Is the CISSP worth it at this point in my career?

So, currently I'm a senior in college interning as a network engineer. I passed the Sec+ easily, only studying for about a month, about 1-2 hours a day. By the way, my major is cybersecurity. I was talking to a senior network engineer the other day and he said he was studying for the CISSP, since he just got his Masters in cybersecurity. So the question came up, "You're majoring in cybersecurity young intern, why don't you get your CISSP Associate?"

Well, we had a conversation about it and what not. My argument was that the CISSP looks to me almost like a Masters degree - the jobs that require that cert are jobs that require 7+ years of experience. Obviously, being a senior in college, I don't have that experience. He was telling me that if I got the CISSP Associate at such a young age then that would show potential employers that 1. I know what I'm doing and don't just have book knowledge 2. I'm somebody that will put forth the effort needed to get things done (seeing as the CISSP is such an advanced cert).

What do you guys think? Is it pointless at this point in my career?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dhay13

I think you are taking this wrong and it has led to a combative nature. The main point is, without the required experience to be a fully endorsed CISSP then it really is a waste of time. Outside of DoD 8570 nobody knows what Associate of ISC2 is. That being said, there are other certs that would likely be more beneficial to you until you have that experience. If you do meet the experience requirements then yes, absolutely take it. I don't think anyone here was berating you for not having the experience but it is the internet and things are sometimes taken out of context.

As far as a Masters to be in Engineer in the private sector? I don't think so. I am currently in the private sector and work with some very intelligent IT folks but many don't even have a B.S. Not that that is a dig on them, just saying it isn't a requirement. I have a B.S. and several years of experience and I often learn something new from my teammates that don't have a B.S., even Engineers. But I would put them up against many much more 'qualified' folks any day.

Good luck on your decision and don't take this post as a dig against you or anyone else. Just trying to be informative and quasi-referee here

PJ_Sneakers

Trust him, he's with the Government.

jamesleecoleman

beads wrote: »

@atippet;

we relinquish our misbegotten ways to you oh lord of logical misconstructs.

lol!!!

No_Nerd

@atippet

Just so you are tracking.....
it is possible to be a director and do non director things with your time.
I opened a new café and expanded my business line downstream while in grad school full time.. the school was not online either it was a state school brick and motor.

and one more thing.... you are kind of a dick.... sometimes we need others to tell us things like this for professional/personal growth.

TranceSoulBrother

atippett wrote: »

You're an idiot if you think so. You won't even be considered for an engineer position without a Masters. If you go to anywhere else, they'll praise you like you're God.

Back in 1995 and before 2005, it was ok for noobs to come on forums and start fighting everyone and calling people names.
It's 2016 and you supposedly work IT for the DoD. So chill the hell up, listen and learn.

BTW, I work with the DoD (in uniform and in positions where we can write up about contractors and get things reviewed). Stop throwing the weight of the "DoD" around like you're some kind of silverback. Half of the damn contractors with any DOIM or NEC are idiots who are still learning. Y'all screw up far more than you fix and it's only the government job that's keeping you employed. In the civilian world that you denigrate, some of these idiots would be fired long before review time.

So you've come here to ask questions, don't pretend that no one aside from you or your smart engineer have any answers. Like others have said, start up the ladder gradually. CISSP as noted anywhere is a managerial cert, not terribly technical. You're not a manager yet, and there are other certs that would fulfill an 8570 role more directly beneficial to you than the CISSP (or even Associate of ISC2).

Read and learn around here. Stop throwing stones around.

TheFORCE

Read the title of this thread "....at this point in my career" and thought I'd read about some real experienced person. Then i came across the words, college and interning and thought to myself, what career is he talking about? What followed next was better

PJ_Sneakers

What this DoD employee did next will SHOCK you

TechGuru80

atippett wrote: »

Keep in mind that the C|EH holds no value for the DoD, that's who I work for. Any cyber job requires the CISSP or Associate.

That's actually not true...it depends on what level the job is classified per 8570...IAM, IAT etc. Most jobs are fine with security+ but if you get into a senior or management role then definitely the CISSP plays a role. If you are currently in networking then getting CCNA / CCNA:Security would be a decent combination just to cover your computing environment. Are you planning on staying DOD? If you are my advice usually is to max out the 8570 so C|EH and CISSP before you do anything else....that way you will not be eliminated based on 8570 requirements.

Cyberscum

To add to that. When I was interviewing for the global exploitation analyst position at the NSA they asked about the CEH even though I had CISSP.

I personally think it is useless, but there are plenty of DoD jobs that are looking for it.

There are more and more ISSM jobs asking for the CISSP/CEH combo.

thexfactor

Just curious, what is wrong with him taking the CISSP right now and getting it out of the way? He can always get his 4 years of experience (if he has a college degree).

You only need to have experience in 2 of the 8 domains not all 8 of the domains.

TechGuru80

thexfactor wrote: »

Just curious, what is wrong with him taking the CISSP right now and getting it out of the way? He can always get his 4 years of experience (if he has a college degree).

You only need to have experience in 2 of the 8 domains not all 8 of the domains.

