The CISSP is problematic - kinda.
Take two people…
They are both the same sex and both 20 years old
Train person A for three years to build their entire body muscle mass, then completely stop training
Do not train person B
Wait 10 years
Assume both of those people now have the same muscle mass, RHR, body composition
Begin training both for one year, same level of intensity
Several studies will tell us, Person A will have fewer injuries, and far more muscle mass than B at the end of a year
Thanks, muscle memory.
Other studies show, this is actually true with most things in life.
The CISSP reveals a bit of a flaw in the world of hiring and expectations.
Here’s why:
The CISSP is identified as an expectation, these days, on nearly every single cyber job posting.
Commonly prefaced at the bottom of the job description with:
“What you bring to the table, Who YOU are, Nice to haves, Must obtain with 6 months, REQUIRED”.. etc
The problem is, it’s not a highly technical certification, in fact it’s really focused on leadership. ISC2 does not hide this and, in fact, they make it abundantly clear.
It’s a certification that asks “What would a leader do in these situations?”
“OK. But how is that problematic?”
Well, for starters, it’s a massive undertaking and overly expected on engineering and analyst roles.
Two roles that focus on technical details - they really don’t want to lose those skills - like muscular atrophy - while focusing on studying for the CISSP.
It’s a bizarre reality, perpetuated by misunderstanding.
When I took my pre-asssesment for the CISSP, I missed a passing score by 2%. My weakest domain was no surprise to me - application development.
I scored 100% in 5 of the 8 domains but 30% in App Dev. AGAIN, absolutely no surprise.
Now, I have to turn all of my focus on a few domains to strengthen those skillsets that I…. never use.
At least not yet.
The problem then becomes - what skills will atrophy while I bolster these domains? And something WILL atrophy. There are only so many hours in a day to both learn a new skill and continue to sharpen the edge of your others.
In fact, in my current role, I act as a “generalist” in many ways. I don’t specialize in any particular technical discipline.
Because of that, the edge has dulled in every skillset I have. While, I do have new skills and experiences, my cloud and network security advantages have taken a huge hit.
But there is a silver lining.
A few months ago, I subscribed to an ACG account and walked through the sandbox of the big three cloud providers. Within a few minutes, while atrophy clearly present, I was extremely comfortable.
So it goes - damages of atrophy, quickly reparable by the “muscle memory” of yesteryear.
This, however, made me make the following changes to my routine while preparing for the CISSP:
- Every skill must be touched once a month, in depth, several hours. I call these “dress rehearsals” routines in ChatGPT.
- Every trending skill in the marketplace must be evaluated for value.
- I must hold, semi-technical (AT THE VERY LEAST), conversations with my engineering teams.
- ChatGPT will hold a conversation, solely for the use of testing, and training on this topic while maintaining scores
That’s really it.
Final Thoughts
The CISSP is a 3-6 month gauntlet of surface-level-technical-but-extremely-deep-leadership studying which can easily impact and unfortunately atrophy your technical skills (you know, the actual money makers).
But it is important for most jobs today. Take a look at this site for a better idea…
https://www.cyberseek.org/heatmap.html
It’s really up to you to decide how you of yourself that you want to commit
Just know, muscle memory does exist, you will rebound with little to no injury, and stronger than ever.
Also, there will be pain.
1
print("Shawn L. Donahue")