Is the CISSP worth it at this point in my career?

atippett

So, currently I'm a senior in college interning as a network engineer. I passed the Sec+ easily, only studying for about a month, about 1-2 hours a day. By the way, my major is cybersecurity. I was talking to a senior network engineer the other day and he said he was studying for the CISSP, since he just got his Masters in cybersecurity. So the question came up, "You're majoring in cybersecurity young intern, why don't you get your CISSP Associate?"

Well, we had a conversation about it and what not. My argument was that the CISSP looks to me almost like a Masters degree - the jobs that require that cert are jobs that require 7+ years of experience. Obviously, being a senior in college, I don't have that experience. He was telling me that if I got the CISSP Associate at such a young age then that would show potential employers that 1. I know what I'm doing and don't just have book knowledge 2. I'm somebody that will put forth the effort needed to get things done (seeing as the CISSP is such an advanced cert).

What do you guys think? Is it pointless at this point in my career?

Danielm7

He was telling me that if I got the CISSP Associate at such a young age then that would show potential employers that 1. I know what I'm doing and don't just have book knowledge 2. I'm somebody that will put forth the effort needed to get things done (seeing as the CISSP is such an advanced cert).

Completely disagree with #1, it shows them that you only have book knowledge. How would having zero working security experience and studying a book show that you have more than just book knowledge?

Also, it's not a "CISSP Associate", you can't even write that on your resume. It's an "Associate of ISC2" which almost no random hiring manager knows what that means, which is the whole reason why you're doing this in the first place.

You're an intern in college, why not focus on actually learning skills that will help you do the job you want? When you have more IT experience then look into the CISSP, it's for people with 5+ years of actual security experience, not a door opener for your first job.

atippett

Danielm7 wrote: »

Completely disagree with #1, it shows them that you only have book knowledge. How would having zero working security experience and studying a book show that you have more than just book knowledge?

Also, it's not a "CISSP Associate", you can't even write that on your resume. It's an "Associate of ISC2" which almost no random hiring manager knows what that means, which is the whole reason why you're doing this in the first place.

You're an intern in college, why not focus on actually learning skills that will help you do the job you want? When you have more IT experience then look into the CISSP, it's for people with 5+ years of actual security experience, not a door opener for your first job.

Alright, so you're agreeing with me. I don't understand the hostility? And also, "not a door opener for your first job" is false. Any IA/cyber position where I work requires the CISSP or equivalent. And also again, "having zero working security experience" is false. My job requires me to config firewalls, design networks SECURELY and more. So the only thing you "helped out" with this question was that I can't put CISSP Associate on my resume.

TechGuru80

Go for a technical certification because that's the type of job you will end up in after school. This network engineer obviously is forgetting earlier in their career and what allowed them to advance. The CISSP won't be too valuable until you can actually claim it...so 4 years experience with your degree.

atippett

TechGuru80 wrote: »

Go for a technical certification because that's the type of job you will end up in after school. This network engineer obviously is forgetting earlier in their career and what allowed them to advance. The CISSP won't be too valuable until you can actually claim it...so 4 years experience with your degree.

Which technical certification do you think? C|EH maybe? CCNA Security since I'm already doing networking?

cyberguypr

Where's beads when you need him?

atippett

TechGuru80 wrote: »

Go for a technical certification because that's the type of job you will end up in after school. This network engineer obviously is forgetting earlier in their career and what allowed them to advance. The CISSP won't be too valuable until you can actually claim it...so 4 years experience with your degree.

Keep in mind that the C|EH holds no value for the DoD, that's who I work for. Any cyber job requires the CISSP or Associate.

PJ_Sneakers

If you have the prerequisite of five verifiable full-time years of paid work experience in two of the CISSP domains (minus one year if you have a degree), go ahead and take it.

If getting Associate of (ISC)2 checks the box for CISSP in the DoD's eyes and you plan on working for the DoD, go ahead and take it.

If you don't have the prerequisites to get CISSP, and Associate of (ISC)2 won't be of use to you, don't take it. Go after another certification that interests you.

NetworkNewb

atippett wrote: »

Alright, so you're agreeing with me. I don't understand the hostility? And also, "not a door opener for your first job" is false. Any IA/cyber position where I work requires the CISSP or equivalent. And also again, "having zero working security experience" is false. My job requires me to config firewalls, design networks SECURELY and more. So the only thing you "helped out" with this question was that I can't put CISSP Associate on my resume.

I don't think he meant any hostility. Just that in public sector passing the CISSP exam before you have the experience, just getting your Associate of ISC2, won't help you much.

Sounds like CCNA Security would be right up your alley though! Assuming network security is an area your looking to get into that is. CCNA R/S might be good as well though. Orrr maybe the new CCNA Cyber Ops that is just coming out... If you haven't registered for Cisco Cyber Scholarship program that might be an interest to you. Possible free training and certification

Ertaz

cyberguypr wrote: »

Where's beads when you need him?

I'm quite sure he'll be a long shortly.

