Is CISSP certification worth the effort?

As I was scanning the presentations delivered at last week’s Black Hat conference, one really jumped out at me. Presenter Timmay delivered a provocative session entitled “Why You Should Not Get a CISSP” — a topic I recall as being hotly debated five years ago. As Timmay puts it, “For two decades, the flagship offering of the (ISC)2 [International Information Systems Security Certification Consortium] has been the CISSP, widely regarded as the only must-have certification for information security practitioners. But has it stood the test of time?…