I am officially done!

Well, after about 1.5 month of study for the CISSP I have made the decision to pass on the exam. I was slated to test next week and fully believe that I am ready to test, but the test will not be covered by my organization. The reasoning for my decision is this…

Looking at the entire test from 1000ft I cannot wrap my head around the point of the test. It goes into no depth about any one subject so I cannot say it would benefit me in any way, other than knowing random information here and there. I feel that if I am going to invest $600+ I will need to at least gain knowledge that I did not have before, or gain useful knowledge that would help me in my ISSM duties.

All in all it seems like ISC2 made a security test, then kept adding content to the test to keep up with the security industry, then kept adding things to keep up with other certs, now it is to the point where it just seems like a random accumulation of security related “things.”

Anyway I feel that my money would be more appropriately invested in a CISM cert or something of that nature. A cert that provides focus and relevant info to my job.

Any thoughts on the CISM cert?

Find more posts tagged with

Comments

JoJoCal19

Do targeted keyword searches and you will see that CISSP has far more hits. Also I've seen a good bit of higher level IS jobs say "CISSP Required". I do agree that in taking the cert itself it's easy to ask what all the fuss is about, but HR/hiring managers like and some want to see those five letters on your resume. However if you're going to pass on the CISSP, the CISM is the next best in the non-technical security cert realm from what I've seen. Either way, I say take the CISSP. That $600 (not to mention prep supplies and resources) was the single best investment I've ever made for my career, beating out even my bachelors degree.

aftereffector

The CISSP isn't designed to go into depth about any one subject, or give you useful knowledge, or be focused and relevant to a particular job. It's not a CCIE. The point of the test is to certify that you have a baseline of knowledge in information security practices and techniques, which is a necessarily broad subject, not to certify you as an expert in any one practice or technique.

GeneC

With already 1.5 months invested I would certainly encourage you to keep on with the CISSP. Depending on how hard you have been studying you are at least half way there already. Do not think this is a waste of time, I wish I was only at 1.5 months of study. I have logged many more months including a first attempt fail. I know this certification has value especially since this is the field I enjoy and want to progress in, without it I can not look or move forward.

A few months ago I interviewed for a security officer position, we graduated from the same college program, and a few years of experience difference (he a few more) but he had CISSP, I did not....guess who got the job!

This certification will keep your options open.

Best of luck

Gene

5502george

JoJoCal19 wrote: »

Do targeted keyword searches and you will see that CISSP has far more hits. Also I've seen a good bit of higher level IS jobs say "CISSP Required". I do agree that in taking the cert itself it's easy to ask what all the fuss is about, but HR/hiring managers like and some want to see those five letters on your resume. However if you're going to pass on the CISSP, the CISM is the next best in the non-technical security cert realm from what I've seen. Either way, I say take the CISSP. That $600 (not to mention prep supplies and resources) was the single best investment I've ever made for my career, beating out even my bachelors degree.

I understand 100% what you are saying, however I am looking at ROI in a different way than you are.
I agree that it would increase the opportunity in looking for jobs, but that is not my intent. I am looking at ROI in the way it benefits my knowledge base. If you are looking for jobs, I agree the CISSP will get you in the door.

cyberguypr

Perfectly understandable. The key here is that: YOUR ROI. Definitely doesn't make any sense for you.

zxbane

I have to agree with JoJo, the CISSP is hands down the best investment I've made financially and time wise for my career. Many can argue about the knowledge value of the certification but when it comes to marketability nothing I've done compares, including like JoJo said, my B.S. degree.

I also recently passed the CISM exam and while I did learn a good amount in my studies for that I will also say I learned quite a bit while studying for the CISSP as well.

5502george

GeneC wrote: »

With already 1.5 months invested I would certainly encourage you to keep on with the CISSP. Depending on how hard you have been studying you are at least half way there already. Do not think this is a waste of time, I wish I was only at 1.5 months of study. I have logged many more months including a first attempt fail. I know this certification has value especially since this is the field I enjoy and want to progress in, without it I can not look or move forward.

A few months ago I interviewed for a security officer position, we graduated from the same college program, and a few years of experience difference (he a few more) but he had CISSP, I did not....guess who got the job!

This certification will keep your options open.

Best of luck

Gene

I don’t look at it as 1.5 months I wasted. I did learn some useful information about BCP/DRP, Sec management, and SDLC that help me in my job as an Info Sec Manager. I am in it for the knowledge AND it will help for the CISM.

BTW, good luck this time around!

5502george

cyberguypr wrote: »

Perfectly understandable. The key here is that: YOUR ROI. Definitely doesn't make any sense for you.

It more comes down to the best knowledge investment for 600 bucks lol. I may take the CISM and decide to take the CISSP at a later date, but I am really only interested in the domains of the CISM at this point.

GeneC

Fair enough....Good luck with everything.

teancum144

5502george wrote: »

I understand 100% what you are saying, however I am looking at ROI in a different way than you are.
I agree that it would increase the opportunity in looking for jobs, but that is not my intent. I am looking at ROI in the way it benefits my knowledge base. If you are looking for jobs, I agree the CISSP will get you in the door.

Interesting. I evaluated both and even took an intensive 3-day live training on the CISM. I already have the CISA (also sponsored by ISACA). In the end, I found the CISSP material has improved my knowledge to a significantly greater degree than the material covered by the CISM. Between the two, I couldn't disagree with you more (at least for me).

EasyPeezy

Whilst you might find no need for certain domains in the CISSP... e.g. Physical security & BCP/DRP... as they might not relate directly to your current position. The CISSP is a premier certification, higher than the CISA and CISM in my opinion... You learn across several security domains and it is aimed at people responsible for the overall security posture of an organisation... say a CISO, CIO, CTO etc. These roles need a knowledge of every aspect of security that they will be responsible for, unlike other certifications like Security+, Network+ that are specific to someone wanting a security support role.

If you ever plan to be in charge of organisational security... you certainly want to be a CISSP.

5502george

EasyPeezy wrote: »

Whilst you might find no need for certain domains in the CISSP... e.g. Physical security & BCP/DRP... as they might not relate directly to your current position. The CISSP is a premier certification, higher than the CISA and CISM in my opinion... You learn across several security domains and it is aimed at people responsible for the overall security posture of an organisation... say a CISO, CIO, CTO etc. These roles need a knowledge of every aspect of security that they will be responsible for, unlike other certifications like Security+, Network+ that are specific to someone wanting a security support role.

If you ever plan to be in charge of organisational security... you certainly want to be a CISSP.

Well, considering that the CISSP covers many areas of the CISM, just not in too much depth, I might just continue the CISSP route and take my time with the BCP/DRP and RM domains. I understand the value of the CISSP, I just want to dig deeper in specific domains.

redterrorz

replies are very encouraging!!! I need to get into it!