Life after achieving CISSP?

ITSec14

ramrunner800 wrote: »

Someone sent me a disgruntled PM about my comment calling CISSP a waste of time, particularly considering that I hold CEH. Fair point, so I'll take a second to explain my reasoning.

It would have been worded better by simply saying that it's a waste of time for YOU considering your job function. I'm ultimately pursuing a career in management, so the CISSP makes sense for me. Not saying I won't seek more technical certs and experience along the way since I would like to have a strong understanding of those concepts in a managerial position as well too. Am I going to add those letters to the end of my name on LinkedIn like I'm some sort of Doctor of Security? No way. I'll definitely be proud of my accomplishment though and I know many colleagues of mine who say it is totally worth getting. I mean, who wouldn't want to open a few more doors or increase their salary? I like to think most people in this field can learn anything they want and perform well if they have the right mindset. Do I enjoy performing packet analysis? No, because I think it's boring and that's totally fine. I don't need to enjoy it. What I am passionate about is the big picture of security and how it applies to the business. That is where my strengths lie, just like reverse engineering malware is where your strengths are. If someone acts on their strengths they can be wildly successful, no matter how in demand their skill is.

At the end of the day, my biggest priority is my wife and our lives together. No amount of studying, work, certs, money or anything else will ever supersede that. I have friends who make almost double what I make and that's cool, but I have a great balance in my life my job affords me. They on the other hand work 15-25 hours longer per week than I do. One of them even does something very similar to you. Everyone's priorities are different though. When I was younger (and I'm not that old), I was absolutely money hungry. Being a little older and wiser now has made me realize that there are bigger things in life and I certainly don't want to miss out on them by burying my face into a computer screen all day and night.

Btw, I think your job is 3rd best...fighter pilot being 2nd and astronaut being 1st Only because very few have experienced what its like to see Earth from space and I think that would be the most humbling experience ever.

Dr. Fluxx

M0CAMB0 wrote: »

It shouldn't, ramrunner is talking with a big bias based on the field he is working in, a big bias. CISSP is a management oriented certification, if you were to follow his advice you would be doing OSCP instead. I don't know about you, but I don't want to be doing malware analysis and reverse engineering exploits all my career, and that is essentially what you'll be pidgeon-holing yourself into if you go down this path and stick with it, because unless you have any management experience or education, you're going to be stuck doing it all your life and have a CISSP guy managing you. This is why there is a great demand for the hands-on guys, it is not a field of work the majority of people want to do for the rest of their life, you really have to be compassionate about it.

At the end of the day, do what you want to do, not what the industry is demanding, Security in general is one of if not the hottest fields in the IT industry to be in right now, we are in demand everywhere.

I dont ever want to take the CISSP..to me, its a glorified CEH..its cheesy in a way as, for now, I am working toward the OSCP.

BUT.

This is the first time someone, after me looking somewhat down on the CISSP, has ever put that cert into perspective.

Ech...as much as it pains me, that does make me think that i should probably, after my oscp look to at least get a CISSP.

Especially if im more skilled that he is.

ITSec14

Dr. Fluxx wrote: »

I dont ever want to take the CISSP..to me, its a glorified CEH..its cheesy in a way as, for now, I am working toward the OSCP.

BUT.

This is the first time someone, after me looking somewhat down on the CISSP, has ever put that cert into perspective.

Ech...as much as it pains me, that does make me think that i should probably, after my oscp look to at least get a CISSP.

Especially if im more skilled that he is.

If you're looking to get the OSCP, why bother with a CISSP? It's a management cert, not technical.

LordQarlyn

For the most part I agree with you. But managers including security managers are not built in a vacuum, so one can pursue CEH and OSCP and still move into security management positions, and indeed I would go as far as to say having an offensive security and pen testing background as a manager can allow one to bring different perspectives to the table.
Clearly those in information security management need a bigger picture outlook geared towards a business perspective, but knowing how systems are attacked and penetrated can give an information security manager insights on how to harden the systems they are responsible for protecting.

