Options

is the cissp always a must for any starter GRC role?

chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
hi,

wondering what path would be a good starting point for a grc role, i see cissp mentioned all the time but im a
long way off that yet.

Comments

  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    As far as making it past HR screening filters and competing against others for the positions, I'd consider the CISSP a must, especially without a resume full of accomplishments in the GRC realm. That's just my opinion in trying to obtain a GRC role for a couple of years and then when I added those five magical letters to my resume and LinkedIn profile, the floodgates opened. I just left a nice GRC position with Citi. From a standpoint of being able to do GRC work, I don't think it's necessary that one has the CISSP, but the knowledge gained will give you a good understanding of different areas within security and will only help you in your job.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    ya sure i know what you mean, how long did it take you to get cissp? also how did you know you would like this area?
  • Options
    aftereffectoraftereffector Member Posts: 525 ■■■■□□□□□□
    I wouldn't say it is *always* a must. But I would say that it is very, very close to a must, just like Security+ for any DoD job or even a bachelor's degree for most $50k+ /year positions. Like JoJoCal said, it's hard to make it past HR without keywords like CISSP.

    It took me about 3 months to get CISSP.
    CCIE Security - this one might take a while...
  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    It took me 4 months of study to get the CISSP on my first try. Others need more time, but for me the CISSP is more management oriented and I do well with that type of stuff (non-technical) and it comes to me naturally so I felt I was absorbing the material pretty well (with the exception of Crypto). My last job was my first pure GRC role, but I knew I had an interest in that area of security from the GRC related duties I've had sprinkled throughout my IT career. The only reason I left my last job was because I felt it "too junior", or too easy for me and I didnt feel challenged. I laid waste to the job in like 3 weeks and was looking to my manager to take on more and more things. I'm trying my hand at a more rounded position where I do some GRC related stuff and some technical stuff.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    yeah yeahyeah yeah Member Posts: 77 ■■□□□□□□□□
    All depends on what sector you're trying to find work in. In DoD, CISSP will always be preferred, but you can get by with a Sec+ (IAM-I) or a CAP (IAM-II). CISSP is always a win, as it will fill all 8570 requirements (IAM-III, IAT-III, IASAE-II). Plus, having the CISSP, you won't feel pressured whenever they change the requirements.
Sign In or Register to comment.