It's not that there is anything "wrong"...especially in the situation of being in the DOD. Other companies rarely know what Associate of ISC2 means...and generally look for other certifications such as GIAC, Cisco, etc. because they aren't using a directive like the 8570 that they have to comply. Basically it's a matter of the most bang for the point in career...2-6 months of studying in other situations could be used to get a certification that will actually help in your current job or getting a different job. Like many things, there are way more paths than just one...but for OP...he HAS to comply to 8570.

dhay13

Nothing 'wrong' with it but Associate of ISC2 is worthless in 99% of situations. A person would be better served earning other certs that they can actually put on their resume and will be understood by hiring managers. Just my opinion.
Another thing to consider, if a person were to pass the test with the thought of getting the experience in the next 4 or 5 years, what happens if they have trouble getting a job working with any of the security domains? I think the Associate of ISC2 only gives a 6 year window to complete the experience requirements. So now you have to take (and pass) the test over again.

thexfactor

dhay13 wrote: »

Nothing 'wrong' with it but Associate of ISC2 is worthless in 99% of situations. A person would be better served earning other certs that they can actually put on their resume and will be understood by hiring managers. Just my opinion.
Another thing to consider, if a person were to pass the test with the thought of getting the experience in the next 4 or 5 years, what happens if they have trouble getting a job working with any of the security domains? I think the Associate of ISC2 only gives a 6 year window to complete the experience requirements. So now you have to take (and pass) the test over again.

Are you allowed to write that you passed the CISSP exam (not that you are certified yet) on your resume?

E Double U

TheFORCE

thexfactor wrote: »

Are you allowed to write that you passed the CISSP exam (not that you are certified yet) on your resume?

Not until ISC says that it is ok to do so, you have to wait until they review your exam score and your work history.

mackenzae

atippett wrote: »

Sorry, but the private sector stands no ground to government.

This made me think of this

http://www.militarytimes.com/story/military/tech/2014/08/04/in-supersecret-cyberwar-game-civilian-sector-techies-pummel-active-duty-cyberwarriors/13566549/

kalkan999

beads wrote: »

Just makes atippett look like 90% of all CISSPs out there. Lots of certs, no experience and wondering why no one has given them the keys the executive suite two days after graduating with their master's in "security".

Give me people who have careers in IT first, then go into "security".

See the following link: Farce | Define Farce at Dictionary.com

Attippet. As for your earlier question about 'hostility,' Welcome to the Thunderdome! Security people are quirky, intelligent, and love to push back.

NOC-Ninja

CEH holds value in the DOD.
CISSP is more for people that has experience if its in the DOD. There are some that takes it without sec experience and they had to jump to get to where they want. Either way, just because you have CISSP does not mean you get a 100k salary ticket. There are even some that does not have CISSP but does infosec work.

All you need is a sec + to most DOD jobs. Its a formality sake but we all know comptia is a POS cert.

I dont believe that TA is a solid IT experience. I would scrap your resume if Im looking at it.

PinotEnvy

I decided to take the exam after spending many years in IT, including government, AND verifying that I have enough of the right work experience to pass the endorsement phase. I did that by talking with three different CISSPs I have worked with in the past 5 years, all of whom will endorse me.

The idea that without experience you can just cram for the exam, pass it and expect to get a position that actually leverages it is only supported by how much the hiring manager may have been drinking that day. I know I would not have passed the exam (today, tyvm) without being able to call upon the experience I've had in DR, DR planning, Network design and OS hardening, not to mention firewalls. (My next project is OS hardening for a utility.) And I would never hire someone with just the certification and no work experience that got you there.

As was said earlier, before you take the exam, ask yourself if you either have the experience to achieve the endorsement, or will have the right experience to achieve the endorsement with 2-3 years.

I have no agenda, no intent to flame, just talking about it from my perspective.

That is all.

Стрелок

Another opinion read this Why You Should Not Get a CISSP - Attrition.org

WafflesAndRootbeer

My two cents...

CISSP is worthless. There, I said it! Why did I say it? I know lots of idiots who have it/claim to have it and have no real experience or a background in IT, other than a degree from some diploma mill or working for some company in a non-tech capacity. Many of the kids coming out of the local universities and for-profit colleges get it ASAP because the HR folks want to see it and they have been told that it will get them a six-figure salary, I know people in banking and other industries, that have CISSP on their LinkedIn resumes, and I know that the real people who are on the front lines of security work aren't holding it for the most part. In the past seven years since CISSP became "The Thing!", I have seen a lot of people fraudulently spin their background to get one and I've seen plenty of InfoSec professionals say "Gimme $$$$$ and I'll sign off on your endorsement!". If you genuinely think it's worth it, go for it, but don't expect a standing ovation or ticker-tape parade for getting one. It's not that hard and it won't give you moolah unless you have a security clearance to go with it.

beads

atippett wrote: »

Noticed your occupation says "Director of Networks and Security" ??? weird title to me. I'm just wondering how a DIRECTOR has time to sit on a forum at any point of the day (hmmm seems like you're not a director to me.) Also, you're located in Chicago. There is no DoD in Chicago. Therefore, if you would try to get into the DoD, you would start out as AT MOST a Lead. Sorry, but the private sector stands no ground to government.

If I would come to "your" organization, if you even have a job, I would probably start out as an engineer II. Sorry, once again it doesn't stand up to government.

I started doing security as a sideline to also running IT for a mid size ($200 million) company. My linkedin account is vastly out of date as well. Today I work as a security architect making more money as a consultant than I would be if I were an executive - not to mention happier not having people "bleed" (complain to the boss) on me all day.

- b/eads

SaSkiller

atippett wrote: »

Keep in mind that the C|EH holds no value for the DoD, that's who I work for. Any cyber job requires the CISSP or Associate.

Lol wat? CEH is required for CNDSP roles. Even with a CISSP (alone) you cant be in a SOC role.