My nickel on the issue:

It depends on what route you want to take in cyber security. Since you've got your SEC+ that's a good foot in the door for a lot of entry level positions. eJPT/OSCP are good if you want to get started on the offensive side. DOD really likes the CASP for a lot of positions. It doesn't have an experience requirement, has a much more technical lean than the CISSP, and I found it to be a more difficult exam.

Cyberscum

Nah, if I was you I would focus on women and booze at this point.

NetworkNewb

Cyberscum wrote: »

Nah, if I was you I would focus on women and booze at this point.

Think he makes a good point

/endthread

Danielm7

NetworkNewb wrote: »

I don't think he meant any hostility. Just that in public sector passing the CISSP exam before you have the experience, just getting your Associate of ISC2, won't help you much.

Correct, sorry if you're taking my input as hostile, not intended. You said you were a college student working as an intern talking to someone who is a Sr network engineer who is studying for the CISSP, calling you "young intern". All of those things tend to point to the very start of a career in IT.

I still stand by the point that passing the CISSP doesn't show more than book knowledge, I've taken it, as have lots of people here, you can easily pass it with a lot of all book study, that was my point.

slim27joint

atippett wrote: »

Keep in mind that the C|EH holds no value for the DoD, that's who I work for. Any cyber job requires the CISSP or Associate.

Wrong, CEH covers almost all of CND in DoD according to 8570/8140, plus CASP would suffice instead of CISSP. You should try going for certifications that line up with your experience and what you're trying to accomplish. If I were you, I would aim for CCNA next. Then again, if someone is willing to pay for you to take the CISSP exam, do it!

jamesleecoleman

Why not go for the SSCP? You'll need way less experience as far as time goes. eJPT is a good certification course to go through if you're a little interested in Pentesting. It's a tools based exam where you answer questions. I'm thinking about going for the CISSP but I also don't have the experience. 5 (4) years is a long time before you possibly qualify for the CISSP letters. There's nothing wrong with studying for it but why not go for something else?

atippett

slim27joint wrote: »

Wrong, CEH covers almost all of CND in DoD according to 8570/8140, plus CASP would suffice instead of CISSP. You should try going for certifications that line up with you're experience and what you're trying to accomplish. If I were you, I would aim for CCNA next. Then again, if someone is willing to pay for you to take the CISSP exam, do it!

Well yes, but CND isn't entry level. I should've been more specific on that. And CCNA R&S or CCNA Security? And I've also heard that CASP is actually a tougher exam than the CISSP

atippett

jamesleecoleman wrote: »

Why not go for the SSCP? You'll need way less experience as far as time goes. eJPT is a good certification course to go through if you're a little interested in Pentesting. It's a tools based exam where you answer questions. I'm thinking about going for the CISSP but I also don't have the experience. 5 (4) years is a long time before you possibly qualify for the CISSP letters. There's nothing wrong with studying for it but why not go for something else?

The SSCP cert is equal to the Sec+ in DoD eyes. I'm kinda looking to get a higher level cert than the Sec+. I may look into the eJPT

slim27joint

atippett wrote: »

Well yes, but CND isn't entry level. I should've been more specific on that. And CCNA R&S or CCNA Security? And I've also heard that CASP is actually a tougher exam than the CISSP

You're not being confident enough! You can easily grab a cyber position, with Sec+, CEH and a decent understanding of the OSI model, common attacks, and simple countermeasures.

Both. As far as CASP vs CISSP, that just a matter of opinion. I did like the content on CASP, but it was only 75-80 questions, plus it's not really difficult to pass. CISSP took far more time and focus, and it's 250 questions.

slim27joint

atippett wrote: »

The SSCP cert is equal to the Sec+ in DoD eyes. I'm kinda looking to get a higher level cert than the Sec+. I may look into the eJPT

You should try looking at it from a different point of view. SKILLS, should trump everything. When you possess the SKILLS to do what a company requires and demands plus some, you'll become very valuable. Certifications are just icing on the cake and to make you look good on paper. You already possess Sec+ which is the standard to get you in the door.

beads

cyberguypr wrote: »

Where's beads when you need him?

Just makes atippett look like 90% of all CISSPs out there. Lots of certs, no experience and wondering why no one has given them the keys the executive suite two days after graduating with their master's in "security".

Give me people who have careers in IT first, then go into "security".

See the following link: Farce | Define Farce at Dictionary.com

cyberguypr

There he is! Now my Friday is complete

LOL

fitzlopez

atippett wrote: »

The SSCP cert is equal to the Sec+ in DoD eyes. I'm kinda looking to get a higher level cert than the Sec+. I may look into the eJPT

If you already did the Sec+ I would consider the CASP . For the maintenance fees alone it's cheaper than the CISSP. With the Sec+ you need $50 a year for it, if you add the CASP it's still $50 a year for both. If you have the CISSP that's $85 extra a year .

Or maybe you could try the new CompTIA Cybersecurity Analyst (CSA+), it all depends on the stuff you want to do.

Once you have the experience go for the CISSP, just the studying for it is quite the experience. If you already have the Sec+ I wouldn't recommend the CEH, you should aim for something harder.

atippett

slim27joint wrote: »

You should try looking at it from a different point of view. SKILLS, should trump everything. When you possess the SKILLS to do what a company requires and demands plus some, you'll become very valuable. Certifications are just icing on the cake and to make you look good on paper. You already possess Sec+ which is the standard to get you in the door.

