There are, of course, a myriad of other certifications available for security professionals, but few as notoriously prestigious as the CISSP. There are only about 5,000 professionals worldwide who have been so-certified.
The organisation that hands out the certification, the International Information Systems Security Certification Consortium (ISC)2, is a non-profit group dedicated to training and certifying info-sec (information security) professionals.
Started in 1989 by a group of US and Canadian firms to formulate a certification process for info-sec practitioners, the organisation takes great pains to remain non-vendor-biased, said James Duffy, managing director and chief operating officer of the (ISC)2.
Headquartered in Framingham, Massachusetts, with a European office in London, (ISC)2 conducts CISSP training and exams throughout North America, Europe, Australia, New Zealand and Asia.
"Our whole message is the CISSP as a professional," said Duffy, summing up the organization's mission statement.
The certification is in high demand within the government and consultancy sectors, he claimed, who was formerly vice president, managing information security technology and communications at People's Bank, based in Connecticut.
The organisation's clientele includes consulting firms PriceWaterhouseCoopers, KPMG, Ernst & Young, Deloitte & Touche, as well as multinationals such as Prudential, Exodus Communications.
The US Social Security Administration, Federal Aviation Administration and US Defense Department have also tied up with the consortium to provide training and have their info-sec professionals undergo the CISSP exam. Duffy claimed (ISC)2 is also in talks with other government agencies from countries outside the US, including those in Asia.
With the seemingly enormous demand for CISSPs, it's no wonder that almost all of its graduates see an increase in earning power. In the US, a marked increase of 10 percent of the original salary is typically the minimum, or else a US$8,000 to US$10,000 increase in base salary, said Duffy.
Beyond the pay issue--which would vary from company to company--the certification distinguishes the professional as one with a working knowledge of information security, as well as one who has passed one of the most rigorous exams in the IT industry.