M0CAMB0 wrote: »

It shouldn't, ramrunner is talking with a big bias based on the field he is working in, a big bias. CISSP is a management oriented certification, if you were to follow his advice you would be doing OSCP instead. I don't know about you, but I don't want to be doing malware analysis and reverse engineering exploits all my career, and that is essentially what you'll be pidgeon-holing yourself into if you go down this path and stick with it, because unless you have any management experience or education, you're going to be stuck doing it all your life and have a CISSP guy managing you. This is why there is a great demand for the hands-on guys, it is not a field of work the majority of people want to do for the rest of their life, you really have to be compassionate about it.

At the end of the day, do what you want to do, not what the industry is demanding, Security in general is one of if not the hottest fields in the IT industry to be in right now, we are in demand everywhere.

ramrunner800

fabostrong wrote: »

Thanks for the insight. What certifications if any would you recommend? Have you done packet analyst, forensics, and malware reversal? What was your first security job?

If you want to do blue team tech work, GCIA, GCFA, and GREM are the ones that I think are most useful. CEH was helpful to me in getting past HR filters. I started out working in a SOC as an IDS analyst, doing log and packet analysis. I moved from there to Incident Response and Threat Intelligence, which is where I picked up forensics and malware reversal. There are certainly other career paths, but this one has been fun for me, and I've seen similar paths available in most other reasonably sized security orgs I've visited or been a part of. This is a specialized type of role that only tends to exist in large orgs, so size is key. In mom and pop shops you will find yourself wearing many more hats.

TeKniques

Being someone who holds both the CISSP and the OSCP I will give my .02 since the thread seems to have gone that way. The CISSP is a good certification to have simply because it can checkbox a requirement for a job application, and I am glad that I have it. That being said, I do believe the certification is overrated and after taking (and passing) the OSCP exam they are an apples to oranges comparison. When it comes to comparing difficulty, in my opinion the OSCP would be a 9/10 and the CISSP a 5/10 (totally subjective I know). Having said all that, and being an Information Security Manager if I was looking to hire someone for a technical role an OSCP certification definitely shows more technical aptitude on paper, but you really never know until you interview and ask the right questions. The advice I would give is to get both of those certifications, because they make you more marketable as a professional. Ultimately however, you need to make your success happen.

markulous

CISSP is still decent if you're in a technical role. Understanding how a manager operates and the 10,000 view of security only makes you a better engineer.

xxxkaliboyxxx

TeKniques wrote: »

Being someone who holds both the CISSP and the OSCP I will give my .02 since the thread seems to have gone that way. The CISSP is a good certification to have simply because it can checkbox a requirement for a job application, and I am glad that I have it. That being said, I do believe the certification is overrated and after taking (and passing) the OSCP exam they are an apples to oranges comparison. When it comes to comparing difficulty, in my opinion the OSCP would be a 9/10 and the CISSP a 5/10 (totally subjective I know). Having said all that, and being an Information Security Manager if I was looking to hire someone for a technical role an OSCP certification definitely shows more technical aptitude on paper, but you really never know until you interview and ask the right questions. The advice I would give is to get both of those certifications, because they make you more marketable as a professional. Ultimately however, you need to make your success happen.

Would you of been consider, past HR or been in contention for your current role without the CISSP/CISM and just the OSCP?

ramrunner800

Mooseboost wrote: »

It comes down to what you are looking for and what part of the field you wish to go into. Saying the CISSP is a waste of time is both true and false, with the line being drawn where you wish to place your focus.

I appreciate your balanced post, and I think you are largely correct. I didn't mean to imply there is no market for auditors at all, so apologies if it read that way. I simply meant to say that there is more of a market for hard tech skills at the moment. Between following the market here, reddit, and in my own interviews, it just doesn't appear that many non-management roles outside of security operations are pushing the $200k mark. To be fair I wouldn't say it's 'many' in security operations that do, but they aren't terribly difficult to find.


