[toss1941]

There's nothing wrong with the CISSP for what it is, a wide gamut glance into InfoSec, but a lot of hiring managers have been led to believe it holds high technical merit. A few years ago I took a job with my then shiny new CISSP and I was uncomfortably flattered a bit at how much awe it held with people who had no idea what it even was. They assumed I was a master hacker when neither my work nor my resume suggested any such thing.

[tptacek]

What does it actually tell employers, and, for whatever that thing is, how likely is it that having a CISSP is a reliable indicator of that thing?

[toss1941]

I think what it tells employers, who don't know better, is that the person is a Certified Information Systems Security Professional, and they might have heard all government security employees must have one, so it must mean that the people are extremely skilled. In this, I'm not qualified to say but my hunch is, not very likely based on a few untechnical people I know in the last few years who passed the test successfully.

What it should tell employers however is that the person is capable of critical thought and has a light familiarity with a wide range of security concepts.

[tptacek]

Why should I have to pay a pretty significant amount of money at the start of my career to buy a piece of paper that suggests I'm capable of critical thought? In fact: isn't doing the exact opposite of that actually doing a better job of demonstrating critical thinking skills?

[Dagwoodie]

It's difficult for most companies to distinguish a skilled IT worker from a disaster.

[wglb]

So would you want to work for those companies?