Direct CISSP or CompTIA Security+ and then CISSP

Hi Members

Great if you can help me deciding on crucial point of my career.

I am into 11th year of experience in my career and all experience in core telecom domain (working on fixed line techno like DWDM, SDH ,PDH etc...). Since transmission is eventually fading out , so looking to turn my career into some interesting and demanding field and I soughted out (from my friends and colleagues) that Information security field will be in high demand for some years.

This is my question now, I want to enter security field with zero prior experience. So please advise me choosing the right path for me,

Option:-1
CompTIA security+ and then CISSP (gaining Associate Designation) and then reach out to employers for securing job into security?

Option:-2
Directly going for CISSP (gaining Associate Designation) and then reach out to employers for securing job into security and complete 5 years of experience before I complete my CISSP certified?

Any other option, please suggest

Note:- I have already good understanding of networking and had already achieved CCNA R&S level.

Regards

Find more posts tagged with

Comments

MIME

I went through a career transition myself recently. Here are my two cents from my experience. In my case I'd been a network admin/systems engineer for 15 years + and like you I was ready for a new direction and decided on cyber security. I wound up taking a look at a lot of job postings and carefully asked myself beyond the certification did I have the skills to do the job? Certifications with no experience may get you past HR but likely not much further. Many of the jobs with the CISSP involve doing some management. If you have a solid management background plus the prerequisites https://www.isc2.org/Certifications/CISSP then by all means go for the CISSP. The Security+ certification is less expensive and doesn't have the experience prerequisite-it is also not considered a higher level cert and thus pay levels aren't as high which are things you'll have to consider whether you're willing to deal with. For me I opted to go for the Security + certification, took a bit of a step back salary wise, landed a junior IA job, and am now studying for my CISSP. Good luck with whatever you decide.

LordQarlyn

Hello. Having done something similar to your path I can relate. I got started in telecoms, satellite systems specifically, then on to wireless/cellular systems. I didn't make the transition to IT until about 9 years ago, after I was laid off from Sprint.

Your friends are absolutely right about IT security being hot - just look at the news about all the breaches and cyber attacks. You've made a good career decision and the folks here at TechExams are all happy to help others here.

If I were in your situation, I would start with the Security+. It's not that hard of a cert to knock out, it will open doors at the very least to DoD IA(information assurance) jobs, and will help you prepare for security job interviews (the only value I got out of Net+ was my preparing for it helped me ace an interview that got me my first IT job). Then by all means pursue the CISSP, even if only associate, it will open doors too. However, I used my telecom job experience to satisfy the experience requirement, and the ISC2 accepted it. As I was vetted directly by the ISC2, that is pretty much the final say.

Regardless how you choose to pursue this, good luck!

ITSec14

I got my Sec+ not long ago and now I'm pursuing the CISSP. Honestly, I feel like a lot of the Sec+ material is very similar to what I'm reading in the CISSP books. Obviously the scope of the CISSP is much wider still, but having my Sec+ has helped a lot with the technical areas.

MIME

"I feel like a lot of the Sec+ material is very similar to what I'm reading in the CISSP books." Totally agree with you. I got my Sec+ cert in November which helped with the technical areas AND landed me a job in the cyber security field. Much easier to start studying for the CISSP when you're already in the field along with getting a job in the future at a more senior level.

CryptoQue

Base on your background, I would suggest the SEC+ path before pursuing the Associate of ISC2. That certification will give you the security foundation needed before preparing for the CISSP. The CISSP is a broad focus...a mile wide and an inch deep. IT requires a lot of dedicated time and money. The easier and more cost effective approach is the SEC+ for the short term. Good luck!

SteveLavoie

Also I would do Sec+ (or SSCP almost the same material as Sec+ but from ISC2), it would also knock off 1 of the 5 year requirement for the CISSP.

Also if you do the SSCP, all CPE requirement would count to both certs (SSCP and CISSP).

jknight

Hi, I am going to study for the CompTIA Security +. Does anyone know of any inexpensive materials or online learning etc.. I will buy books if need be (any recommendations for books?).

Info_Sec_Wannabe

jknight wrote: »

Hi, I am going to study for the CompTIA Security +. Does anyone know of any inexpensive materials or online learning etc.. I will buy books if need be (any recommendations for books?).

Things that come to mind would be the Darril Gibson book, Professor Messer or CBT Nuggets videos, etc. I would suggest you go through the Security+ threads for details.

TechGuru80

VRSR wrote: »

This is my question now, I want to enter security field with zero prior experience. So please advise me choosing the right path for me,

Option:-1
CompTIA security+ and then CISSP (gaining Associate Designation) and then reach out to employers for securing job into security?

Option:-2
Directly going for CISSP (gaining Associate Designation) and then reach out to employers for securing job into security and complete 5 years of experience before I complete my CISSP certified?

Any other option, please suggest

Note:- I have already good understanding of networking and had already achieved CCNA R&S level.

