Post CISSP plan (CISSP® Concentrations)
Hello Friends
I looking for some advise on regarding CISSP concentration. I currently have CISSP and CISM certifications and currently a mid-level manager in security. Which one of the concentrations do you think would be more marketable/valuable ? I was thinking about ISSAP (Architecture concentration) But not sure which one would add value or worth pursuing. Thank you
CISSP®-ISSAP®: Information Systems Security Architecture Professional
CISSP®-ISSEP®: Information Systems Security Engineering Professional
CISSP®-ISSMP®: Information Systems Security Management Professional
I looking for some advise on regarding CISSP concentration. I currently have CISSP and CISM certifications and currently a mid-level manager in security. Which one of the concentrations do you think would be more marketable/valuable ? I was thinking about ISSAP (Architecture concentration) But not sure which one would add value or worth pursuing. Thank you
CISSP®-ISSAP®: Information Systems Security Architecture Professional
CISSP®-ISSEP®: Information Systems Security Engineering Professional
CISSP®-ISSMP®: Information Systems Security Management Professional
Comments
I took the ISSMP exam, mainly because I was studying for the CISM as well. (They are quite similar.) I think that the reason that there are not a lot of people out there with the concentrations is that there isn't a large market for them.
It just looks wrong, in my opinion, to often see people with management certs with no experience in a field. Same with other specialty certs like the CISA or MCSE with no hands on experience. Its like 'wha..?' How'd you get certified without the required time or experience in the field. Common as it is I still see these resume's every week.
- b/eads
No, actually it is not! When certifications such as the CISSP have specific work/time requirements to be met before you can earn the cert, it is not the same thing as getting a job straight out of school... you went to school to learn enough to get the job. Obtaining the certification without the required time in grade is actually fraud, since you represented your self as having experience you in fact did not ...
You have 9 months after you pass the ISSMP exam to have the required experience or the results will be void. You also have 5 years to obtain the Cissp exam in which 2 or more domains must be met in total. One year can also be waived for obtaining credential from certain vendors. On top of that the CISSP is business and risk focused not management focused. You have several technical domains.
You can past most of these exams first then obtain the experience within the given timeframe. If you couldn't, then take it up with the vendor whose policies state otherwise. Also investigative checks are done when you attempt to get endorsed. So yes just like a job, you pass the exam first, get the XP then go for endorsement. It's done in other realms like the CPA and Law.
You jumped to the conclusion of thinking I meant to go for endorsement without the experience so that is your misunderstanding not mine.
I didn't jump to conclusions, apparently you missed that statement when replying to him
You really didn't specify but made a comparison to finding a job with no experience which is not the same
Nabsh07 the CISM is good for the role you're currently in. Since you have the Cissp and Cism, it's likely that you can meet the requirements of both AP or MP in a relatively short period. But don't let a cert define your value or worth. Only you can determine what that means. Some look at value as just money. If that's the case i would focus on mgmt entirely and increase my executive soft skills