When we were building our managed security service we had many of the team go through CISSP and GIAC as a way of proving externally that our staff were expert practitioners. However, there wasn’t always a direct link between the ability to take an exam and the ability to handle a cyber security incident so I’d always weight relative experience higher than certifications…:
[…] “The CISSP is considered the gold standard of cybersecurity certifications, and for good reason. While the structure of the certification and much of the theoretical components of the CISSP have held firm over the years, as cybersecurity has evolved, so too have many of the elements of the certification. The Common Body of Knowledge (CBK) for the CISSP, which constitutes all of the material that is assessable during the exam, is constantly updated to reflect the ever-changing nature of cybersecurity.
While the CISSP originated in the US, its relevance to the global industry, the depth and breadth of the certification itself, along with the prestige it holds in the eyes of employers seeking to employ skilled and experienced professionals has seen numbers grow exponentially around the world. There are more than 136,000 CISSP holders globally, with over 90,000 in North America, 23,000 in EMEA and nearly 18,000 across the Asia-Pacific region. Many government entities around the world mandate the CISSP as a benchmark that a potential public sector employee needs to hold to be successfully employed, or as a requirement to undertake government cybersecurity certification.”