Am i underselling myself with Security+ certification and not CISSP? Please read

rs23rs23 Member Posts: 27 ■■■□□□□□□□
I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

Thank you
«1

Comments

  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,125 ■■■■■■■■□□
    Many people (myself included) see Security+ as a stepping stone and not a final destination. A lot of Security+ material is covered in CISSP. Consider continuing your Security+ studies and then go right into CISSP when you pass. Getting that first certification will give you the confidence and the practice you need to pursue something higher. Also, look at the CISSP requirements. If you don't have the necessary experience, you could still take and pass CISSP, but you would not be awarded the certification until you have gained the appropriate level of experience.
  • RinzlerRinzler Member Posts: 34 ■■■□□□□□□□
    I agree with tedjames. Think of it as 'Security+ CE' as making the cake then 'CISSP' as masterfully putting the icing on the cake. Good luck...

    icon_study.gif
  • rs23rs23 Member Posts: 27 ■■■□□□□□□□
    Just curious, how easy is to recertify through CPE for both?
  • Tekn0logyTekn0logy CISSP, C|EH, Security+, Netwoork+ Member Posts: 106 ■■■□□□□□□□
    rs23 wrote: »
    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. What do you guys think?

    I think you should stick to your plan. Get your feet wet with Security+ and then move up QUICKLY. Don't rest on your laurels between certs so you don't get brain-drain. I would also get an industry specific cert as well.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Tekn0logy wrote: »
    I think you should stick to your plan. Get your feet wet with Security+ and then move up QUICKLY. Don't rest on your laurels between certs so you don't get brain-drain. I would also get an industry specific cert as well.

    Seems like a waste of $300 for the exam + cost of book/materials + time taking the test, just for something that will borderline useless for you in short period of time.

    Then there is the chance you might want to take a break after it. Just my thought though... if you want something go right for it.
  • SteveLavoieSteveLavoie Member Posts: 760 ■■■■■■□□□□
    I did SSCP from ISC2 as an alternative to Security+ on my way to CISSP. The exam difficulty is quite similar to Sec+. Also, when you will be CISSP, most CPE acquired can be used to keep your SSCP active.
  • mattster79mattster79 Member Posts: 135 ■■□□□□□□□□
    Bite the bullet and go for the CISSP. It’ll be hard work but it’s worth the effort.
    CISSP
    CISM
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SAA, CCSK Member Posts: 471 ■■■■■■■□□□
    rs23 wrote: »
    Just curious, how easy is to recertify through CPE for both?
    CISSP has something like 40 hours requirement per year, plus a fee every 3 years. The hours can be claimed in webinars, other training opportunities, conferences attended, and even podcasts. The requirements are not hard to meet, and get very easy if you're involved elsewhere and keep learning/training as you go.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • ThePawofRizzoThePawofRizzo SSCP, A+, N+, Sec+, CySA+, Cloud+, CWTS Member Posts: 389 ■■■■□□□□□□
    If you've already been studying go for Sec+. Just another feather. It is foundational security, but it is well known. Then do CISSP. The SSCP is similar - a bit harder I thought - than Sec+, but the material you learn for SSCP is closer to the basics for CISSP, in my opinion. So, if you don't consider Sec+, but want to earn a cert sooner, yet still be on track studying for CISSP, then consider SSCP.
  • PC509PC509 CISSP, CEH, CCNA: Security/CyberOps, Sec+, CHFI, A+, Proj+, Server+, MCITP Win7, Vista, MCP Server 2 Oregon, USMember Posts: 797 ■■■■■■□□□□
    I'd disagree with others. I'd go straight for the CISSP. With the CCNA & CEH behind you and your education, you have a good background with the networking and security foundations. With the employment experience, you've got a good head start on the CISSP. I wouldn't waste time on the Sec+, which will be a lot of review of what you already know, stress of an exam that may not be that big of a deal employment wise, and costs a few hundred bucks. I'd just dedicate time to the CISSP and go for that. Especially with a family, you don't want to spread yourself too thin going for the Sec+ and then really spending a lot more time and effort into the CISSP.

    Sec+ is a great foundation certification. I hold it pretty high. However, with your background, I feel it'd most likely be a review and a cert just to have a cert. Not getting the Sec+ won't hold you back any when getting the CISSP. You've got the foundation already.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SAA, CCSK Member Posts: 471 ■■■■■■■□□□
    I agree with the previous poster. With your experience, honestly, the Sec+ isn't going to add anything. It won't get you noticed nor will it contribute to a specific new job unless you already have something lined up or in mind that requires it.

