Do I need a CISSP to obtain a position in Cyber Security?

Now that I've been working in I.T. for almost 2 years now as a Technology Support Specialist/ Network Analyst and I have my Bachelors in I.T. Management, I've found that I am very interested in security. I really would like to get a job in security, but I found out to even qualify to sit for the CISSP exam, I need at least 5 years of security experience or 4 years with a 4-year degree; I have the degree, but not the experience.

And I also need a sponsor that already has a CISSP, and I know of no one with a CISSP

How do I go about preparing myself to get my foot in the security door?.. if I were to apply for entry-level security jobs will I be required to have a security certification?... I'm curious. Thanks for any feedback.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

powerfool

Many jobs that do list a requirement for CISSP allow you to begin work and create a contingency that you must attain the certification within X amount of time (6 mo. to a year, usually). I went through this for a DoD 8570 position and they paid for my training and the exam. As others have stated, the Associate of ISC2 is fine for that purpose, too. Keep in mind that the "bar" for meeting those requirements isn't really that high, either. If you have a BS (or higher) or a higher end vendor cert (or other security cert), that five year requirement can drop to four years. Plus, it is really easy to justify what meets the various domains' requirements. Have you worked with file system or network ACLs? Congratulations, you have met a requirement. Now you just have to find a few more and do that for a few years, and you are golden.

Speaking of which, I am behind on my AMFs... gotta get those paid up this year.

ArabianKnight

I see many positions requiring IAM III status, and per DOD 8570 reqs, getting an assc of CISSP meets those quals but you cannot say that you have CISSP? There has to be a way they can verify it without you advertising or telling them you have assc of CISSP, because we know it is against the rules to say you do...

bpenn

ArabianKnight wrote: »

I see many positions requiring IAM III status, and per DOD 8570 reqs, getting an assc of CISSP meets those quals but you cannot say that you have CISSP? There has to be a way they can verify it without you advertising or telling them you have assc of CISSP, because we know it is against the rules to say you do...

This was me. I took the CISSP a year earlier than my experience allows and acquired the Associate status to fulfull my 8570 requirements. On my resume I explicitly state IAT/IAM Level 3 (Associate of ISC2). That seems to be good enough though recruiters are always confused.

powerfool

ArabianKnight wrote: »

I see many positions requiring IAM III status, and per DOD 8570 reqs, getting an assc of CISSP meets those quals but you cannot say that you have CISSP? There has to be a way they can verify it without you advertising or telling them you have assc of CISSP, because we know it is against the rules to say you do...

You just give them your ISC2 certification number and you could provide your exam results (there is nothing stopping you from disclosing that).

emerald_octane

The thing about the CISSP is that everyone has heard about it, read about it, something or another. So, if you've ever hired for an infosec position, particularly one that lists a CISSP as a good quality, you start to see interesting things in order for people to hit that keyword on their resume. For instance out of a stack of, say, 50 resumes, depending on the job level (mid level, senior etc) i have never seen a stack that had more than a handful, say 2 or 3 who are actually bonafide CISSPs. Lack of certified applicants , I suspect, is not a function of industry, salary or location (stable industry in desirable location generally paying above six figures) as much as it is the scarcity of these candidates in the first place. 10 or so of those will have something in the resume to trigger the keyword. "Taking CISSP Classes." "Familiar with CISSP CBK" all things i've seen. Nothing wrong with stating this, however in my mind i'm wondering well, what happened with the exam? Did you take it and fail? Did you ever plan to take it at all? Its like the CCIE. Yeah you've labbed for the past 4 years of your life but how did you do on the exam (both written and lab).

Basically what i'm saying is, from my experience in dealing with candidates, a requisition listing CISSP as a nice to have will have very few candidates who are actually CISSPs. Thus one may seek more interest in the certified candidate as long as the rest of their resume is reasonable. Not all CISSPs who apply to a req will be interviewed, but their resume will be reviewed closely. Likewise, the best candidate may not be certified at all, but may demonstrate desirable traits through the resume and interview.

OctalDump

Danielm7 wrote: »

When I sit in large meetings and people go, "oh you're in security, have you heard about X big company breach?" The retort of "sorry that isn't technical enough for me to care" doesn't really fly.

I wish for the job where that would fly. "Why must I be surrounded by idiots?"

New2ITinCali

Thanks for your advice, Cyberpr! I'm not even sure I'm set on security, but it does interest me a whole lot! If I were to climb the ladder and end up as a Network Administrator, I still think having a security background would be very beneficial.

New2ITinCali

Thanks to everyone for all your great advice! I really like security and I became even more intrigued once I suscribed to Cybrary- there's so much good info. On that site. What I do now is still mostly technical support besides configuring switches and some telecommunications stuff (VoIP). I like my job and I'm getting a little taste of just about everything (network wise), but security has really peaked my interest more than anything else.