Move to InfoSec - CISSP - good move ?
Hi,
I am still making my mind up regarding this certification, I used to work for almost 7 years as Embedded Software engineer in the telecommunication industry but I am now working in the as a system administrator by a few months, I am not enjoying it very much - I am looking after an AWS infrastructure, and even though Amazon is astonishingly powerful it strips out all the interesting bits and the required work seems to be quite mechanical from a technical standpoint, for these reasons I was looking to move in the InfoSec industry, but I haven't gained any formal experience in this field.
I have some newbye question
Recently I was looking for a CISSP course but I have found them to be VERY expensive, I was asked 2500 GPB (I am in London) for a five days course !As far as I am aware many of you guys in this forum have chosen a self study path, am I correct ? In your views does it make more sense to go for an SSCP course to say more in the technical side ?
The test looks quite difficult judging from the comments on the forum and the description of many of you about their preparation, is it THAT difficult or it is the amount of topics being covered that makes it so difficult ?
I am more than aware that a single truths isn't in place for such question : is it worth the effort ? I am working in London at the moment, are there opportunities around or do you think it is better to be in the pure software development side ?
Thanks a lot.
I am still making my mind up regarding this certification, I used to work for almost 7 years as Embedded Software engineer in the telecommunication industry but I am now working in the as a system administrator by a few months, I am not enjoying it very much - I am looking after an AWS infrastructure, and even though Amazon is astonishingly powerful it strips out all the interesting bits and the required work seems to be quite mechanical from a technical standpoint, for these reasons I was looking to move in the InfoSec industry, but I haven't gained any formal experience in this field.
I have some newbye question
Recently I was looking for a CISSP course but I have found them to be VERY expensive, I was asked 2500 GPB (I am in London) for a five days course !As far as I am aware many of you guys in this forum have chosen a self study path, am I correct ? In your views does it make more sense to go for an SSCP course to say more in the technical side ?
The test looks quite difficult judging from the comments on the forum and the description of many of you about their preparation, is it THAT difficult or it is the amount of topics being covered that makes it so difficult ?
I am more than aware that a single truths isn't in place for such question : is it worth the effort ? I am working in London at the moment, are there opportunities around or do you think it is better to be in the pure software development side ?
Thanks a lot.
Comments
-
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□Boot camps that last short periods of time are always going to be fairly expensive compared to video courses and books. If you have no InfoSec experience that would be a bad idea right now. The CISSP is meant for managers and having not worked in the field that would not be a good place to start.
What level is your knowledge? Do you have a good understanding of how networks work? Are you proficient with Windows and Linux to be a system administrator or very skilled at least? If you don't have much of that knowledge...starting with Network+ and Security+ would be best...SSCP could follow that. -
Mike7 Member Posts: 1,107 ■■■■□□□□□□I am working in London at the moment, are there opportunities around or do you think it is better to be in the pure software development sideI am looking after an AWS infrastructure, and even though Amazon is astonishingly powerful it strips out all the interesting bits and the required work seems to be quite mechanical from a technical standpoint
Not sure about London, many companies are moving to the cloud and cloud professionals are in high demand. Why not build up your cloud skills at your current job role? AWS has a few certifications that you can look into.
Once you have built your cloud knowledge and want to move into infosec, you can look at CCSK and CCSP certifications. CCSP is from the same organisation( ISC2) that issues the CISSP cert. From CCSP, you can move to CISSP.
For software development security, there is CSSLP certification also from (ISC)2 which may be more relevant given your software experience -
pedr0 Registered Users Posts: 3 ■□□□□□□□□□TechGuru80 wrote: »Boot camps that last short periods of time are always going to be fairly expensive compared to video courses and books. If you have no InfoSec experience that would be a bad idea right now. The CISSP is meant for managers and having not worked in the field that would not be a good place to start.
What level is your knowledge? Do you have a good understanding of how networks work? Are you proficient with Windows and Linux to be a system administrator or very skilled at least? If you don't have much of that knowledge...starting with Network+ and Security+ would be best...SSCP could follow that.
I am reasonably proficient in computer networks, I hold a degree in CS and I have been working writing access gateways' firmware or writing automate tests for networking equipment for five years, it is never enough though.
It might be better to find a job in the field and then proceed for a qualification. -
pedr0 Registered Users Posts: 3 ■□□□□□□□□□As a hiring manager, I probably will not hire someone with the certification but without the relevant job experience.
Amazon is very powerful and I assume the architecture/migration/operational portion of it is so well done that the SA (i.e. you) have nothing much to do. If you are to migrate a company to AWS cloud, will you be able to do something similar? Do you have the necessary knowledge and experience to do it?
Not sure about London, many companies are moving to the cloud and cloud professionals are in high demand. Why not build up your cloud skills at your current job role? AWS has a few certifications that you can look into.
Once you have built your cloud knowledge and want to move into infosec, you can look at CCSK and CCSP certifications. CCSP is from the same organisation( ISC2) that issues the CISSP cert. From CCSP, you can move to CISSP.
For software development security, there is CSSLP certification also from (ISC)2 which may be more relevant given your software experience
I do not want to go that way, AWS makes you compete with people who do not actually know how a computer system works, and they do not need to, since the tools in use are simply handling all the most difficult bits, it is my personal view but despite the current high demand I am not sure such a path could pay off. It may if combined with a more skilled technical or management role as a complement it, it not enough in a long time perspective.
CCSP, SSCP, CCSK ? Are they actually requested by the job market ? It seems the CISSP certification is the really "upgrading" certification, am I wrong ? -
Pmorgan2 Member Posts: 116 ■■■■□□□□□□CCSP, SSCP, CCSK ? Are they actually requested by the job market ? It seems the CISSP certification is the really "upgrading" certification, am I wrong ?
There are dozens of security specialties to consider for information security. To name a few:
- Applications Security
- Network Security
- Cryptography
- Risk Management
- Environmental Security
- Cloud / Data security
- Legal Compliance
- Forensics
With your background, application security, data security, or cryptography may be a big draw. I would expect those to be in high demand, although I've never done research on them. Check deeper to see what you might be interested in. There's a certification for almost everything security related, and that might be a better place to start than CISSP. Unless Risk Management and Governance is where you'd like to start.2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist