So another year and another ISC2 Board Nomination. I know I’ve been pretty much off the grid the last year, dealing with health and family stuff.. I am still 100% dedicated to the cause and with the new year coming up I’d like to throw my name in the ring again. We came awfully close last year, so let’s see if we can do it again. My platform is the same and I’d love to join Wim Remes and Dave Lewis to be your representative on the board.
Boris Sverdlik CISSP# 70063 as of 2/2005
Thank you again for all your support.
To nominate me for the Ballot:
1) Send an email to firstname.lastname@example.org pledging your support! THANKS in advance.
2) Subject: 2013 ISC2 Board of Directors Petition
3) Message Text: I’d like to nominate Boris Sverdlik for the 2013 ISC2 Board of Directors. My E-mail address is on file with ISC2 and my CISSP# is $
I’m not going to promise things that I may or may not be able to deliver on, but I can promise I will stick to what I believe is a shared vision in the community for a value add certifying body. In order to change perception of the certification and the certifying body we need to change. The platform that I have is relatively straight forward:
1. The current test does not adequately provide any assurance that the candidate has a firm grasp of real world security as a whole. It is geared towards individuals that are good at memorizing text and being able to test well on the subject. It is very reminiscent of the MSCE/CCNA of the 90s. The format needs to change beyond just being updated with the latest technology. I’d like to see some form of essay driven questions that would truly test the candidates knowledge of real world security problems and identify their logical thinking on how they would address them. This would be akin to the CCIE where candidates are required to actually fix hw/sw problems on Cisco gear to demonstrate aptitude. This is one of the few ways I feel we can test true knowledge and eliminate the bootcamp mentality.
2. The pre-certification audit process also needs to be updated to provide assurance that the candidate has “real” security experience and to do this we must change the current endorsement process. ISACA requires that candidates have former employers and/or colleagues sign off on the attestation. ISC2 should do the same as this is the only way to attest to experience.
3. CPE requirements should be expanded so that they treat content producers and consumers equally. We produce a daily podcast, yet can only submit one hour of CPEs for the production of the content, while individuals who listen to the podcast can submit per episode. This is somewhat biased and puts off individuals from producing content and contributing to the community. We all agree that to be a good security practitioner you need to always stay up to date on the industry and there are many ways this can be done, outside of vendor driven conferences.