IS CISSP worth it to you.

I was reading a old article linked below. Short story the author and a lot of people commenting are bashing CISSP as a Cert. I have always seen CISSP as a upper level cert with more of management feel to it. I passed It last month a rough 3 hours for me lol. I have 6 years experience in IT Various roles. Some of the smartest people I know in the technical world that I know all agreed this was a tough test. to end my rant question if you have CISSP did it help you improve at work? do you believe there are better security certs? is CISSP the gold standard for security certs?

Your CISSP is Worthless - So Now What?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

PCTechLinc

Keep in mind that while I don't have CISSP, I would like to attain it eventually in my career.

That being said, just about ANY cert in the professional world is going to be bashed by someone. I've read countless articles saying that about Cisco, CompTIA, Microsoft, etc... For me personally, I attain certifications to justify my knowledge in a particular subject. The author of the article says "we need DOERS, not people that THINK about doing..." Well, I would hope that if you have attained ANY certification, that you would DO something productive with it. The certification alone won't help you at all. Your experience that you build along the way will. I try to explain that fundamental difference with my students. I may have a bunch of certs and degrees, but if I can't SHOW you that I know what I'm doing, then it's all worthless.

Just my 2 cents.

/rant

renacido

Does getting your CISSP provide a good return on investment?

Short answer is yes.

It makes your resume or LinkedIn profile pop up when a job recruiter does a search for CISSP in your geographic area on Linkedin and job boards. That alone could make a very good return on your investment if results in you getting more job leads and better ones.

The weird thing is, if you meet the experience requirement for CISSP you should have no real trouble getting hired without a CISSP. I have been hired and done well in a bunch of jobs where CISSP was either "required" or "highly desired" on the basis of my work experience. But CISSP widens your net.

The other thing I can say, which may be all in my head, is that I no longer worry if I'm missing out on a job opportunity because I DON'T have it.

cyberguypr

Here's why CISSP is of value to me:
- It exposed me to some Infosec areas that I never touched before
- It helped me understand the synergy between domains
- HR loves it. Many employers either recommend it or REQUIRE it. By having this cert my universe of possibilities expands exponentially. I find this particularly important given how fast the field is moving and how you may come across your dream job by complete accident.

Infosec is such a wide field that it's hard to try to cover it all with one cert. What else can we use as a baseline that will help you determine a professional's level of understanding about a security program? ISACA's offerings? Nope. SANS? Too technical. CompTIA? Not really. EC-Council? Don't even get me started. This is why the CISSP has stood the test of time. Could it be better? Absolutely.

E Double U

Did it help you improve at work? It helped me understand our CISO's language and to get the bigger picture. Studying for the cert combined with experience in my current role allowed me to think of security as more than just the firewall and proxy.

Do you believe there are better security certs? There are better certs for specific areas. CCNP Security was better for my understanding of the Cisco devices that I manage. GCIH was better for understanding attack techniques.

Is CISSP the gold standard for security certs? The best that I've experienced so far.

renacido

I see the question, "What is the best security cert?" all the time and the answer is:

The cert most requested in job postings for the type of security work YOU want to do is the best security cert for YOU.

Note that this may not be the most technical, or hardest, or highest level cert that is relevant.

Read job postings for positions you want and note the qualifications (not just the certs) and go after those.

User2097

Heck Ya. Working for the US Govt allows me to be a LVIII Manager and work in the Cyber field. It really depends on your other stuff, luck, people you know, where you work and etc and etc. Just think the other way around. Is it not worth getting the CISSP and justify from there.

dustervoice

for most infosec job roles now CISSP is the only required cert to have anything else is just nice to have. When i didn't have CISSP and was seeking employment i would be lucky if i received 1 call per day. the moment i became certified i would get round 24 calls per day. so cissp is worth having. people who bash the cert are hackers who think security is all about breaking into unpatched systems.

Danielm7

The problem that a lot of people have is that the CISSP is very general. You shouldn't require it for forensics, or pen testing, etc. Saying, "The best security cert" is like says "the best IT cert" or "the best server cert" when there are too many variables. For general / overall security, the CISSP is great, but it isn't going to make you a hacker/researcher/etc like some people might want to believe.

For ROI, it's great. I self studied, used a lot of free training, a book and some paid quiz engine, under $700 total. The day I added it to my linkedin the number of job listings being suggested went way up, and recruiters for higher level positions that didn't pay attention before. And now that my contract at work is coming up for renewal they are scrambling to change my title/salary because they know my market value has gone up.

This argument is like the "college degrees don't matter" one. The people saying it's pointless have almost always been in IT for 10+ years with a lot of connections. For certain certs, if you already have the skill set and a job that utilizes it, you're in a much different position than someone trying to get into that specialty, so it's easy to say that the cert isn't needed.

