ECCouncil C|CISO Certification

The ECCouncil announced C|CISO  a new certification for Cheif Information Security Officers (CISO) and those who want to be CISOs.

The certification is focused on five domains:

  1. Governance (Policy, Legal & Compliance)
  2. IS Management Controls and Auditing Management (Projects, Technology & Operations)
  3. Management – Projects and Operations
  4. Information Security Core Competencies
  5. Strategic Planning & Finance

As you can tell from my “about” page, I’m not against certification.   I’m taking a rather cynical view on this one.   It seem designed to shear the sheep whose career aspiration is wrapped into one sentence.  “I want to be a CISO.”   You see them at Gartner conferences in their suits. 

When talking about certification vs education vs experience there can be arguments about technical positions and hireability.   I can’t imagine a time when a CISO candidate needs to worry about having this certification or they wont get by HR.  (that is the definition of ‘you dont want that job anyway’).   Skills in those domains are necessary for a CISO.   You prove those skills in the interview and references not with a piece of paper.