Security+/CSA+/CASP before CISSP

mnashe

I'm trying to make my transition more towards the security side, with a focus on Cyber Defense. I'm in the beginning stages of studying for CISSP, but was wondering if there is a benefit to going the CompTia route first? I know CISSP is the better ROI option for the resume/HR. My question is geared more towards the content of those three Comptia exams, as far as learning skills necessary for the job.


Ideally, I'd do SANS/GIAC over both of the above, just not sure I'd want to pay out of pocket for their courses, without having a pure security job first.

NetworkNewb

If you got the experience requirement for the CISSP I would just get that. Then focus on and study whatever area of cyber security interests you most. Those other certs won't actually hold much value once you get it.

Not saying the knowledge is bad in those after you get the CISSP, but not sure if you would see much ROI in taking and getting the actual certs themselves.

andrewdm

Seconding this advice. If you don't yet have the experience but are on a career track where you're already satisfying security-related activities from the various CISSP domains (https://www.isc2.org/cissp-domains/default.aspx), you can do Associate of (ISC)2 for CISSP, which gives you up to six years currently to gain the five years of experience: https://www.isc2.org/how-to-become-an-associate.aspxThe advantage of this is that it looks good on your resume/CV to those who know what it is; the studying itself is a good teacher (honestly I should have put that first); and it gets the big test out of the way so you can relax just a little. Also bear in mind that you may already be doing many things that satisfy the domains without even realizing it.

andrewdm

Replying to myself to fix my second link (https://www.isc2.org/how-to-become-an-associate.aspx) and also add that, as you can see from my profile info, I did the CASP and Security+. I don't think they're bad additions to the resume/CV, and they may even snag a recruiter who's looking only at those. So far most of the postings for jobs I've seen in Southern California (can't speak for other places too well) have been defense and military-related positions. If that's your intended trajectory, having those certs may also help you get your foot in the door. Good luck!

mnashe

Thanks for the replies. I have enough work experience to satisfy the CISSP requirements, which is why I originally was going that route. My concern was more in regards to having the confidence with the necessary skills for the interview.

Would either of you feel it be beneficial to go through the material of those exams prior to studying for CISSP, even if I never sit a Comptia exam, or would you say do that afterwards?

I would never get the CISSP and then go back to Comptia certs. It would have to be the other way around

stryder144

I would read The Complete Reference Information Security Second Edition first, then dive into the CISSP exam materials. If you were to get the CompTIA certs first you would spend nearly twice the cost of the CISSP exam fee with little to no real ROI compared to the CISSP.

mnashe

thanks. I see your point. I'll check out the book. I think the fact that CISSP is more a security manager exam is what makes me hesitant. I was feeling like maybe I needed some other security certification under my belt first, even if I did only one of those Comptia ones.

I'll follow the advice here though and just go for the big gun

MitM

As someone who is also planning on tackling the CISSP, I was thinking about going this route

CSA+ (Or CASP) > CISSP > GIAC/CCIE Security


Not so sure after reading this thread though haha

ThePawofRizzo

MitM wrote: »

As someone who is also planning on tackling the CISSP, I was thinking about going this route

CSA+ (Or CASP) > CISSP > GIAC/CCIE Security


Not so sure after reading this thread though haha

Choose the path that works best for you.

For me, money isn't a concern, so likely my next security cert will be CASP, although I have the experience for CISSP. The reason? Studying for CASP will be helping me eventually prep for CISSP, and get me CEUs for CSA+. While I agree that CISSP probably is a better ROI, I also think any IT Security pro that shows a continual learning process - and certs help with that - is going to be a stronger IT pro.

stryder144

ThePawofRizzo wrote: »

Choose the path that works best for you.

For me, money isn't a concern, so likely my next security cert will be CASP, although I have the experience for CISSP. The reason? Studying for CASP will be helping me eventually prep for CISSP, and get me CEUs for CSA+. While I agree that CISSP probably is a better ROI, I also think any IT Security pro that shows a continual learning process - and certs help with that - is going to be a stronger IT pro.

You make an excellent point. There are things covered in each of the certifications that are not covered or have a different emphasis in the other certifications. Pursuing, or at least reading the various certification books/watching videos, the other certs might flesh a few things out that may be encountered during the course of ones career.

NetworkNewb

ThePawofRizzo wrote: »

While I agree that CISSP probably is a better ROI, I also think any IT Security pro that shows a continual learning process - and certs help with that - is going to be a stronger IT pro.

The way I look at it is your time would probably be better spent focusing on specific aspects of security that you want to work in/with, instead of getting a bunch of "general" security certifications that won't hold much value. I'd rather start focusing on how deep I can get into the specific security technologies I work on.

How much value would having the CSA+ or CASP be on a resume when someone has their CISSP? It might matter a little to some (like working for the DoD?), but I would doubt it would matter at all to most. Can't say that is fact, but just my view on it.

anhtran35

NetworkNewb is CORRECT. Obtaining the CISSP will lead you to the promise land. Sec+; CASP and CSA is only needed to obtain a DOD Level.