I will admit that I bring baggage along when writing about the CISSP. I don't think that CISSP is something that everyone should avoid, it is a good cert when sought by someone for whom it is career appropriate. The problem is that the infosec career advice space tends to be populated by folks who work in roles that are tangential to security, who tell EVERYONE to get their CISSP. Most advice given to aspiring tech career changers or help desk guys looking to move into security, everyone tells them to go get their CISSP at the earliest possible point. That is absolutely horrible advice for newbies.


Also, certification 100% holds value. I'm very up front about how much CEH helped me, and my SANS certs have also done wonders. I'm a big proponent of certification, though lots of the deep tech guys are not.

M0CAMB0 wrote: »

I don't know about you, but I don't want to be doing malware analysis and reverse engineering exploits all my career, and that is essentially what you'll be pidgeon-holing yourself into if you go down this path and stick with it, because unless you have any management experience or education, you're going to be stuck doing it all your life and have a CISSP guy managing you. This is why there is a great demand for the hands-on guys, it is not a field of work the majority of people want to do for the rest of their life, you really have to be compassionate about it.

This is nonsense. Firstly, doing tech work at a point in your career does not mean you will do it forever or that you are pidgeon-holed. There is no role in existence where you won't be working with other teams, acting as a sme on projects, writing policy, and helping remediate vulnerabilities. Managers who have not done that are dangerous, they are the bad CISSPs of whom we speak. No career exists that will allow you to just start doing something now, and continue doing that for the next 30 years. Now more than ever the being able to rebound, reinvent yourself, constantly learn and adapt is essential.


Second, the days of CISSP being a good path to management by itself are numbered. The industry has largely realized that it is not 'the Gold Standard of Infosec Professional' that it once claimed to be. It's still great for some areas, but there are now also areas of the field where it is not. This was an artifact of the early days of the field. If there's anyone I'm gonna be managed by in the future, it's a kid who has come out of one of the many quality security engineering programs available in universities today. I work with some of these kids, and they're impressive. They have tech abilities that far exceed those who have been in the field for a few years on their first day of work. This field is going to look very different in 10 years, and that's a good thing. The coming generation is going to be a force to be reckoned with.


Finally, if you think the demand for tech people in security right now exists simply because because people don't want to do the work, you're delusional.

dhay13

Dr. Fluxx wrote: »

What state do you live in...so i dont move there

Pennsylvania

jelevated

ramrunner800 wrote: »

Employers with cert requirements (outside of government, because that's a whole different ball of wax that NONE of this applies to) tend to be employers who don't know what they're doing. I know immediately that's going to be a bad fit, and I'm glad they don't call.

I bet you would love an employer that called you in thanks to your precious GIAC certs, else why even bother taking the test? So some (well, many, actually) prefer ISACA or ISC2 certs and they don't know what they're doing. Ok, well, meanwhile those with ISC2 certs will continue to reap the benefits.

Most employers like a specific cert to thin out the herd. Fact is that many many people have technical skills and a CISSP on top of whatever other certification they have. I see it in my organization. I see it in the resumes that hit my desk. Windows, Network, Firewall, IDS, Linux, lots of people have it. Surprise surprise. Those who have sought certification (in particular the CISSP) often have killer resumes and interviewing skills. They may not always be the best candidate, but they typically aren't the bottom of the pile with irrelevant experience and lacking depth.

ramrunner800

jelevated wrote: »

I bet you would love an employer that called you in thanks to your precious GIAC certs, else why even bother taking the test? So some (well, many, actually) prefer ISACA or ISC2 certs and they don't know what they're doing. Ok, well, meanwhile those with ISC2 certs will continue to reap the benefits.