Nah man, not me. Actually I've been a Python TA for about 2 years, quit that job for this intern in network engineering. So, I have my experience in "IT". Sorry you know nothing about me and now you look like an idiot. And I can promise you that the senior engineer that suggested this to me is a lot smarter than you. If people my age shouldn't be allowed to take the CISSP (as you are implicitly saying) why would they make an Associate? And I can promise you, the people at The International Information System Security Certification Consortium are a lot smarter than you.

atippett

beads wrote: »

Just makes atippett look like 90% of all CISSPs out there. Lots of certs, no experience and wondering why no one has given them the keys the executive suite two days after graduating with their master's in "security".

Give me people who have careers in IT first, then go into "security".

See the following link: Farce | Define Farce at Dictionary.com

Noticed your occupation says "Director of Networks and Security" ??? weird title to me. I'm just wondering how a DIRECTOR has time to sit on a forum at any point of the day (hmmm seems like you're not a director to me.) Also, you're located in Chicago. There is no DoD in Chicago. Therefore, if you would try to get into the DoD, you would start out as AT MOST a Lead. Sorry, but the private sector stands no ground to government.

If I would come to "your" organization, if you even have a job, I would probably start out as an engineer II. Sorry, once again it doesn't stand up to government.

Cyberscum

atippett wrote: »

Sorry, but the private sector stands no ground to government.

Now I know for sure that you have no clue what you are talking about.

Stick to women and booze.

slim27joint

atippett wrote: »

Nah man, not me. Actually I've been a Python TA for about 2 years, quit that job for this intern in network engineering. So, I have my experience in "IT". Sorry you know nothing about me and now you look like an idiot. And I can promise you that the senior engineer that suggested this to me is a lot smarter than you. If people my age shouldn't be allowed to take the CISSP (as you are implicitly saying) why would they make an Associate? And I can promise you, the people at The International Information System Security Certification Consortium are a lot smarter than you.

I think you misunderstood what I was trying to convey. I'm not quite sure how you came to the comment above, but it's ok everyone is entitled to their opinion. Only you know if it's something you want to do, despite what information all others including myself post. If you want to take the exam by all means do so. If not, that's fine too press on with something else. Which ever decision you make, best of luck to you.

beads

@atippet;

Clearly with all those many years of industry... err academic experience you must know as much or more than the collective wisdom of this board having not yet graduated your undergraduate studies - kudos! We relinquish our misbegotten ways to you oh lord of logical misconstructs.

In your haste to prop yourself up you have just accused fitzlopez in a wonderfulad hominem and straw man attack all while missing the point of the argument(s). There are several that seem to be going way over your head but yet you allude to above. The CISSP was designed for the mid level career security practitioner to display their experience and mastery of the 10 now 8 security domains with five years (minus one for a bachelor's degree).

In our haste to expand the ranks of the CISSP designation and "satisfy" the market, in this case DOD, the ISC(2) has every increasingly turned a blind eye to the quality of the exam taker to basically allowing anyone, anywhere who can pass the exam, which isn't hard in the first place, to suddenly become a "CISSP". What fitzlopez was suggesting were the more technical exams requiring less experience and more actual knowledge to pass. And truth be told probably better exams than the CISSP. As an added benefit the maint on those exams is considerably less. Problem with the competitors is that they didn't exist when the DOD formalized the 8570. Before that, hardly anyone outside of security ever heard of the exam - let alone cared. Of course, you knew all this going into the field in the first place so on behalf of entire body of Tech-Exams contributors, please accept our sincere apologies.

For the record this board is loaded with folks with far more experience and many, many degrees in many different fields. Everything from AAS to numerous Ph. D.s in everything from History to Computer Science. We got your heavily lauded "IT" experience as an unpaid "TA". So you should be good but remember to add to your experience that you have extensive physical experience working behind locked doors and securing the refrigerator door. Those are also valid pathways to the CISSP and your first multi-six figure position.

We'll be keeping the keys to the executive washroom in the top draw till you arrive. Of course the paint on your parking space will still need to dry a few more hours. Just look for the CISSP tag with your name on it. That one is yours.

Can you tell its Friday? You think this is bad you should read my LinkedIn Inbox.

- b/eads

cyberguypr

atippett wrote: »

Sorry, but the private sector stands no ground to government.

Most famous quote from OPM, NSA, IRS security teams.

Edit to add that I am at a very boring forensic training right now and am having a blast following this thread. Thanks beads and gang for keeping me awake.

atippett

Cyberscum wrote: »

Now I know for sure that you have no clue what you are talking about.

Stick to women and booze.

You're an idiot if you think so. You won't even be considered for an engineer position without a Masters. If you go to anywhere else, they'll praise you like you're God.

Cyberscum

atippett wrote: »

You're an idiot if you think so. You won't even be considered for an engineer position without a Masters. If you go to anywhere else, they'll praise you like you're God.

Now I know for sure you have no idea what you are talking about X2

Danielm7

https://en.wikipedia.org/wiki/How_to_Win_Friends_and_Influence_People