In this series, I’ve described my experience with the CISSP, including studying for the exam, writing exam questions and books, and earning CPEs. In this final part, I describe my work in helping others learn about information security and earn the CISSP certification.
There are too few of us in the information security field. While I’m not going to argue the reasons or the size of the shortfall, each of us in the profession can do our part to ease the situation.
If you have the CISSP today, you are a role model to others who aspire to earn it someday independently. As a role model, others will see how you behave and conduct yourself according to the (ISC)² code of ethics. As I’ve said in my books, those of us in more senior positions in information security lead by example.
We can help aspiring security professionals advance in many ways. Besides leading by example, we can take someone under our wing and mentor them as they try to discern their career direction and figure out how to achieve their goals. We can organize or support a CISSP study group (something I’m doing at my place of employment today). We can teach a course on information security to those who want to pivot their career from IT into information security. We can help others study for the CISSP and help them understand the required concepts.
Over twenty years ago, my colleague Bob Maynard loaned me his personal notes for months (I did gratefully return them), and others answered questions on topics I was still learning. Go and do so likewise: as one or more persons helped you earn your CISSP, make it a point to help others do the same.
Part 1: studying for and taking the exam
Part 2: writing CISSP exam questions.
Part 3: proctoring CISSP exams.
Part 4: writing a CISSP study guide.
Part 5: earning the CISA and other certifications.
Part 6: continuous education and CPE recordkeeping.