Most employers like a specific cert to thin out the herd. Fact is that many many people have technical skills and a CISSP on top of whatever other certification they have. I see it in my organization. I see it in the resumes that hit my desk. Windows, Network, Firewall, IDS, Linux, lots of people have it. Surprise surprise. Those who have sought certification (in particular the CISSP) often have killer resumes and interviewing skills. They may not always be the best candidate, but they typically aren't the bottom of the pile with irrelevant experience and lacking depth.

I'm not exactly sure of the point you're trying to make here. Could you clarify a little? I think you're trying to point out a contradiction in what I've said based on my holding of GIAC certs, but I encourage you to read my post(s) again. Certs matter, 100%. I do get calls based on my GIAC certs, but that isn't really relevant here. GIAC certs indicate competence in a particular area, and do not indicate competence in others. The same is true of CISSP; that shouldn't be a point of controversy, unless you believe that CISSP is a highly relevant certification across the entirety of security. If you believe that, sorry, it's not true. If you want to do things that actually involve breaking into systems, or hunting for people who break into systems, CISSP is a feather in your cap(and sometimes a scarlet letter), but not a lot more.

There are certainly some tech folks who pursue CISSP to get more calls. I feel that I acknowledged that fact, and that it's a valid approach. As I stated, I'm not one of the folks who throws out CISSP resumes, though those folks do exist. I also didn't say certification doesn't matter, quite the opposite. My C|EH, which is rightfully one of the most maligned certs available, helped my career quite a bit. You get what you think helps you feed your family, and there's absolutely nothing wrong with that.

There are also some fields where ISC2/ISACA certs are relevant, and that's okay. People with ISC2/ISACA certs deserve to reap benefits in those fields. I certainly don't contest that. I thank the good lord daily that I don't work in those fields, and I'm sure folks in those fields are happy not to work in mine. I'm not questioning ALL requirements for CISSP. I'm questioning a selection of them, in fields where it isn't a relevant cert. The problem with CISSP in particular is that it claims to be applicable to all of security, and so people recommend it to every security professional, or aspiring security professional. That's simply not appropriate.

There are definitely lots of tech folks who hold the cert, especially as in the past it was much more valuable. That said, there are folks winning Person of the Year awards in technical fields whose twitter display names are variations on "notacissp." And thankfully there are lots of orgs that are dropping it as a req. I checked the postings of a few major financial institutions, who tend to be at the bleeding edge of the security field, to see what they were looking for. Some of them even had management positions with 20 item long "Preferred Certification" lists, which didn't contain CISSP(though thankfully for me all my GIAC certs, and even more, were listed).

Bottom line: Do what you gotta do to get a job, but if you're early career and working on the tech side, there's likely better ways to spend your time.

LordQarlyn

LOL, yeah, sure, dude, nobody in all of planet earth right now wants anybody with a CISSP, sure, buddy.

https://www.my.jobs/jobs/?q=%22Chief+Information+Security+Officer%22#1

Why, just take a look at these CISO postings, they all want GIAC certs. Oh, wait... if they're asking for any certs it's CISSP or CISM...

Well then, look at these search results for CISSP versus GIAC! Oh, wait, CISSP jobs outnumber GIAC jobs over 3 to 1, and some of the GIAC postings also would be interested in CISSP.


But yeah, like you said, no banks or financial companies want anything to do with anyone with CISSP certifications, right? Right? Oh, wait, there are quite a few banks and financial auditing firms with CISSP openings.


Well, buddy, I guess I am just hurting from the $25k+ raise I got from my CISSP

ramrunner800 wrote: »

I'm not exactly sure of the point you're trying to make here. Could you clarify a little? I think you're trying to point out a contradiction in what I've said based on my holding of GIAC certs, but I encourage you to read my post(s) again. Certs matter, 100%. I do get calls based on my GIAC certs, but that isn't really relevant here. GIAC certs indicate competence in a particular area, and do not indicate competence in others. The same is true of CISSP; that shouldn't be a point of controversy, unless you believe that CISSP is a highly relevant certification across the entirety of security. If you believe that, sorry, it's not true. If you want to do things that actually involve breaking into systems, or hunting for people who break into systems, CISSP is a feather in your cap(and sometimes a scarlet letter), but not a lot more.

