserves detail details determined difference different diplom from disappeared discerning discusses doesn don done easily effective effort efforts either else enormous enough entire entry equivalency equivalent equivalent qualifications european evaluate even everyone everything evolving exaggerate example experience expertise experts explain familiarity fan far find firewall firewalls first fix forms framework from frustrated fudge full fundamental future garbled generation german get getting good gotten government graduate granting groked grossly has have having here high higher hire hold holders hordes hours how however idea idiots impact implying important industry inexperienced insist instead institutions interpreted involved isc2 isn issue its job jobs judge just know knowing knowledge known layer lead learn learned least leave less level level: like little longer looking lot low lower mainframes majority makes managed managers many marketing master masters means minority model monopoly more moreover most moved much must naric narik near neither network never new news next nobody non none nor norm not notable notoriously now nowhere occupational often ones only opaque openness opposite organization organizations osi other out outdated outdatedin outrage over own padula paid part parties people perfect person personal place places point popular post practical press probably problems profession professional professionals programs promises putting question rapidly rather reach really recognition recognize refer refinement regarded regularly release rely replaced require requiredthe requires requiring requisite reserved responsibilities rise route rqf run same say saying says science security seem seems session should single skills skillsthe some spend standard standards students studying succeed such sufficient superficial superior sure take talented talking teaches teaching teams tech technical technicalthe tell tend term test tested tests than that them themselves then theory there therefore these things think third those though thought thousands today ton too top transparency tries true two undergraduate underneath understand understanding understands universities university upon use used useless value values various vocational what when where whereas whether which who why widely will without words work worked works world worst worth would year years |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.