    That said, studying for the Sec+ is quite similar to studying for the CISSP, so other than some money and time, you're not necessarily out a whole lot. But CISSP should be your next focus. That one will get you noticed and contacted and called up.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • chapterchapter Member Posts: 14 ■■□□□□□□□□
    Just study CISSP for 2 months. You have experience plus CCNA & CEH - you will be fine.
  • rs23rs23 Member Posts: 27 ■■■□□□□□□□
    Thank you everyone. All of you have given me valuable input. I appreciate your time!
  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project, CAPM, RMP Member Posts: 2,522 ■■■■■■■■■□
    Good luck on the CISSP
  • scascscasc Member Posts: 260 ■■■■□□□□□□
    Agree with the ones who are saying go straight for CISSP. Don’t waste time and bite the bullet. You will pass this it’s not impossible. If you want to go down cloud route I’m inclined to say forget about CCSP etc and go straight for Azure or AWS. I’ve seen people with CCSP who can’t advise on AWS controls as they don’t get it.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GCCC, CEH, CHFI, TOGAF, CISMP
  • rs23rs23 Member Posts: 27 ■■■□□□□□□□
    I have never worked on AWS. So would you suggest AWS Solutions architect associate? I believe that is the starting point.
    scasc wrote: »
    Agree with the ones who are saying go straight for CISSP. Don’t waste time and bite the bullet. You will pass this it’s not impossible. If you want to go down cloud route I’m inclined to say forget about CCSP etc and go straight for Azure or AWS. I’ve seen people with CCSP who can’t advise on AWS controls as they don’t get it.
  • scascscasc Member Posts: 260 ■■■■□□□□□□
    100%. Provided an excellent foundation. Also get the free aws security fundamentals course - 4 hours long, that’s really good.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GCCC, CEH, CHFI, TOGAF, CISMP
  • ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEP Member Posts: 444 ■■■■□□□□□□
    With 10 years experience I would definitely go for the CISSP. Especially if you are doing this for career growth. and then you can move onto CCSP or CCSK.
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • laurieHlaurieH Member Posts: 109 ■■■□□□□□□□
    Depends a bit on what you want to do. But seeing as you already seem to have lots of experience and are already in a management position I would think you should just get the CISSP - the Sec+ is a waste of time in my opinion. Fine if you want to be more hands on or don't have much experience but it's not really suited to your situation.
    CCNA - expired
    CISSP - live n' kickin'
    My CISSP study apps
    My CISSP study advice blog
  • Goteki54Goteki54 SSCP, A+, Network +, Security + BaltimoreMember Posts: 79 ■■■□□□□□□□
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    CompTIA A+, Network+, Security +., SSCP
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SAA, CCSK Member Posts: 471 ■■■■■■■□□□
    I want to join in, too! With your experience and goals, I would say skip the Sec+. It's not going to open any door for you that your experience doesn't already open. Even if you get it, it's a step, while the CISSP is going to still be your goal to achieve in the next calendar year or however long it'll take you. :) Normally I suggest students and those new to security or IT take Sec+ first. But for your experience, it wouldn't really add anything unless you feel like you'll learn from it.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • rs23rs23 Member Posts: 27 ■■■□□□□□□□
    Goteki54 said:
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    That is an interesting take. What is the logic behind going for CCNA security? honest question. My original goal was Security+, CISSP and AWS SA associate
  • DJVeritasDJVeritas GMON / CNDA / CEH / CB Defense Analyst Member Posts: 26 ■■■□□□□□□□
    Go with the CISSP first.  
  • Goteki54Goteki54 SSCP, A+, Network +, Security + BaltimoreMember Posts: 79 ■■■□□□□□□□
    rs23 said:
    Goteki54 said:
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    That is an interesting take. What is the logic behind going for CCNA security? honest question. My original goal was Security+, CISSP and AWS SA associate
    I just did a took a glance at the AWS AS associate, it's an intermediate certification, CISSP is an advanced security management cert.. From the order you presented , you want to go from entry level, to advanced ,to intermediate. From what I've read from your first post, your goal is Security, if that's the case then how does AWS SA associate fits into the equation for you? I stated CCNA Security, because I felt since you had the CCNA cert before then getting the CCNA would be an easy pick up for an intermediate security cert to go along with the Security +. Here's why I wouldn't go for CISSP right off the bat. CISSP as we know is a security management cert requiring or expecting  that the person has 5 years of experience in order to get the full certification. If the goal is to get full certification, then one has to have the accumulated experience to get it. To get the experience in the roles that will fulfill those requirements will require an intermediate security cert to do so along with Security+.

     Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you  need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.

     I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold.  My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
    CompTIA A+, Network+, Security +., SSCP
  • rs23rs23 Member Posts: 27 ■■■□□□□□□□
    Goteki54 said:
    rs23 said:
    Goteki54 said:
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    That is an interesting take. What is the logic behind going for CCNA security? honest question. My original goal was Security+, CISSP and AWS SA associate
    I just did a took a glance at the AWS AS associate, it's an intermediate certification, CISSP is an advanced security management cert.. From the order you presented , you want to go from entry level, to advanced ,to intermediate. From what I've read from your first post, your goal is Security, if that's the case then how does AWS SA associate fits into the equation for you? I stated CCNA Security, because I felt since you had the CCNA cert before then getting the CCNA would be an easy pick up for an intermediate security cert to go along with the Security +. Here's why I wouldn't go for CISSP right off the bat. CISSP as we know is a security management cert requiring or expecting  that the person has 5 years of experience in order to get the full certification. If the goal is to get full certification, then one has to have the accumulated experience to get it. To get the experience in the roles that will fulfill those requirements will require an intermediate security cert to do so along with Security+.

     Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you  need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.

     I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold.  My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
    I agree with your logic. I believe i have the 5 years required experience. My goal for doing AWS cert was to get into the cloud security domain. 
  • Goteki54Goteki54 SSCP, A+, Network +, Security + BaltimoreMember Posts: 79 ■■■□□□□□□□
    rs23 said:
    Goteki54 said:
    rs23 said:
    Goteki54 said:
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    That is an interesting take. What is the logic behind going for CCNA security? honest question. My original goal was Security+, CISSP and AWS SA associate
    I just did a took a glance at the AWS AS associate, it's an intermediate certification, CISSP is an advanced security management cert.. From the order you presented , you want to go from entry level, to advanced ,to intermediate. From what I've read from your first post, your goal is Security, if that's the case then how does AWS SA associate fits into the equation for you? I stated CCNA Security, because I felt since you had the CCNA cert before then getting the CCNA would be an easy pick up for an intermediate security cert to go along with the Security +. Here's why I wouldn't go for CISSP right off the bat. CISSP as we know is a security management cert requiring or expecting  that the person has 5 years of experience in order to get the full certification. If the goal is to get full certification, then one has to have the accumulated experience to get it. To get the experience in the roles that will fulfill those requirements will require an intermediate security cert to do so along with Security+.

     Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you  need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.

     I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold.  My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
    I agree with your logic. I believe i have the 5 years required experience. My goal for doing AWS cert was to get into the cloud security domain. 

    Ok, got it.  Well if you feel you have the 5 years, then I would say get the Security+ as you planned, then go for the CISSP then and AWS SA. That path makes sense. Just curious, since you want to go into cloud security, what do you think of ISC(2) Certified Cloud Security Professional?
    CompTIA A+, Network+, Security +., SSCP
  • rs23rs23 Member Posts: 27 ■■■□□□□□□□
    Goteki54 said:
    rs23 said:
    Goteki54 said:
    rs23 said:
    Goteki54 said:
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    That is an interesting take. What is the logic behind going for CCNA security? honest question. My original goal was Security+, CISSP and AWS SA associate
    I just did a took a glance at the AWS AS associate, it's an intermediate certification, CISSP is an advanced security management cert.. From the order you presented , you want to go from entry level, to advanced ,to intermediate. From what I've read from your first post, your goal is Security, if that's the case then how does AWS SA associate fits into the equation for you? I stated CCNA Security, because I felt since you had the CCNA cert before then getting the CCNA would be an easy pick up for an intermediate security cert to go along with the Security +. Here's why I wouldn't go for CISSP right off the bat. CISSP as we know is a security management cert requiring or expecting  that the person has 5 years of experience in order to get the full certification. If the goal is to get full certification, then one has to have the accumulated experience to get it. To get the experience in the roles that will fulfill those requirements will require an intermediate security cert to do so along with Security+.

     Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you  need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.

     I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold.  My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
    I agree with your logic. I believe i have the 5 years required experience. My goal for doing AWS cert was to get into the cloud security domain. 

    Ok, got it.  Well if you feel you have the 5 years, then I would say get the Security+ as you planned, then go for the CISSP then and AWS SA. That path makes sense. Just curious, since you want to go into cloud security, what do you think of ISC(2) Certified Cloud Security Professional?
    I was told getting a vendor specific cert will be more beneficial for my experience. I do plan to look closer at Ccsp after I switch roles in a year or 2. 
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,986 ■■■■■■■■□□
    A current CISSP is a must if you want to do federal consulting.  I met a guy at a security conference that knew the guys who developed the OSCP, and thought certifications were a waste, but he still had a CISSP, because expert hacker or not, many federal agencies require that check box if you want to do security work for them.  


    Still searching for the corner in a round room.
  • MickyDeeMickyDee Member Posts: 32 ■■■□□□□□□□

    @techgromit

    If someone were so inclined, couldn't they also do the CISA/CISM for meeting the cert requirement for federal consulting instead of the CISSP? I'm just going by the DOD 8570 chart, so just wondering if you knew.

  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,986 ■■■■■■■■□□
    edited November 2018
    I think the chart is pretty self explanatory, a CISA only gets you Information Assurance Technical (IAT) Level III, CISM Information Assurance Management (IAM) to Level II, the CISSP is a valid cert for the Information Assurance architecture and engineering areas (IASAE) Level II and everything below that. I guess it would depend on what exactly your consulting for what level they would require.  In short the CISSP gives you the most bang for the buck. 
    Still searching for the corner in a round room.
Sign In or Register to comment.