Do I need CISSP?

Big-JJBig-JJ Posts: 44Registered Members ■■□□□□□□□□
Would you guys recommend me going for CISSP when I have CISA, CISM and CRISC? Will it add any further value?

My career started off as Info sec analyst. I then moved on to IT/security audit. I did it for 5-6 years. I lost interest and now doing mostly performance/operational/financial audit. I would not want to go back into info sec tho. But I am guessing CISSP might help when I am shooting for Director of Internal Audit someday. Then again I am not sure if it would be wise to invest time and money. My work will not cover costs.

Any thoughts?

Comments

  • NetworkNewbNetworkNewb Posts: 3,116Registered Members ■■■■■■■■□□
    Does the job ad for positions you want look for someone who has it? If not, then no. No need to over think past that.
  • Big-JJBig-JJ Posts: 44Registered Members ■■□□□□□□□□
    Does the job ad for positions you want look for someone who has it? If not, then no. No need to over think past that.

    It usually says some combinations of masters, CPA, CIA, CISA, CISM, CISSP etc.
  • soccarplayer29soccarplayer29 Senior Member Posts: 226Registered Members ■■■□□□□□□□
    Based on your situation and goal to be in position for Director of Internal Audit I was going to suggest CISM...which you already have.

    I think you have the qualifications necessary already and CISSP would be more of a cherry on top. You could also consider Certified Internal Auditor (CIA) or Certified Fraud Examiner (CFE) to round out into those operations/financial audits that you're conducting and would be overseeing. If you wanted to move into a IT Audit Senior/Manager type role then CISSP would be more relevant there I think but if you're going right to director you can probably skip it.

    Edit: I just realized you already have CIA and CFE. You're checking all those Internal Audit requirements. CISSP makes logical sense if you're dealing with technical audits but still think you can oversee/rely on your staff for that knowledge if you're in a director type role.
    Certs: CISSP, CISA, PMP
  • gespensterngespenstern Posts: 1,243Registered Members ■■■■■■■□□□
    I say no.

    Unless it is required to fill a particular position.

    I'd skip it if I were you, it's more of a time wasted as CISM is roughly of the same value and knowledge.

    Also, unless you want to refresh your knowledge on areas CISSP tests and are willing to spend time on it.

    Life is short, one'd better do what is necessary to advance and skip wasting valuable time on things with low ROI.
  • DatabaseHeadDatabaseHead Posts: 2,284Registered Members ■■■■■■■■□□
    I say no.
    Life is short, one'd better do what is necessary to advance and skip wasting valuable time on things with low ROI.

    Someone who gets it. Well said....
  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Posts: 342Registered Members ■■■□□□□□□□
    Big-JJ wrote: »
    I would not want to go back into info sec tho. But I am guessing CISSP might help when I am shooting for Director of Internal Audit someday. Then again I am not sure if it would be wise to invest time and money.

    If you've already lost interest in info sec, I doubt you'll find the time to prepare for the exam considering the amount of effort it requires. But then again, it wouldn't hurt to read through some of the topics, who knows, it may re-kindle the fire in you. :)
    Three year plan: (2018 ) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
  • beadsbeads Posts: 1,403Registered Members ■■■■■■■■□□
    If your current or next employer wants the cert added to the alphabet soup then sure, go ahead and bore yourself with yet another credential. Since your post indicates a number of already high end certs I would either tend to avoid or pare down the list to what is most relevant to the position at hand.

    Even though this is a pro-certification board I do feel one can have too many certs as well.

    - b/eads
  • shimasenseishimasensei Senior Member Posts: 240Registered Members ■■■□□□□□□□
    CISA, CRISC, CASP are certs in a similar level as the CISSP. Maybe not, unless they explicitly need you to take it.
    Current: BSc IT + CISSP, CCNP:RS, CCNA:Sec, CCNA:RS, CCENT, Sec+, P+, A+, L+/LPIC-1, CSSS, VCA6-DCV, ITILv3:F
    Future Plans: MSc + MCSA, PMP, CCNPx...
Sign In or Register to comment.