Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Education & Development
Jobs and Careers
is the cissp always a must for any starter GRC role?
chickenlicken09
hi,
wondering what path would be a good starting point for a grc role, i see cissp mentioned all the time but im a
long way off that yet.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
JoJoCal19
As far as making it past HR screening filters and competing against others for the positions, I'd consider the CISSP a must, especially without a resume full of accomplishments in the GRC realm. That's just my opinion in trying to obtain a GRC role for a couple of years and then when I added those five magical letters to my resume and LinkedIn profile, the floodgates opened. I just left a nice GRC position with Citi. From a standpoint of being able to do GRC work, I don't think it's necessary that one has the CISSP, but the knowledge gained will give you a good understanding of different areas within security and will only help you in your job.
chickenlicken09
ya sure i know what you mean, how long did it take you to get cissp? also how did you know you would like this area?
aftereffector
I wouldn't say it is *always* a must. But I would say that it is very, very close to a must, just like Security+ for any DoD job or even a bachelor's degree for most $50k+ /year positions. Like JoJoCal said, it's hard to make it past HR without keywords like CISSP.
It took me about 3 months to get CISSP.
JoJoCal19
It took me 4 months of study to get the CISSP on my first try. Others need more time, but for me the CISSP is more management oriented and I do well with that type of stuff (non-technical) and it comes to me naturally so I felt I was absorbing the material pretty well (with the exception of Crypto). My last job was my first pure GRC role, but I knew I had an interest in that area of security from the GRC related duties I've had sprinkled throughout my IT career. The only reason I left my last job was because I felt it "too junior", or too easy for me and I didnt feel challenged. I laid waste to the job in like 3 weeks and was looking to my manager to take on more and more things. I'm trying my hand at a more rounded position where I do some GRC related stuff and some technical stuff.
yeah yeah
All depends on what sector you're trying to find work in. In DoD, CISSP will always be preferred, but you can get by with a Sec+ (IAM-I) or a CAP (IAM-II). CISSP is always a win, as it will fill all 8570 requirements (IAM-III, IAT-III, IASAE-II). Plus, having the CISSP, you won't feel pressured whenever they change the requirements.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