There are certainly some tech folks who pursue CISSP to get more calls. I feel that I acknowledged that fact, and that it's a valid approach. As I stated, I'm not one of the folks who throws out CISSP resumes, though those folks do exist. I also didn't say certification doesn't matter, quite the opposite. My C|EH, which is rightfully one of the most maligned certs available, helped my career quite a bit. You get what you think helps you feed your family, and there's absolutely nothing wrong with that.

There are also some fields where ISC2/ISACA certs are relevant, and that's okay. People with ISC2/ISACA certs deserve to reap benefits in those fields. I certainly don't contest that. I thank the good lord daily that I don't work in those fields, and I'm sure folks in those fields are happy not to work in mine. I'm not questioning ALL requirements for CISSP. I'm questioning a selection of them, in fields where it isn't a relevant cert. The problem with CISSP in particular is that it claims to be applicable to all of security, and so people recommend it to every security professional, or aspiring security professional. That's simply not appropriate.

There are definitely lots of tech folks who hold the cert, especially as in the past it was much more valuable. That said, there are folks winning Person of the Year awards in technical fields whose twitter display names are variations on "notacissp." And thankfully there are lots of orgs that are dropping it as a req. I checked the postings of a few major financial institutions, who tend to be at the bleeding edge of the security field, to see what they were looking for. Some of them even had management positions with 20 item long "Preferred Certification" lists, which didn't contain CISSP(though thankfully for me all my GIAC certs, and even more, were listed).

Bottom line: Do what you gotta do to get a job, but if you're early career and working on the tech side, there's likely better ways to spend your time.

ramrunner800

Edit:What I said wasn't nice, so here's an attempt at being a bit more constructive

LordQarlyn wrote: »

LOL, yeah, sure, dude, nobody in all of planet earth right now wants anybody with a CISSP, sure, buddy. https://www.my.jobs/jobs/?q=%22Chief+Information+Security+Officer%22#1Why, just take a look at these CISO postings, they all want GIAC certs. Oh, wait... if they're asking for any certs it's CISSP or CISM...Well then, look at these search results for CISSP versus GIAC! Oh, wait, CISSP jobs outnumber GIAC jobs over 3 to 1, and some of the GIAC postings also would be interested in CISSP. But yeah, like you said, no banks or financial companies want anything to do with anyone with CISSP certifications, right? Right? Oh, wait, there are quite a few banks and financial auditing firms with CISSP openings.Well, buddy, I guess I am just hurting from the $25k+ raise I got from my CISSP

I said literally the opposite of all those things you just said. I'm not sure where you got the impression I think nobody wants it. I've tried post reasonable and non-combative opinions/information. I get that some people don't agree with it, and that I've been pretty long winded, but it's in an attempt to make my thinking clear to people, and have a constructive discussion. If I've offended you in some way, my apologies. But if you want to have a conversation, you have to actually read, and not intentionally misinterpret things, like you have here. Sorry that you're not interested in that.

I'm happy you got a raise when you got CISSP, the focus of this forum is about helping people to advance their careers, and that's why I comment here. The actual technical security community is quite underrepresented here, and advice is heavily biased towards certain parts of the field. I'm here to give an alternative perspective that people don't tend to get here. FWIW, when I got my most recent cert, I was offered $55k raise and about a 2.5x increase in total compensation to take a management role, and I was already making 6 figures. I turned that down because there are things more important than money, and it would have been disastrous for my personal life to take the role. The thing is, that's not really a data point that is that useful to other people. In my case, and likely in yours, there were many of additional circumstances that contributed to why that happened for me the way it did. I'm not trying to have a cert measuring contest here. My certs fit one path, and other certs fit others. I'm just trying to say, "Go get CISSP" is often used around here as the default, one-size fit's all piece of security career advice, and that's not good.

