I have just received notice that my CISSP certification has lapsed. Obtaining this certification involved a reasonable amount of study, for a six hour exam covering 250 multiple choice questions. To maintain certification, you need to log “Continuing Professional Education” credits – a total of 120 over three years. Credits are obtained for taking course, reading books, attending conferences, etc. Apparently you can even get them for reading security blogs, of which I currently follow at least half a dozen.
Should be easy right? Well apparently it is 120 over three years, but you must log at least 20 each year. And I happen to have a little bit of a gap in my CV…thing was I probably did enough reading over that time anyway, but I don’t have notes to verify it. Hell, at one stage I managed to renew my CCNP, despite not having logged into a router for over a year, and not having done any real Cisco work for 3 years.
A lot of it is done on trust – only some people get audited to check they have actually done the training they say they did. So I could have just made something up, but that would have been a clear breach of ethics.
Oh well. If you’re looking to hire a CISSP, you’ll have to look elsewhere I’m afraid. Maybe I’ll re-sit the exam one day. Only problem is, it’s only held once or twice per year in NZ. Even in the UK, I had to fly from Edinburgh to London to sit it. We’ll see what happens in the future, if my career path seems to require it.