[tptacek]

If you're interested in someone else's take on this: don't get a CISSP, and ISO 27001 is generally something a company gets, not a person.

[unixhero]

True, it would be more toward security leadership in things like CISO roles or equivalent.

Yet if one takes them, they will certainly help.

[tptacek]

Again, just in case you're interested in a second take on this, no.

[iJohnDoe]

Why no? CISSP is often requested on job postings for cybersecurity.

[tptacek]

They're disproportionately requirements for the worst, lowest-status jobs in cybersecurity, and many of the best known and "highest placed" practitioners in the industry (not just in vuln research and xdev but also in management) don't have one.

[hollerith]

What does "xdev" mean, please?

[kasey_junk]

Exploit development

[unixhero]

I am intersted in your version of my answer. I don't think picking at elements from my list and just saying "no" is fruitful.

[tptacek]

I disagree, and am deliberately not trying to start a protracted debate here. I'm just offering a data point, nothing more.

[unixhero]

Well, it seems we have arrived at an impasse.

[tptacek]

No, we haven't. We disagree about something, but there was never a premise that we would agree. It's fine for us to disagree! We're two different data points, nothing more or less. An "impasse" implies there was a further destination for us to reach, if only we found common ground. Not so!

I think we sometimes look past how valuable it is to just have two clearly stated, conflicting views on an issue, without a day long effort to unify or persuade them.