TheFORCE

Anything that gives you a pay increase of 20k, is worth it to me. It might not be worth it to others, but everyone has their standards. The people that complain about it are usually the ones that fear competition. Degrees and certificates creates more competition and CISSP is one that has done that for many years.

636-555-3226

It's worth it to me for a few reasons.

1 - 99% of the people I know who took it said it was a tough test they're glad they prepared for. If it's a tough test for 99% of people (from my admittedly small sample), then I can't see how it's worthless in terms of testing your knowledge.

2 - CISSP is well recognized in the HR and InfoSec field. If I have two identical candidates that are the exact same but one has his CISSP and the other does it, I'll pick the guy with it.

3 - For me at least, **willingly** studying for and taking the test indicates you're willing to learn and absorb new material and challenge yourself to see if you've gained some knowledge

4 - Certs always seem to add up to a bit more $$ in the long run.

havoc64

I would say it's worth it for me as well....but I have only had it since Feb of this Year...passed the test, November of 2015.

I have been in the IT realm since the early 80's...yes...Sperry Univac systems. I have worn many hats in the IT world, and even owned a PC store in Michigan, Mega-Bite Computers in the Upper Peninsula. I would say that since the late 1990's I have been more focused on IT Security, AD and Network Engineering.

Did I need the certification to help me find a job?, No. Did I need it to keep a job?, No. Has it helped me move forward in my career?, Yes.

It also has given me some additional benefits, that I wasn't ready for. I have always been respected in the field, by my peers. The CISSP only heightened that respect and when I hand my Business Card to people now, a majority of them mention the CISSP. IT has opened doors to meeting like minded individuals in the field and that has been well worth it alone.

Just my three cents...

Mike

cwelber

I think it's valuable for a couple of reasons:

1. You have to sign a code of ethics and agree to abide by white-hat rules.
2. It's an advanced test to study for and pass (this is a good experience).
3. A lot of great technical infoSec folks don't understand the management side of things which CISSP gives you. CISSP's are probably more respected by upper management too.
4. It was mentioned in my yearly review and possibly resulted in increased compensation.
5. I continue to study the Combined notes on a weekly basis even know I'm already a CISSP, I'm trying to commit the 50+ document to memory which I feel is a good tool as well.

I think most people who look down on the CISSP cert don't have it or failed the test. It really helped me grasp the 30,000 foot view of Infosec.

I have 22 out of 30 credits for my Cybersecurity masters (MSc) which is my next goal certification / education wise. After that rather then hitting the super technical (and very expensive SANS certs), I'm leaning towards more soft skills like perhaps a psychology degree which is the direction I want to go in.

I don't post often, but I am grateful to the combined notes and convinced it played a big part in my CISSP pass last September.
In the end the best thing for a career is "Experience."

cyberguypr

White hat rules? Hmm... I remember selectively skipping that section

renacido

Danielm7 wrote: »

This argument is like the "college degrees don't matter" one. The people saying it's pointless have almost always been in IT for 10+ years with a lot of connections. For certain certs, if you already have the skill set and a job that utilizes it, you're in a much different position than someone trying to get into that specialty, so it's easy to say that the cert isn't needed.

This is a very good point. If you have 10+ years of experience and the references to back it up, you don't need either degrees or certifications to land jobs that supposedly require those. You may run into an HR manager who is a stickler to their metrics if you don't have the degree or certs they "require" but if you at least get an interview it will no longer be an issue - the hiring manager will tell HR "I don't care what the job ad says, this person is qualified," and that's that. But until you have a lot of work experience, the degree and certs matter more because those are your qualifications.

Clm

Dustervoice you just brought a tear to my eye that's what I been saying for a while now. Pen testers are important but there is more to Security then just breaking people stuff

cyberguypr

As a blue team guy, this hits home.

beads

Over the many years of being in the industry you'll see many posts like these and for the most part - for good reason. I side more on the 'Lisa Simpson' reply in the linked InfoSec article and have since the first time I read long time ago.

Basically I see way too many people who have outright lied about there backgrounds to take the exam; the ISC(2) is guilty of over promotion and over simplified the ability to obtain the credential; Lazy hiring managers and HR requiring a manager level certification for "entrye level" positions dealing with basic administration of boxes. Really? You think you need a CISSP to configure a firewall?

Last, the CISSP like many other exams will always be worth more to those without the credential than to those with the credential.

Oh and my favorite question? How hard did you find the CISSP? Those who give me the comparable to childbirth or other similar ordeal never seem to work out well in the field do to a lack of experience. Other extreme would be those with too much experience already and have either been 'forced' or feel the need to finally take the exam because its easier than arguing with HR whether or not you have the necessary skills to configure a piece of equipment you've been actively working with for 20 years.

Had mine for going on nine years. Still feel forced to renew whenever I hear: 'Is your CISSP current..?'

Ugh!

- b/eads