Considering CISSP
Hello All,
I'm new to the boards. I've been debating starting the journey towards the CISSP certification. I meet all the requirements for the exam, so that's not an issue. I spent many years as a server administrator and now network engineer. My current certs include CCNP R/S, CCNA Sec, and a bunch from MS.
CISSP seems like a well respected certification to have. My goal is to focus on security, but since I'm a technical guy, I don't want to lose the hands on work. For that reason, I have also considered the CCNP Security. There's always the option of doing both, I suppose. I don't think it would make sense to approach both at the same time either.
I guess what I'm asking is, what is everyone's take on the certification? Is it more geared for managers, or will it benefit a technical person like me?
I'm new to the boards. I've been debating starting the journey towards the CISSP certification. I meet all the requirements for the exam, so that's not an issue. I spent many years as a server administrator and now network engineer. My current certs include CCNP R/S, CCNA Sec, and a bunch from MS.
CISSP seems like a well respected certification to have. My goal is to focus on security, but since I'm a technical guy, I don't want to lose the hands on work. For that reason, I have also considered the CCNP Security. There's always the option of doing both, I suppose. I don't think it would make sense to approach both at the same time either.
I guess what I'm asking is, what is everyone's take on the certification? Is it more geared for managers, or will it benefit a technical person like me?
Comments
-
Danielm7 Member Posts: 2,310 ■■■■■■■■□□There is technical info, but for security it's not really considered a very technical cert. With that in mind, many (most?) people get it as a resume builder / HR filter / experience validation more than them trying to learn new technical material. Now, the big question is will it benefit you, and it really depends on what you want to do going forward. If you've been in It for a long time and want to focus on security then most places will look at your resume and say, "has X years of experience in what we want, check, has CISSP already, check" etc.
-
mnashe Member Posts: 136 ■■■□□□□□□□Hi Daniel,
Thanks for reply. I knew it wouldn't be a true technical exam, like I'm familiar with taking. I don't mind that it's not technical, as long as I'm getting good info out of the exam content. I also understood it is good for resume filtering. Going forward, I want to be more of a network security engineer or if it exists "infrastructure security engineer" (configuring firewalls,ips/ids,waf, active directory security, multifactor authentication, etc). As of now, I don't want to learn web development languages.
At the same time, I want to be someone who contributes to what the security policies are and be able to give insight into investments that are made.
I hope this makes sense. -
Danielm7 Member Posts: 2,310 ■■■■■■■■□□Sure, that makes sense. I work with 2x Network security engineers, they do most of the things you mentioned minus the AD side. Every company is going to have different roles, I'm an information security engineer which means I have a lot of input on what the network team does but the role is more overarching into all the other groups too. Policy, vuln scanning, remediation, AV, systems, IR, auditing, etc. They're more just network guys who happen to handle a few security devices vs people concerned with overall security.
-
Clm Member Posts: 444 ■■■■□□□□□□CISSP has open alot of doors for me. Also it will go along way in DODI find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
Nabsh07 Member Posts: 72 ■■□□□□□□□□I agree CISSP is not a technical cert. If you are staying in the Cisco side of the shop (even with Security) I would stay with a Cisco Security cert.
If you want to go to more in the policy, risk or management side, then get CISSP. If you are in Govt, get CISSP. -
mnashe Member Posts: 136 ■■■□□□□□□□Thanks for the replies everyone
Daniel - Would you say your role is technical? The term "Information Security Engineer" is confusing to me. When I look at job boards, sometimes they are asking for technical requirements, and others seem more of auditing/creating policies
For me, job security is most important. If there is an area of security that helps in that area, then I'll at least want to attempt to learn it to see if there is an interest exists.
Other than that, I do like hands on tasks, but not looking to necessarily be tied to a single vendor. One of my responsibilities is running Nessus scans. I run the scans and resolve the network vulns, but pass the rest to the other teams. I just upgraded to Tenable Security Center last week.
I've also looked at GIAC certifications, as they seem interesting. They are also hard to study for, without taking the course. At least with CISSP, there is a lot of good self study material. I also want to go through the CEH material, even if I don't take the certification.
Another question I have for everyone is, after you passed the CISSP, what areas did you continue learning in?
Just FYI, I'm not in a government position. I also have no college education, but have many years in IT. -
Danielm7 Member Posts: 2,310 ■■■■■■■■□□Yes, my job is almost completely technical, I do have a bunch of time in meetings too but very little policy writing and such. Titles mean almost nothing, we just had a big title shuffling a bit ago and I went to IT security engineer, same job, someone in HR needed to make it more clear who was in IT or something silly. You'll find people who have the analyst title and are pen testers. We have a "security manager" who had the title before our security dept was even created, she does SOX compliance, still called security manager.
-
mnashe Member Posts: 136 ■■■□□□□□□□Interesting. Do you mind sharing what your day-to-day tasks are in a little more detail?
I still think I want to complete the CISSP, but I know I'll need more than that to be successful. Any advice on areas to focus would also be appreciated
Thanks for taking the time to answer all my questions. I appreciate it