Risk taking the CISSP

jamesleecoleman

I'm trying to debate if I should just go for the CISSP (studying for SSCP now). I'm doing desktop support and I'm not sure if adding users, password resets, basic internet connectivity troubleshooting, physically securing/imaging computers would help qualify me. I've been trying to get more detailed answers and I've looked through different things on the ISC2 website but I didn't see anything or maybe I missed something.

I'm concerned that if I do pass the CISSP and the time comes up for the fifth year, I won't have what's needed to qualify me. I know that the Sec+ gives a 1 year waver but I'm not planning on taking it until I know I can get what I need to get.

emerald_octane

At the end of the day, it's all up to ISC2 to accept the experience you've given them. My first thought is that your experience with managing accounts and physically securing machines (depends on how its done) would count however I know that some here have frowned upon/disregarded that type of experience (because then, what's preventing someone with 5 years of tier 1 help desk experience from obtaining the CISSP), but that's why I said that it's all up to ISC2.


In my opinion, I would wait to pass the exam (thus becoming an "Associate of ISC^2" working towards CISSP) until you have 2 - 3 years of exp under your belt, for the exact reason you mention. The test is too much work to only have to take it again if you fail to meet the reqs.

JDMurray

Having the SSCP will also knock one year off the professional experience requirements for the CISSP just like the Security+ will. Already being a member of the (ISC)2 (via your future SSCP) will help you to a successful CISSP endorsement too.

ajs1976

Do you know any CISSPs who you would ask to provide the endorsement? If you do talk to them about your experience and see what they think.

JDMurray - How does already being a member of (ISC)2 help? I would think either you have the experience or you don't. The fact that one is already paying dues shouldn't matter.

JDMurray

Having already been through the endorsement process for one (ISC)2 cert speeds things up for additional certs. If you land on an "iffy" line in the process things may better fall your way.

jamesleecoleman

Yea, I know someone who has the CISSP. I guess I'll just stick with the SSCP for now and wait a few years just to be safe. Thanks JDMurray, ajs1976 and emerald_octane

McNinja

jamesleecoleman wrote: »

I'm trying to debate if I should just go for the CISSP (studying for SSCP now). I'm doing desktop support and I'm not sure if adding users, password resets, basic internet connectivity troubleshooting, physically securing/imaging computers would help qualify me. I've been trying to get more detailed answers and I've looked through different things on the ISC2 website but I didn't see anything or maybe I missed something.

I'm concerned that if I do pass the CISSP and the time comes up for the fifth year, I won't have what's needed to qualify me. I know that the Sec+ gives a 1 year waver but I'm not planning on taking it until I know I can get what I need to get.

Let's put it this way - do you administrate accounts? Do you provide passwords, account information, do malware scans on computers? If not, see if you can get with your engineers and figure out a way to do so.

McNinja

Keep in mind you can take the test and get the Associate. It's valid for the DoD requirements.

jamesleecoleman

I just ended up having to do some malware scans last week but I'm sure that it won't happen again anytime soon. I'll see what I can do about getting some more things added that directly relate to some of the domains for the SSCP but it'll be a little difficult because I'm busy doing other things.