Regards

You probably should watch the following video: https://www.youtube.com/watch?v=Uv-AfK7PkxU&frags=pl%2Cwn

Great...you have your CCNA:R&S...do you have any knowledge of operating systems (Windows/Linux)? Going for the CISSP before you have the experience, in most cases, is a terrible idea. Not because the CISSP is a terrible idea...but because you can't even list CISSP / CISSP Associate / etc. per ISC2, therefore you get literally no benefit from it. Even in DOD 8570 land, you aren't going to walk into a position that actually requires a CISSP until at minimum maybe 3-4 years and even that is an aggressive timeframe. I was an associate of ISC2 (the official title) prior to having the experience, and guess what....nobody even knew what that meant, so I am not just making up facts here.

Your path should be:
1. Try to get a job in an IT field (system admin, networking, security....anything related).
2. While you are trying to get a job and beyond, learn Windows & Linux either by going for MCSA and Linux+...or by learning to configure a lot of services through study and not pursuing the certifications (I probably would get them though as certifications can help especially early in your career).
3. As you are learning Windows and Linux, start to get familiar at the command line and creating scripts....even start to learn a little python if you can.
4. After all of this, start to learn some more about security (Security+ or SSCP are good options).

Cliff Notes:
-Watch video link posted.
-Build your foundation by learning the operating systems.
-Don't go for CISSP until you are 1 year or less from having the experience requirement and you have done the other stuff.

Daniel333

I'd love to hear what about IT security is interesting you? That's a big part of this. What's making you fall in love with IT sec?

You might want to consider focusing on more proven vendors to build your base out a little more. Cisco and Microsoft and Linux all the way.

CCNA is a okay start, but really won't make you employable for a fair wage. Cisco also has AMAZING user groups and online communities that are FREE unlike Comptia or ISC2 where you can build your network. Last event I went to a couple year ago they GAVE me 4x 3560s and some WAPs for a project i was working on. Top it off they brought in food, beer, free lab time and as you certed up there was literally a women in the room working as a recruiter offering same week interviews

Anyhow I am numbers guy so here is how I see it. YOU GOTTA get the base experience .... looks for hands on certs that help bridge the learning gap. Read: Extensive labs.

But lets also consider MORE jobs means more likely someone will give you a chance with a gap or two. Higher compensation averages means more career growth. I am in the Oakland, California area so here is what I see available.

CISSP
Jobs Near me: 89 asking for this cert
Compensation: between $78,788 and $119,184.
Thoughts: The CISSP isn't hard, but it's also not practical. Its designed to prove your generalist knowledge. It's more IMHO about the ISC2 community. While there are plenty of jobs who ask for the cert, you wont get to an interview without some solid stuff on your list of experience. I just checked at there are only 89 jobs near me asking for the CISSP.

Security+
Jobs Near me: 0
Compensation: $42,128 – $95,829
Thoughts: Security+ has no value either unless coupled with other more tangible certifications. If you do it for your own education or because you want to be an early adopter to Comptia new security track (Sec+ > Pentest+ > CySy+ > CASP+) then there is value. Assuming you complete the CASP track, you can expect a whopping 3 jobs asking for it with compensation running from just below a living wage to more than fair ($58,526 to $115,032)

CCNP Security
Jobs Near me: 1,298
Compensation: $41,022 - $133,590
You can get better value by focusing on certifications that have a little more crunch to them. CCNP Security will certainly given you the solid more detailed understanding of security that the Comptia or ISC2 track will do. But give you actual applicable skills that are in real demand. .

CCIE Securtiy
Jobs Near me: 1,303
Compensation: $141,399
CCIE security is an investment of a couple years of your life and a good $10k over that time. But it's a cert that can't be "bought", it can only be earned. And if you're serious about network securty is a great start. Cisco also has AMAZING user groups and online communities that are FREE unlike Comptia or ISC2 where you can build your network.

MCSE + Security
Jobs Near me: 1,307
Compensation: $97,494
Microsoft is still the goto government and enterprises and that isn't slowing down. Their modern MCSE program teaches windows, cloud and security. It's still a gold standard for IT skills. Microsoft's parter and MCP communities and users groups are also still very strong rivaling the paid communites ISC2/Comptia offer.

Redhat Certified Architect + Security
Jobs Near me: 1,284
Compensation: $116,800.
Linux is not stopping and effectively is the Cloud. Redhat (and it's clones) run the Enterprise and gov. Securiyt is more than practices and PKI. It's automation, it's platforms, it's virtualization, it's cloud. Redhat's archtect track is VERY flexible and it's another cert that can't be faked. It's lab first model ensures you're not a good test taker, but actually a Redhat expert.

Tekn0logy

Why not build on your CCNA R&S? I think you should get CCNA Security and Security+ and then decide to get CISSP if needed or still interested.

fitzlopez

jknight wrote: »

Hi, I am going to study for the CompTIA Security +. Does anyone know of any inexpensive materials or online learning etc.. I will buy books if need be (any recommendations for books?).

I joined the ACM and that gave me access to safari books online and skillsoft. For the ACM membership money its a great value.

