Options
Do I need a CISSP to obtain a position in Cyber Security?
Comments
-
Options
powerfool
Member Posts: 1,666 ■■■■■■■■□□
Many jobs that do list a requirement for CISSP allow you to begin work and create a contingency that you must attain the certification within X amount of time (6 mo. to a year, usually). I went through this for a DoD 8570 position and they paid for my training and the exam. As others have stated, the Associate of ISC2 is fine for that purpose, too. Keep in mind that the "bar" for meeting those requirements isn't really that high, either. If you have a BS (or higher) or a higher end vendor cert (or other security cert), that five year requirement can drop to four years. Plus, it is really easy to justify what meets the various domains' requirements. Have you worked with file system or network ACLs? Congratulations, you have met a requirement. Now you just have to find a few more and do that for a few years, and you are golden.
Speaking of which, I am behind on my AMFs... gotta get those paid up this year.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
Options
ArabianKnight
Member Posts: 278 ■■■□□□□□□□
I see many positions requiring IAM III status, and per DOD 8570 reqs, getting an assc of CISSP meets those quals but you cannot say that you have CISSP? There has to be a way they can verify it without you advertising or telling them you have assc of CISSP, because we know it is against the rules to say you do...
-
Options
bpenn
Member Posts: 499
ArabianKnight wrote: »I see many positions requiring IAM III status, and per DOD 8570 reqs, getting an assc of CISSP meets those quals but you cannot say that you have CISSP? There has to be a way they can verify it without you advertising or telling them you have assc of CISSP, because we know it is against the rules to say you do...
This was me. I took the CISSP a year earlier than my experience allows and acquired the Associate status to fulfull my 8570 requirements. On my resume I explicitly state IAT/IAM Level 3 (Associate of ISC2). That seems to be good enough though recruiters are always confused."If your dreams dont scare you - they ain't big enough" - Life of Dillon -
Optionspowerfool
Member Posts: 1,666 ■■■■■■■■□□
ArabianKnight wrote: »I see many positions requiring IAM III status, and per DOD 8570 reqs, getting an assc of CISSP meets those quals but you cannot say that you have CISSP? There has to be a way they can verify it without you advertising or telling them you have assc of CISSP, because we know it is against the rules to say you do...
You just give them your ISC2 certification number and you could provide your exam results (there is nothing stopping you from disclosing that).2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
Options
emerald_octane
Member Posts: 613
The thing about the CISSP is that everyone has heard about it, read about it, something or another. So, if you've ever hired for an infosec position, particularly one that lists a CISSP as a good quality, you start to see interesting things in order for people to hit that keyword on their resume. For instance out of a stack of, say, 50 resumes, depending on the job level (mid level, senior etc) i have never seen a stack that had more than a handful, say 2 or 3 who are actually bonafide CISSPs. Lack of certified applicants , I suspect, is not a function of industry, salary or location (stable industry in desirable location generally paying above six figures) as much as it is the scarcity of these candidates in the first place. 10 or so of those will have something in the resume to trigger the keyword. "Taking CISSP Classes." "Familiar with CISSP CBK" all things i've seen. Nothing wrong with stating this, however in my mind i'm wondering well, what happened with the exam? Did you take it and fail? Did you ever plan to take it at all? Its like the CCIE. Yeah you've labbed for the past 4 years of your life but how did you do on the exam (both written and lab).
Basically what i'm saying is, from my experience in dealing with candidates, a requisition listing CISSP as a nice to have will have very few candidates who are actually CISSPs. Thus one may seek more interest in the certified candidate as long as the rest of their resume is reasonable. Not all CISSPs who apply to a req will be interviewed, but their resume will be reviewed closely. Likewise, the best candidate may not be certified at all, but may demonstrate desirable traits through the resume and interview. -
OptionsOctalDump
Member Posts: 1,722
When I sit in large meetings and people go, "oh you're in security, have you heard about X big company breach?" The retort of "sorry that isn't technical enough for me to care" doesn't really fly.
I wish for the job where that would fly. "Why must I be surrounded by idiots?"2017 Goals - Something Cisco, Something Linux, Agile PM -
Options
New2ITinCali
Member Posts: 184 ■■■□□□□□□□
Thanks for your advice, Cyberpr! I'm not even sure I'm set on security, but it does interest me a whole lot! If I were to climb the ladder and end up as a Network Administrator, I still think having a security background would be very beneficial. -
OptionsNew2ITinCali
Member Posts: 184 ■■■□□□□□□□
Thanks to everyone for all your great advice! I really like security and I became even more intrigued once I suscribed to Cybrary- there's so much good info. On that site. What I do now is still mostly technical support besides configuring switches and some telecommunications stuff (VoIP). I like my job and I'm getting a little taste of just about everything (network wise), but security has really peaked my interest more than anything else.