TheFORCE

I'm surprised people are comparing this cert vs that cert vs that cert vs that organization vs this other organization. See it all the time.

The simple fact and single point is that there is a demand for lower, medium, high and advanced certifications. The reason again is simple, there are jobs requiring various skills with various responsibilities at the lower level, medium level, high level and advance level in any organization.

Each certification is a progression from one point in job duties/ life to another. That being said, each progression, each cert, leads you to more focused area of your industry and your job and some times, most of the times actually, the skills you acquired in your past jobs might not fully translate into a new one.

Don't compare this cert vs this cert without comparing the actual jobs that are performed. A person with CISSP could be working as a security analyst but could also be working as a Security manager, a person with OSCP could be working as a pen tester, but another could be working as a malware researcher etc etc, all those jobs dont pay equally and saying that it is because the cert they hold is totally incorrect.

A good analogy would be trying to compare salaries of a medical doctor that specializes in heart surgery vs a medical doctor that specializes in pediatrics. They both finished MD school, both have degrees and certs in they specialized field. This is not to say that later on the pediatrician cant go to become a heart surgeon.

To conclude, there's no point to compare certs as they serve different purposes. Just study, show progression and you will get to the 100K mark.

To answer the original OP though, the CISSP did work for me. I went from making 60K before CISSP, to 80K after CISSP, to 115K in 1.5 years after CISSP, to my current job of 121K 3 years after CISSP. I'm in security, 2 levels down from the CISO. My job duties have also changed and I'm also doing a lot more now, I'm paid salary vs hourly in the early days, so I do spend maybe 1 hour extra at work every day. I went from doing many things manually to automating task in each job i held and implementing solutions and tools in each job, versus just using the solutions others had build. So as you can see, those are things about your job responsibility that are not immediately noticed when comparing this cert vs that cert.

LordQarlyn

I used hyperbole but no, all your posts on this thread have been claiming the CISSP irrelevant and employers toss out resumes with CISSP on them, see your words below. A five minute search showed that to not be true.

At least others who don't want to pursue the CISSP, or your certifications, acknowledge they have value, that they simply aren't in the career path they want to pursue, while your very long replies can be boiled down to that any certification that you don't have are worthless certs lol.

Hell, dude, you even called the Cisco certs worthless when 90% of the internet routers are made by Cisco lol, to say nothing about the amount of Cisco switches out there.

And yeah, I'm an obnoxious jerk lol.

ramrunner800 wrote: »

like a madman, and avoid waste of time certs like Cisco and CISSP
my comment calling CISSP a waste of time
Some folks on the tech side of security say they throw away resumes with CISSP
unless you believe that CISSP is a highly relevant certification across the entirety of security. If you believe that, sorry, it's not true.
one of the folks who throws out CISSP resumes
Second, the days of CISSP being a good path to management by itself are numbered.
Some of them even had management positions with 20 item long "Preferred Certification" lists, which didn't contain CISSP

ramrunner800

LordQarlyn wrote: »

I used hyperbole but no, all your posts on this thread have been claiming the CISSP irrelevant and employers toss out resumes with CISSP on them, see your words below. A five minute search showed that to not be true.


At least others who don't want to pursue the CISSP, or your certifications, acknowledge they have value, that they simply aren't in the career path they want to pursue, while your very long replies can be boiled down to that any certification that you don't have are worthless certs lol.


Hell, dude, you even called the Cisco certs worthless when 90% of the internet routers are made by Cisco lol, to say nothing about the amount of Cisco switches out there.


And yeah, I'm an obnoxious jerk lol.

That is an absolute mischaracterization of everything I've said, and I have to say it seems intentional. I hope you'll take time to actually try and understand what I'm trying to communicate, rather than simply try and fight with me.


