I took a 5 day course, studied for 2 months, and spent quite a bit of time stressing about passing the test for my CISSP. It was a good experience and I’m glad I did it – but the time has come to let it go. The problem is, it hasn’t done anything for me and it requires a fair amount of ongoing effort to maintain. Doing the work to keep up on the CPE’s is fine if you are in the security industry – I’m not. I was at one time, but not anymore and it’s not where I’m interested in being. I can fire up SANS webcasts and let them run on mute in the background on my computer to get CPE’s – but that’s just lame.
So, I’m letting it go. I’ve thought a lot about this and it would be different if I had ever had an opportunity that appeared to be gained by having the certification. I haven’t. If the knowledge I gained from the certification helped me do my job. It doesn’t. If people even cared that I have the certification. They don’t (except for one guy in Korea who I had BBQ with at 4am, he seemed excited about it). And lastly, if I ever thought I was going to go after a security job – but I’m pretty sure I’m not.
I think certifications have their place and I applaud anyone who goes out and earns them. I just personally have better things to do with my time than maintain something that really hasn’t added any value to my career. I encourage others to seek out certifications that do add value to their career and I encourage those who help maintain certifications to keep them evolving & continue to challenge folks to get them and keep them.