Planning for CISSP Associate - Need help

myself_hydmyself_hyd Member Posts: 6 ■□□□□□□□□□
Hi,
I have been reviewing threads in this section for quite a few days now. After reading these many experiences and inputs from test takers, I am a bit confused on what preparation strategy to follow. I have the Shon Harris 6th edition which I just started, but would it be the right path considering the change in the CBK?

I have 2+years of experience in InfoSec industry. I also have a Master's degree (MS) in Computer Security.

One more question I have is, if I pass the CISSP today and get a ' Associate of (ISC)2', will I need to submit the CPE's for the next 2 years until I become a complete CISSP (not an (ISC)2 associate)?

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Someone correct me if I'm wrong, but by passing the exam you just get the "Associate of (ISC)²" title. You don't get use the term CISSP at all, not even with associate, until you get the required experience.
  • kvponkshekvponkshe Member Posts: 25 ■■□□□□□□□□
    Mere passing the exam does not means that you are CISSP or Associate of CISSP.Please see below steps that ISC 2 ask you to do.
    *************
    Step 2
    If you currently have the required number of years of experience to be endorsed, you must complete the endorsement process within nine (9) months of your exam date. You may begin the endorsement process by submitting a completed endorsement form to (ISC)². For detailed information about the professional experience requirement for the CISSP certification, please visit www.isc2.org/cissp-professional-experience.aspx.
    If you do not have the required number of years of professional experience, you can become an Associate of (ISC)². However, it is your responsibility to contact (ISC)² within nine (9) months of your exam date to tell us your intent.

    ****************
    Also I think you need to get requred CPE per year even for Associate of CISSP
  • myself_hydmyself_hyd Member Posts: 6 ■□□□□□□□□□
    Apologies.. I meant Associate of (ISC)2 and not 'associate of CISSP'.
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Not to discourage you from taking this exam, but keep in mind that there are certs more relevant and valuable at this early stage in your career. Non-security specific training experience and certs are also valuable in security.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Why not go for the SSCP for now?
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • myself_hydmyself_hyd Member Posts: 6 ■□□□□□□□□□
    renacido wrote: »
    Not to discourage you from taking this exam, but keep in mind that there are certs more relevant and valuable at this early stage in your career. Non-security specific training experience and certs are also valuable in security.

    I thought going for this prestigious exam would do me good knowledge-wise and career-wise as well. And if I maintain the required CPEs till I get the required experience, I will then become a CISSP. Correct me if I'm wrong?
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    You're not "wrong". My point is this: there is a reason why they require no less than 4 years full time experience for CISSP. It's a management cert. And what's the key qualification for a management position in infosec (or any field)? Experience.

    Furthermore, CISSP is all knowledge and judgement questions and scenarios where you are making decisions as a Security Manager or CISO. It has technical content but does not test an individual's hands on technical skills and the technical content of the CISSP is more basic than other security certs, therefore if I'm looking for a guy (or gal) who I know can identify intrusions or lead incident response or test for vulnerabilities or identify root cause of an incident or do security engineering work with MCSE/CCIE guys then I'd rather see more technical certs not solely assoc of isc2. Don't get me wrong, I don't see assoc of ISC2 as having no value, just saying that it may not serve you as well in your career as technical certs will because to be honest until you have enough experience to qualify for mid-level management positions it's not very helpful other than demonstrating that you want to be a CISO someday. Just my opinion, good luck with the exam.
  • myself_hydmyself_hyd Member Posts: 6 ■□□□□□□□□□
    renacido wrote: »
    You're not "wrong". My point is this: there is a reason why they require no less than 4 years full time experience for CISSP. It's a management cert. And what's the key qualification for a management position in infosec (or any field)? Experience.

    Furthermore, CISSP is all knowledge and judgement questions and scenarios where you are making decisions as a Security Manager or CISO. It has technical content but does not test an individual's hands on technical skills and the technical content of the CISSP is more basic than other security certs, therefore if I'm looking for a guy (or gal) who I know can identify intrusions or lead incident response or test for vulnerabilities or identify root cause of an incident or do security engineering work with MCSE/CCIE guys then I'd rather see more technical certs not solely assoc of isc2. Don't get me wrong, I don't see assoc of ISC2 as having no value, just saying that it may not serve you as well in your career as technical certs will because to be honest until you have enough experience to qualify for mid-level management positions it's not very helpful other than demonstrating that you want to be a CISO someday. Just my opinion, good luck with the exam.

    Makes sense. Thanks. I think I'm being over-aggressive when it comes to my career. As said, I need to concentrate on more technical certifications that might provide more value to my career right now.

