Why you should sit and study for CISSP

January 23, 2016 in Preaching, Security Control

Almost every day I see people on social media whining about the antivirus or firewall being outdated, not working, etc.

This puzzles me.

Logs of these security controls show these controls work just fine. They detect, block and remove a lot of stuff.

Not everything, but lots of it.

This is how security controls work. They cover lots, but not everything.

The fact 0days are being found in the security software does not change the fact they are offering a huge benefit to any organization that runs an open ecosystem (people can install or run code w/o any restriction). Imagine the world w/o them and the internet and all services delivered via this channel collapse.

I start to think that most of people who complain about security controls don’t really understand their function.

Enter CISSP.

I advocate that every single IT security specialist should study CISSP material. You may sit the exam if you want, or not – who cares – but fundamentally, at least eyeball the material to get familiar with the security concepts presented there.

They are the core concepts.

They tell you that the world is NOT perfect and teach you what expectations you should have towards security controls.

They prepare you to recognize threats and manage risk.

They convert you from a techie frog sitting in a comfortable well of your personal interest and hobby into a professional connected to a real imperfect world where shit happens on regular basis, no matter what you do. It’s all about handling it gracefully.

Comments are closed.