- I did not claim that all employers throw away resumes with CISSP on them. I said that some tech people say they do that, and that they are unreasonable.(you conveniently snipped that quote to leave off important context)
- I did not say CISSP is irrelevant to everything, I said that CISSP is not relevant to everything.(thanks for keeping that entire quote)
- At no point have I said anybody should go pursue the certs that I have, bar the one instance where someone asked what certs are good for the type of work I do. Recommending people go get GIAC certs as a way to get into the career is unreasonable, given their insane cost.
- I have consistently and repeatedly said that CISSP is a good cert for the particular kind of work it is relevant to, and that it is a good resume booster that will get you more calls regardless of your field. That said, I do believe that companies looking for SOC analysts requiring CISSP's do not know what they are doing, the same as companies who value C|EH over OSCP and OSCE do not know what they're doing (I spoke to one of those just this week). If you disagree, I respect your opinion and I'm happy to have that conversation, but I don't think it's a jerky opinion to hold.
- I pointed out that at least some places, some very high end financials in particular, are moving away from requesting CISSP of at least some of their security managers and none of their tech people. I do believe that this is a sign of the cert being in decline, though that may just be decline from being the end-all-be-all cert for all of security, to a more appropriate position in the hierarchy. It doesn't mean that nobody is going to require it. You're free to disagree, and we can have a constructive conversation about that.


My first post was indeed heavily biased towards my particular type of work, where Cisco certification and CISSP aren't applicable. Networking knowledge is still vital, which I ALSO stated, but there's just no need to be able to configure iOS or remember routing protocols from memory. You just need to be able to recognize when someone else is the right person to handle a job, and work effectively with those other teams. This bias was correctly pointed out, and I repeatedly acknowledged that. That's also when I started writing longer posts, because I want to make sure it's understood that there is context around the opinions, and that they don't apply in every circumstance.

I'm not here to fight with you man. We're here to help people and give them advice about the various parts of the field, and learn from others who work in different spaces. I'm here to have the discussions, and talk about this stuff because it's neat. No need to get hostile and distort what people say so that you can 'win.'

ITSec14

Gosh the sensitivity is high in this thread lol.

I totally get what ramrunner is saying. The CISSP itself is a great cert to have for marketability and a good overview of security. Does it make you a technical expert? Hell no it doesn't. Does it give a different aspect to security? Absolutely! In fact, the more security professionals know about the business side of things, the better. People really do rely too heavily on the CISSP. I know this because I've worked with people who parade around like they are kings, yet the only thing they are good for is posting security articles on LinkedIn to make themselves look like experts. THOSE are the people who give the CISSP a bad name. Even so, a cert is utterly useless unless you can demonstrate that knowledge in the real world. You can post all the job search results you want, but things can be totally different this time next year. He probably doesn't worry about those HR screenings anyways since he has headhunters reaching out to him.

Encourage each other in talks about career advancement. If you wan't to criticize, then I suggest you stay in your lane.

518

redsteel wrote: »

This thread is really killing my mojo.

dont let it kill your mojo.

so, MY life after CISSP. a little background, I worked my way up starting as a PC Tech, Sys Admin, Network Admin, security risk analyst paper pushing ninja, and now some sort of cybersecurity. once I led the implementation of dot1x, tacacs, boundary device security controls. I was implementing security controls, but not getting paid as someone who actually implement security. I was being snobbed by recruiters because I didnt have CISSP, especially in the DoD arena. After achieving CISSP, I started getting the attention of recruiters for DoD jobs in Germany, Italy, and Bulgaria. I decided to return to Africa because the cybersecurity position is more technical than those previously mentioned.

I still plan on getting OSCP, but I had to get CISSP first to "meet" the DoD 8570 standards. Sadly, OSCP is not on the 8570 (it SHOULD!!!), so that is on hold for now while I try to finish my MS in CIA.

NotHackingYou

What's life like after achieving your CISSP, you say? I can only answer by music video. https://www.youtube.com/watch?v=whEWE6WC1Ew&t=3s