    Badly need to find a mentor!
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    A good mentor can really smooth your path to success for sure. Networking is important, use the people in the industry who you know, use forums, use Linkedin, ask lots of questions, share your own opinions and experience and you're bound to find one or a few mentors.

    I'd like to offer you my advice just based on the very little that I've learned about you in this thread. Maybe some food for thought that might be helpful.

    You have an MS in Computer Security, that alone shows you are committed to the field and that's all the *formal education* you'd need and then some to be the CIO/CISO of a major corporation, so that's awesome you've already knocked that out.

    You're already working in infosec, though you didn't mention what specifically you're doing. But whatever you decide, the foundation of any career in security should be a solid understanding of networking and servers (datacenter, cloud, virtual, mobile, all of it).

    You do learn some of this in computer security books and classes but the experience of working on technical problems, understanding how the stuff works in a real environment, this is extremely useful knowledge that we call upon all the time to do our security jobs. Learn as much of this stuff as you can by whatever resources you have at your disposal: on the job, home lab, video courses, books, classroom training, etc.

    Beyond that, the development paths fork off in somewhat different directions depending on what roles you have or are heading toward. Security Ops, Audit, Assessment and Testing, Forensics, Engineering, or a combination of those.

    This is where the Assoc of ISC2 is *not as* valuable as something more technical and concentrated. Each of the areas above has focused, highly-technical and/or hands-on exams and certifications for those specific skill sets, whereas the CISSP exam is broad in scope and more about applying knowledge along with professional judgement to shape and manage a security program and processes.

    Hopefully this helps somewhat, but you seem to be well on your way toward a successful career.
  • mjsinhsvmjsinhsv Member Posts: 167
    Having the associate cert will certainly help.
    How much depends on what you do now and what your goals are.
    Not sure about the CPE's but I'm thinking it would be a requirement, as well as the yearly $85 fee to ISC2.
  • bpennbpenn Member Posts: 499
    I have the Associate designation due to only 3 years of experience. It is $35 a year until you get endorsed and 15 CPEs a year. What I find interesting is on my certification status it says: "Associate of (ISC)² working towards CISSP" and I know you cant even use that designation even though it says it. You can only use "Associate of (ISC)²"
    "If your dreams dont scare you - they ain't big enough" - Life of Dillon
  • beadsbeads Senior Member Member Posts: 1,511 ■■■■■■■■■□
    renacido wrote: »
    A good mentor can really smooth your path to success for sure. Networking is important, use the people in the industry who you know, use forums, use Linkedin, ask lots of questions, share your own opinions and experience and you're bound to find one or a few mentors.

    I'd like to offer you my advice just based on the very little that I've learned about you in this thread. Maybe some food for thought that might be helpful.

    You have an MS in Computer Security, that alone shows you are committed to the field and that's all the *formal education* you'd need and then some to be the CIO/CISO of a major corporation, so that's awesome you've already knocked that out.

    You're already working in infosec, though you didn't mention what specifically you're doing. But whatever you decide, the foundation of any career in security should be a solid understanding of networking and servers (datacenter, cloud, virtual, mobile, all of it).

    You do learn some of this in computer security books and classes but the experience of working on technical problems, understanding how the stuff works in a real environment, this is extremely useful knowledge that we call upon all the time to do our security jobs. Learn as much of this stuff as you can by whatever resources you have at your disposal: on the job, home lab, video courses, books, classroom training, etc.

    Beyond that, the development paths fork off in somewhat different directions depending on what roles you have or are heading toward. Security Ops, Audit, Assessment and Testing, Forensics, Engineering, or a combination of those.

    This is where the Assoc of ISC2 is *not as* valuable as something more technical and concentrated. Each of the areas above has focused, highly-technical and/or hands-on exams and certifications for those specific skill sets, whereas the CISSP exam is broad in scope and more about applying knowledge along with professional judgement to shape and manage a security program and processes.

    Hopefully this helps somewhat, but you seem to be well on your way toward a successful career.

    Thats actually solid advice. This board in particular has been too focused on the means to an end than the ethical or moral right or wrong of passing an exam - no matter the cost. People see the CISSP and dollar signs as interchangeable values for one another. Just makes a mess out of the career field and has lead lots of eager examinees to complete an exam they should have never sat for in the first place.

    For those of you who doubt me you really should be reading some of the recent resume's that have crossed my desk.

    Stunningly bad.