Cheers,

Aqeelnaqvi

LordQarlyn said:

Hello. Having done something similar to your path I can relate. I got started in telecoms, satellite systems specifically, then on to wireless/cellular systems. I didn't make the transition to IT until about 9 years ago, after I was laid off from Sprint.

Your friends are absolutely right about IT security being hot - just look at the news about all the breaches and cyber attacks. You've made a good career decision and the folks here at TechExams are all happy to help others here.

If I were in your situation, I would start with the Security+. It's not that hard of a cert to knock out, it will open doors at the very least to DoD IA(information assurance) jobs, and will help you prepare for security job interviews (the only value I got out of Net+ was my preparing for it helped me ace an interview that got me my first IT job). Then by all means pursue the CISSP, even if only associate, it will open doors too. However, I used my telecom job experience to satisfy the experience requirement, and the ISC2 accepted it. As I was vetted directly by the ISC2, that is pretty much the final say.

Regardless how you choose to pursue this, good luck!

Hi
I saw your post, and I am curious about the experience part you mentioned.

I plan on CISSP down the road, I would like to know if your work experience was counted as 5 years of required work experience?

I am sort of in a same boat as you are, I am currently working in Wireless network industry for AT&T. I have been in it for more than 5 years now. I started here straight out of college.
Now, I am slowly trying to make a move on to a new path of Cyber security; I have completed a 12 month cyber security curriculum through Champlain College, and I have also completed my Sec+ a few months back.

I am currently trying to expose myself to a little bit of Cloud fundamentals, and hoping to get CCNA cyber ops done over next 6-9 months.

jamesindc

Daniel333 said:

I'd love to hear what about IT security is interesting you? That's a big part of this. What's making you fall in love with IT sec?

You might want to consider focusing on more proven vendors to build your base out a little more. Cisco and Microsoft and Linux all the way.

CCNA is a okay start, but really won't make you employable for a fair wage. Cisco also has AMAZING user groups and online communities that are FREE unlike Comptia or ISC2 where you can build your network. Last event I went to a couple year ago they GAVE me 4x 3560s and some WAPs for a project i was working on. Top it off they brought in food, beer, free lab time and as you certed up there was literally a women in the room working as a recruiter offering same week interviews

Anyhow I am numbers guy so here is how I see it. YOU GOTTA get the base experience .... looks for hands on certs that help bridge the learning gap. Read: Extensive labs.

But lets also consider MORE jobs means more likely someone will give you a chance with a gap or two. Higher compensation averages means more career growth. I am in the Oakland, California area so here is what I see available.

CISSP
Jobs Near me: 89 asking for this cert
Compensation: between $78,788 and $119,184.
Thoughts: The CISSP isn't hard, but it's also not practical. Its designed to prove your generalist knowledge. It's more IMHO about the ISC2 community. While there are plenty of jobs who ask for the cert, you wont get to an interview without some solid stuff on your list of experience. I just checked at there are only 89 jobs near me asking for the CISSP.

Security+
Jobs Near me: 0
Compensation: $42,128 – $95,829
Thoughts: Security+ has no value either unless coupled with other more tangible certifications. If you do it for your own education or because you want to be an early adopter to Comptia new security track (Sec+ > Pentest+ > CySy+ > CASP+) then there is value. Assuming you complete the CASP track, you can expect a whopping 3 jobs asking for it with compensation running from just below a living wage to more than fair ($58,526 to $115,032)

CCNP Security
Jobs Near me: 1,298
Compensation: $41,022 - $133,590
You can get better value by focusing on certifications that have a little more crunch to them. CCNP Security will certainly given you the solid more detailed understanding of security that the Comptia or ISC2 track will do. But give you actual applicable skills that are in real demand. .

CCIE Securtiy
Jobs Near me: 1,303
Compensation: $141,399
CCIE security is an investment of a couple years of your life and a good $10k over that time. But it's a cert that can't be "bought", it can only be earned. And if you're serious about network securty is a great start. Cisco also has AMAZING user groups and online communities that are FREE unlike Comptia or ISC2 where you can build your network.

MCSE + Security
Jobs Near me: 1,307
Compensation: $97,494
Microsoft is still the goto government and enterprises and that isn't slowing down. Their modern MCSE program teaches windows, cloud and security. It's still a gold standard for IT skills. Microsoft's parter and MCP communities and users groups are also still very strong rivaling the paid communites ISC2/Comptia offer.

Redhat Certified Architect + Security
Jobs Near me: 1,284
Compensation: $116,800.
Linux is not stopping and effectively is the Cloud. Redhat (and it's clones) run the Enterprise and gov. Securiyt is more than practices and PKI. It's automation, it's platforms, it's virtualization, it's cloud. Redhat's archtect track is VERY flexible and it's another cert that can't be faked. It's lab first model ensures you're not a good test taker, but actually a Redhat expert.

This is a great write-up of certs and their values....

For me, I'll have my CCNA R&S within a month or two. I also have Network+ and Security+. I was considering going for Linux+ certification or do you think a RHCSA cert would be more valuable? My work experience has been working Tier 1 support roles only.

Any advice would be appreciated!