CISSP or CISA

dustervoice

For those who have passed/taken both tests which is more difficult?

Raystafarian

It really depends on your background.

zxbane

I agree with the poster above me, this is a very subjective question that depends on the testers experience. Of course CISSP covers a wider range of topics and concepts but if you have never done any sort of auditing in your career then I would expect the CISA to be quite difficult as well.

JDMurray

Both exams are very difficult if you don't have years of professional work experience in Information Security, InfoSec Management, or Information Systems Auditing.

dustervoice

OK i understand that the question is a bit subjective however i was trying to gauge how the difficulty of each based on only the nature of the test itself not the experience of the test taker. so if someone with no experience read the appropriate books, videos,etc in preparation for the test which one would be "easier" to pass in that approach?

JDMurray

Which exam you would have a better chance at passing begins with what you already know. Reading the "appropriate books" and understanding the material well enough to answer questions about the topics on an exam are two very different things. I would suggest that you have a look at the CISSP and CISA books in a local bookstore and determine which material seems more familiar to you.

One other thing worth mentioning--you will never get an InfoSec job only because you have one or both of these certs. InfoSec professionals are hired based on their experience, not on their ability to pass exams. The certs may get your foot in the door for a first interview, but without any understanding of the knowledge, and demonstration of experience, you won't be called back for the next interview round.