    -b/eads
  • kshahinkshahin Member Posts: 22 ■□□□□□□□□□
    @ myself_hyd
    I am planing for the CISSP exam and I am looking for study partner to go through the chapter by chapter. I do have CBK ( 4th Edition ), Shon Harris ( AIO -6th ) and MP3 for the Shon Harris Lecture. I am studying CBK now and I will study Shon Harris (AIO - 6 the Edition ) later just to make sure I am not missing any topics. Listening MP3 in the car....

    I believe discussing the chapter by chapter will help the catch the topics faster.

    Thanks
    Shahin
  • Khaos1911Khaos1911 Member Posts: 366
    Just curious. I have a co-worker who asked me the other day if he would be eligible if he had 2 years of full time inofsec experience (he has Sec + as well) and another 2 years of internship experience in infosec where he was paid and worked 40 hours a week.

    I have no clue if they will accept his internship experience, but I told him to just shoot an email ISC2.I personally think he should be ok, it was a paid internship position and he average 40 hours a week, but I'm not sure how ISC2 would approach that. Your thoughts?
  • myself_hydmyself_hyd Member Posts: 6 ■□□□□□□□□□
    renacido wrote: »
    A good mentor can really smooth your path to success for sure. Networking is important, use the people in the industry who you know, use forums, use Linkedin, ask lots of questions, share your own opinions and experience and you're bound to find one or a few mentors.

    I'd like to offer you my advice just based on the very little that I've learned about you in this thread. Maybe some food for thought that might be helpful.

    You have an MS in Computer Security, that alone shows you are committed to the field and that's all the *formal education* you'd need and then some to be the CIO/CISO of a major corporation, so that's awesome you've already knocked that out.

    You're already working in infosec, though you didn't mention what specifically you're doing. But whatever you decide, the foundation of any career in security should be a solid understanding of networking and servers (datacenter, cloud, virtual, mobile, all of it).

    You do learn some of this in computer security books and classes but the experience of working on technical problems, understanding how the stuff works in a real environment, this is extremely useful knowledge that we call upon all the time to do our security jobs. Learn as much of this stuff as you can by whatever resources you have at your disposal: on the job, home lab, video courses, books, classroom training, etc.

    Beyond that, the development paths fork off in somewhat different directions depending on what roles you have or are heading toward. Security Ops, Audit, Assessment and Testing, Forensics, Engineering, or a combination of those.

    This is where the Assoc of ISC2 is *not as* valuable as something more technical and concentrated. Each of the areas above has focused, highly-technical and/or hands-on exams and certifications for those specific skill sets, whereas the CISSP exam is broad in scope and more about applying knowledge along with professional judgement to shape and manage a security program and processes.

    Hopefully this helps somewhat, but you seem to be well on your way toward a successful career.

    Really appreciate the advice - priceless at this stage of career. Feels good when experienced professionals approve of my career plan :) I am presently working in an enterprise security team (sec engineering plus operations) for the past one year. Prior to my MS I have worked for a year in Application and network pentesting. I am not very sure of where I would like my career to go, but as of now I am looking to shift my work to more technical VAPT for a few years and then back to enterprise security, eventually heading towards a CISO. I already have the CEH certification :)
    kshahin wrote: »
    @ myself_hyd
    I am planing for the CISSP exam and I am looking for study partner to go through the chapter by chapter. I do have CBK ( 4th Edition ), Shon Harris ( AIO -6th ) and MP3 for the Shon Harris Lecture. I am studying CBK now and I will study Shon Harris (AIO - 6 the Edition ) later just to make sure I am not missing any topics. Listening MP3 in the car....

    I believe discussing the chapter by chapter will help the catch the topics faster.

    Thanks
    Shahin

    Hey Shahin, yes I would love to have a chat. P.m. me.
  • Hamalp60452Hamalp60452 Registered Users Posts: 3 ■□□□□□□□□□
    Check out CISSP in 3 Weeks. It's available on Amazon Kindle.
  • barhate.rahulbarhate.rahul Member Posts: 10 ■□□□□□□□□□
    Yes, you will require to submit 15 CPEs/yr till you are an Associate.After that normal CISSP cycle would follow.
  • beadsbeads Senior Member Member Posts: 1,511 ■■■■■■■■■□
    Check out CISSP in 3 Weeks. It's available on Amazon Kindle.

    Amazon.com: CISSP In 3 Weeks: The Only Step-by-Step CISSP - DIY Instruction Manual eBook: Nichel James: Kindle Store

    Can't make the exam any easier than that! As an added bonus the author indicates you only need 2 years experience. Wooohooo!

    Personally, I believe additional investigation may be in some order.

    -b/eads
Sign In or Register to comment.