Options

Am i underselling myself with Security+ certification and not CISSP? Please read

2»

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,043 Admin
    If you have the professional work experience to qualify for the full CISSP certification then go for the CISSP. Only do the Security+ (or SSCP) if you don't have the professional work experience, or you want some serious prep for the CISSP exam. The CISSP is the only cert I have that anyone cares is renewed. All my other certs I let expire and there has been no negative consequences.
  • Options
    Goteki54Goteki54 Member Posts: 79 ■■■□□□□□□□
    JDMurray said:
    If you have the professional work experience to qualify for the full CISSP certification then go for the CISSP. Only do the Security+ (or SSCP) if you don't have the professional work experience, or you want some serious prep for the CISSP exam. The CISSP is the only cert I have that anyone cares is renewed. All my other certs I let expire and there has been no negative consequences.

    rs23 said:
    Goteki54 said:
    rs23 said:
    Goteki54 said:
    rs23 said:
    Goteki54 said:
    rs23 said:
    I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.

    I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?

    Thank you

    I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
    That is an interesting take. What is the logic behind going for CCNA security? honest question. My original goal was Security+, CISSP and AWS SA associate
    I just did a took a glance at the AWS AS associate, it's an intermediate certification, CISSP is an advanced security management cert.. From the order you presented , you want to go from entry level, to advanced ,to intermediate. From what I've read from your first post, your goal is Security, if that's the case then how does AWS SA associate fits into the equation for you? I stated CCNA Security, because I felt since you had the CCNA cert before then getting the CCNA would be an easy pick up for an intermediate security cert to go along with the Security +. Here's why I wouldn't go for CISSP right off the bat. CISSP as we know is a security management cert requiring or expecting  that the person has 5 years of experience in order to get the full certification. If the goal is to get full certification, then one has to have the accumulated experience to get it. To get the experience in the roles that will fulfill those requirements will require an intermediate security cert to do so along with Security+.

     Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you  need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.

     I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold.  My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
    I agree with your logic. I believe i have the 5 years required experience. My goal for doing AWS cert was to get into the cloud security domain. 

    Ok, got it.  Well if you feel you have the 5 years, then I would say get the Security+ as you planned, then go for the CISSP then and AWS SA. That path makes sense. Just curious, since you want to go into cloud security, what do you think of ISC(2) Certified Cloud Security Professional?
    I was told getting a vendor specific cert will be more beneficial for my experience. I do plan to look closer at Ccsp after I switch roles in a year or 2. 


    You can get Security+ if you don't have any I.T experience at. SSCP you have to have at least one year of verified I.T Security experience to get full certification.

    CompTIA A+, Network+, Security +., SSCP
  • Options
    kaijukaiju Member Posts: 453 ■■■■■■■□□□
    Both CISM and CISSP satisfy IAMII and III
    CISA satisfies IATIII and CSSP auditor.
    Yes, CISSP satisfies IASAEI/II but so does CASP and CSSLP.

    Why CCNA security? CCNA Sec not only satisfies the IATII baseline security cert but also shows that a person has networking knowledge. Great cert for someone working in a NOC or SOC.

    As far as the checkbox is concerned for federal/military contracting positions, all personnel must meet the 8570 baseline requirements for their position. I have actually seen people with MCSE/CCNP/ITIL lose 6 figure IATII federal contracting jobs because they could not pass Sec+ 401 CE after being audited. They were carryovers from a previous contract and held the lifetime Sec+ 301 cert instead of the newer CE version. 

    So if you are trying to get a federal/military contracting job Sec+ and a related OS cert (MTP/MCP/MCSA/MCSE/Linux+/RHCA/RHCE/CCENT/CCNA/CCNP... so forth) at a minimum are a must. If you are looking for public sector then pursue whatever baseline security cert is required.

    If you know you have the required 5 years of experience for CISSP and will be able to function with ease in a position that requires the cert then by all means take CISSP. 


    Oh yea, GOOD LUCK!
    Work smarter NOT harder! Semper Gumby!
Sign In or Register to comment.