A Certified Public Accountant pursuing CISSP needs help

yeo34thyeo34th Registered Users Posts: 6 ■■□□□□□□□□
Hello Guys,

I am a CPA with only 6 months experience in IT Audit who is considering to switch career into cyber security.

I have bee studying for CISSP using AIO and Cybrary and was able to go through first two domains without much difficulties but I feel like I hit the wall at domain 3 (Security Engineering)

It appears to me that I will need to have at least basic IT/Computer science/Network fundamentals down and asking your advises on how to tackle them.

Please share your insight for website/book that provides good fundamentals and also if you think 4 months of studying with average of 25 hours a week sounds enough to prepare for the exam.

I appreciate your input in advance.




  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    First, you need 5 years of experience in security (with some certs/education, you can get 1 year waiver), to be able to get the CISSP certification. It is not only an exam. However, if you pass the exam before, you can get the Associate of ISC2 title.

    I think your time estimate is wrong. I have 15 years of mixed IT experience, and I took at least 150 h to study/practice this exam. I didnt need to learn basic IT/network too.
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    CISSP is a rigorous information security certification and isn't for people looking to make the jump into cybersecurity but instead for those who have been practitioners/infosec managers for many years (hence the experience requirement which you're likely not to meet).

    CISSP is a great longer term goal but as you are looking to transition to cybersecurity there is a better path.

    Since you're a CPA with limited IT audit experience the logical progression is ISACA CISA. This will touch on the auditing process as well as some technologies. Domain 5 is the most technologically focused CISA domain and may help prepare you for other IT certifications. CISA is highly regarded, is rigid, and is still very difficult. You don't meet the security requirements but would be able to attempt/pass the exam before you gain such experience and then once you do you can apply for CISA certification.

    CompTIA Security+ is another alternative/complimentary certification which requires 1 year of experience I believe and will touch on many of the technology areas to help prepare you to take on the beast that is CISSP.

    You need to create a path/plan to move into cybersecurity. It should include learning (certifications, education) and job experience. Here are my recommendations.

    Certifications: CISA -> Security+ -> TBD (CySA+, eJPT, CEH, SANS) -> CISSP
    Education: If you already have a bachelors in any field that probably fine and you can proceed with just certs...if you don't then you may want to look at WGU to earn a bachelors along with a bunch of relevant cyber certs.
    Job Experience: You have 6 months of IT audit experience-- keep going with that. There are lots of opportunities in IT audit and you can gain lots of experience in different enterprise environments which will expose you to new tools/processes. This will expand your skillset and help your education and overall value.
    Certs: CISSP, CISA, PMP
Sign In or Register to comment.