The Only Security Certification That Matters
and it doesn’t exist (yet).
Maybe you have a career in cyber security, or maybe you want to pursue one. Maybe you are pursuing higher education, or maybe you are learning in your mother’s basement.
That’s not what this is about.
This is about the person who has neared the pinnacle of their calling, and that calling is senior digital security leadership. By what benchmark do we identify those who are truly worthy?
CISSP? CISM? OSCP? Security+ (please…)
These all serve a purpose (I suppose) but the one which needs to exist, and didn’t exist until I hit the “Publish” button is the ISSS.
I’ve Seen Some Shit: a Certification of Experience
I’ll be focusing on the full career path ISSS (FCP ISSS) for those who have hit Director-level (or equivalent) or higher. You have to have come up through technology and security, not stepped in sideways after managing a project team or other non-technical role. You have to be a purebread.
No security Muggles.
What might questions look like on this test?
Here are some examples, straight from my Notepad.exe which I typed up a few minutes ago. Score a point for each scenario you’ve seen. Score an extra credit point for items in [brackets]:
- Have you had to run an incident where sensitive data was at significant risk of being exfiltrated? [Was the root…