Do I need CISSP?

Big-JJ

Would you guys recommend me going for CISSP when I have CISA, CISM and CRISC? Will it add any further value?

My career started off as Info sec analyst. I then moved on to IT/security audit. I did it for 5-6 years. I lost interest and now doing mostly performance/operational/financial audit. I would not want to go back into info sec tho. But I am guessing CISSP might help when I am shooting for Director of Internal Audit someday. Then again I am not sure if it would be wise to invest time and money. My work will not cover costs.

Any thoughts?

NetworkNewb

Does the job ad for positions you want look for someone who has it? If not, then no. No need to over think past that.

Big-JJ

NetworkNewb wrote: »

Does the job ad for positions you want look for someone who has it? If not, then no. No need to over think past that.

It usually says some combinations of masters, CPA, CIA, CISA, CISM, CISSP etc.

soccarplayer29

Based on your situation and goal to be in position for Director of Internal Audit I was going to suggest CISM...which you already have.

I think you have the qualifications necessary already and CISSP would be more of a cherry on top. You could also consider Certified Internal Auditor (CIA) or Certified Fraud Examiner (CFE) to round out into those operations/financial audits that you're conducting and would be overseeing. If you wanted to move into a IT Audit Senior/Manager type role then CISSP would be more relevant there I think but if you're going right to director you can probably skip it.

Edit: I just realized you already have CIA and CFE. You're checking all those Internal Audit requirements. CISSP makes logical sense if you're dealing with technical audits but still think you can oversee/rely on your staff for that knowledge if you're in a director type role.

gespenstern

I say no.

Unless it is required to fill a particular position.

I'd skip it if I were you, it's more of a time wasted as CISM is roughly of the same value and knowledge.

Also, unless you want to refresh your knowledge on areas CISSP tests and are willing to spend time on it.

Life is short, one'd better do what is necessary to advance and skip wasting valuable time on things with low ROI.

DatabaseHead

gespenstern wrote: »

I say no.
Life is short, one'd better do what is necessary to advance and skip wasting valuable time on things with low ROI.

Someone who gets it. Well said....

Info_Sec_Wannabe

Big-JJ wrote: »

I would not want to go back into info sec tho. But I am guessing CISSP might help when I am shooting for Director of Internal Audit someday. Then again I am not sure if it would be wise to invest time and money.

If you've already lost interest in info sec, I doubt you'll find the time to prepare for the exam considering the amount of effort it requires. But then again, it wouldn't hurt to read through some of the topics, who knows, it may re-kindle the fire in you.

beads

If your current or next employer wants the cert added to the alphabet soup then sure, go ahead and bore yourself with yet another credential. Since your post indicates a number of already high end certs I would either tend to avoid or pare down the list to what is most relevant to the position at hand.

Even though this is a pro-certification board I do feel one can have too many certs as well.

- b/eads

shimasensei

CISA, CRISC, CASP are certs in a similar level as the CISSP. Maybe not, unless they explicitly need you to take it.