1/ So, "CISSP equivalent to a master's degree". I think a lot has gotten lost in translation. Whenever there's Twitter outrage, there's probably ignorance.

2/ Of course a CISSP isn't equivalent to a master's degree, or a bachelor's degree. It's less, even, than the "associates degree" you get from a two-year community college.

However, this doesn't seem to matter.

3/ Studying the UK NARIC framework, it seems to me that this "level 11" is the standard section to put all sorts of "professional certifications" for a lot of disciplines. A lot of engineering certifications are at this level.

4/ If there's a highly technical discipline like medicine or engineering or the like, and there's a professional certification, it's likely to be at this level.

5/ Also, the issue isn't "master's degree" but "master's level work", the recognition of CISSP study for college credit. There's difference between an "award" at this level requiring 120 hours of work vs. a "certificate" vs. a "diploma", each requiring more work.

6/ CISSP may not be worth a full "degree", but is it equivalent to an "award"? Is it really different than all these other certifications and awards at "UK NARIC RQF level 7"?

7/ The answer, btw, is that the CISSP is substandard. It's not a technical certification. It's not postgraduate contents based upon a an undergraduate college degree, as other professional certifications. Anybody with no knowledge can get a CISSP.

8/ With a CISSP, you aren't taught how things work, you are only taught how to identify buzzwords. You are taught to identify a firewall, and what buttons to push, but not how firewalls work.

9/ Half the content of the CISSP is nonsense, there because textbooks contain it, but not because it's meaningful, or even right. Things like the Bell-Padula model or OSI model are on the test because the test makers aren't smart enough to know they've been obsolete since the 80s

10/ A CISSP isn't some advanced certification an electrical engineer gets after completing a bachelors degree. It's instead equivalent to a vocational certification, such as certifying an entry level mechanic to work on a car.

11/ The Europeans are mislead by a lot of things, such as the CISSP's 5 year professional experience requirement. This is largely nonsense, as most people getting a CISSP fudge it.

12/ Almost any job with computers contains some security bits, so people exaggerate how much their work experience actually deals with security. By the standards of the CISSP, almost my entire family has the necessary "experience".

13/ Professional certifications at the "masters" level are based upon an extensive underlying foundation. The CISSP is a certification you can get based on zero foundation. Pick up a book, study it for a few months -- regardless of prior experience or education.

14/ Anyway, my point is that it's no so much "equivalent to a master's degree" that's an issue, it's "equivalent to post-graduate professional certifications" that's the issue.

And the CISSP is not equivalent to a post-graduate professional certification.