Thank you for all of the signatures received thus far. I will be sending out individual e-mails with a thank you as well as a request for a reply confirming your signature.
Spoke to @wimremes this morning and just got a call from @secwonk who is also on the board. It turns out that the webform is not compliant with the voting process as it can lead to fraud. To submit your vote, please send an e-mail email@example.com with your Full Name and CISSP number in the body of the message. This will be enough to count as a signature. THANK YOU all in advance..
The four horsemen of the Impeding Infosec Apocalypse
Don’t forget there are four spots available. We all desperately need your signatures to get on the ballot
Dave Lewis aka @Gattaca Vote Here
Scot Terban aka @Krypt3ia Vote Here
Chris Nickerson aka @indi303 Vote Here
Boris Sverdlik aka @Jadedsecurity send an e-mail to firstname.lastname@example.org
I know you must be all shocked to see this and frankly so am I. Wim Remes truly believes that bringing fresh blood to the board is working in a positive way to drive change for the better. Seeing that Dave Lewis is running (Vote for Dave) makes me feel that instead of sitting on the sidelines and bitching about it I should join the fight to drive change at ISC2.
I’m not going to promise things that I may or may not be able to deliver on, but I can promise I will stick to what I believe is a shared vision in the community for a value add certifying body. In order to change perception of the certification and the certifying body we need to change. The platform that I have is relatively straight forward:
1. The current test does not adequately provide any assurance that the candidate has a firm grasp of real world security as a whole. It is geared towards individuals that are good at memorizing text and being able to test well on the subject. It is very reminiscent of the MSCE/CCNA of the 90s. The format needs to change beyond just being updated with the latest technology. I’d like to see some form of essay driven questions that would truly test the candidates knowledge of real world security problems and identify their logical thinking on how they would address them. This would be akin to the CCIE where candidates are required to actually fix hw/sw problems on Cisco gear to demonstrate aptitude. This is one of the few ways I feel we can test true knowledge and eliminate the bootcamp mentality.
2. The pre-certification audit process also needs to be updated to provide assurance that the candidate has “real” security experience and to do this we must change the current endorsement process. ISACA requires that candidates have former employers and/or colleagues sign off on the attestation. ISC2 should do the same as this is the only way to attest to experience.
3. CPE requirements should be expanded so that they treat content producers and consumers equally. We produce a daily podcast, yet can only submit one hour of CPEs for the production of the content, while individuals who listen to the podcast can submit per episode. This is somewhat biased and puts off individuals from producing content and contributing to the community. We all agree that to be a good security practitioner you need to always stay up to date on the industry and there are many ways this can be done, outside of vendor driven conferences.
4. Financial Transparency is what we have all been asking for. ISC2 collects annual dues and has a responsibility as every responsible 501(c) to be transparent with accounting.
So Vote for Boris Sverdlik aka JadedSecurity