Is CISSP Associate track recommended?

gregonometrygregonometry Member Posts: 11 ■□□□□□□□□□
As an IT Support Analyst (level2-3) with 5 years of IT industry experience I know I will not meet enough domain experience to be fully CISSP certified. However, I get the sense on this forum that it is not wise to get the CISSP unless you know that you have enough experience. My goal is to move on to IT Sec Auditing but am not sure Secrity+ is eougt to be considered, so I want CISSP. Most positions list CISSP as a qualification. Can any auditors weigh in?


  • dou2bledou2ble Member Posts: 160
    As a former Big 4 employee in IT audit I can tell you that the associate is definitely worth it. S+ had no value. CISA was encouraged instead for right out of college. I would also add that some think they don't qualify for CISSP and have to go the associate track but they're being to strict on themselves.

    One of our directors was also on the ISC2 board and he said that when you fill out your experience to fill it out to best of your knowledge, be generous without lying. You'll put references and just see how it goes.
    2015 Goals: Masters in Cyber Security
  • gregonometrygregonometry Member Posts: 11 ■□□□□□□□□□
    Thanks dou2ble. I'm leaning toward filling out my experience and just seeing how it goes. They say experience trumps certs but I need this cert to get the direct experience.
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    I do see the CISSP listed as desired more and more and less a drop dead must have requirement. If you are worried that not having the full CISSP on the resume is going to get trashed use the "Associate of the CISSP" or CSSP (leading to the CISSP). There you've bypassed the computerized filters and 99.999% of the Human Roadblock (HR) drones.

    Still recommend doing the SSCP in preparation as the fact is - the more test you take the easier they become. As an added benefit your building some measure of credibility rather than coming out of obscurity and suddenly having the CISSP on your resume with little actual experience to back it up. Those are the resumes I either highly question if not simply add to the pile in the wastebasket. I no longer bother with those - really!

    Security+? Meh. Its a good exam to get your feet wet and to train yourself to take security exam but no one really pays attention to it after your first real security job. If you took it at a time that it was supposed to be forever that comes with its own prejudice. After that time frame and someone is going to ask why you took it in the first place. Personally, I see some skill building when I see it others don't. YMMV on this one. Took me 32 minutes to complete the Security+ exam with a near perfect score. Little less than 2 hours (with five breaks) to complete the CISSP and nearly two hours to complete the ISSAP. All good and valid exams but done at different points in time of my career.

    Going the slightly longer road may help build some credibility in the longer run but its your career - your choice.

    Good luck and enjoy the journey!

    - beads
  • gregonometrygregonometry Member Posts: 11 ■□□□□□□□□□
    much appreciated beads, wouldn't obtaining Sec+ make CISSP look less obscure? Got Sec+ only a few month ago. I want the skill and experience to back up my certs but on the other hand it seems I need the cert first to meet job qualifications.
  • mjsinhsvmjsinhsv Member Posts: 167
    I don't think the Security+ really carries that much weight on a resume...unless you are a DOD contractor.
    The Security+ is a requirement for level 1 IAT jobs and a must have.

    On the other hand, ISC will waive 1 year of experience for the Security+ when you apply for endorsement so you would only need 4 years of verifiable experience.

    Don't know what your goals are but you might want to look at the OSCP if you are very technical.
    Ive heard its a very technical and challenging course.

    The CISSP isn't very technical but more of a managers type test.
  • jt2929jt2929 Member Posts: 244 ■■■□□□□□□□
    Correct me if I'm wrong, but aren't you supposed to put "Associate of (ISC)2" on resumes, not "Associate of CISSP"?
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    I'd say it's worth it. As others stated it will generally get you past most of the roadblocks, demonstrate you have some knowledge, and employers who want CISSP certified personnel are more likely to hire someone who has passed the test already instead of hiring someone and saying they need to be certified within 6 months. Also for DoD the Associate of CISSP is equal to CISSP, which means all levels of IAT and IAM. This gives you a lot of room within the contractor realm.
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    jt2929 wrote: »
    Correct me if I'm wrong, but aren't you supposed to put "Associate of (ISC)2" on resumes, not "Associate of CISSP"?

    I said HR drones not the ISC2 now, didn't I? Sue me and take my birthday away. Make me eat cake. Oh well.

    - b/eads
Sign In or Register to comment.