Shores, a pre-sales consultant for Auckland-based Logical's managed security service who has worked in IT security for four years and 14 in IT overall, says it's not an exam you can cram for.
"It does require a few months of study and in-depth reading of material," she says.
The CISSP exam involves 10 subject areas including access control systems and methodology, application and systems development, business continuity planning, cryptology, law, investigation and ethics. It is run by the US-based ISC2, a vendor-generic non-profit organisation. The CISSP says about 50 people hold the certificate in New Zealand.
Shores, whose job includes assessing whether firms needs 24/7 monitoring of their security industry, says the exam is "extremely useful and relevant" because it covers different areas.
"A lot of people believe security is just about net security, but it also covers cryptography, physical security and access control. This certificate is very important in my job; it is really one of the very few respected security certificates around."
Shores, who previously worked for Axon and Energis Communications in the UK, says exam takers must work in IT security for three years and have to attend courses over three more years to keep their certificate.
Logical product marketing manager Kate Davidson says the qualification is like Cisco's CCIE. She says for security firms like Logical, paying for such courses is "definitely an investment worth doing" because it adds to the company's list of highly qualified staff. Two other Logical staff gained the certificate last month.
However, marketing manager Andy Cooper of Computer Associates, a rival to Logical, says while CISSP certification is highly regarded as it's vendor independent, "for us, CISSP is so what". He says some CA staff hold the qualification, as well as CISA (certified information services auditor), which demands five years' IT security experience.
"CISSP certification is not a pre-requisite or mandatory requirement to work in the field of information security; however, it is expected to become increasingly more relevant for all IS professionals," says Cooper.
Symantec also has staff heading toward CISSP certification, says country manager Richard Batchelar.