Advice on certification path...

sleemiesleemie Member Posts: 109
I'm scheduled to take a CISSP course in July to begin pursuing the certification, and I know that a one week course does squat to really get you prepared. I'm not sure if this is really what I should be going for. I'm not so much concerned that it would be difficult to do for someone with my limited experience, but i'm wondering if the effort will be worth the reward.

This is my situation. I'm a network admin, not officially designated as such, but with my knowledge and experience I would say a jr level. I want to get some security knowledge and experience under my belt only because it's the hot thing right going right now. I have no intention of leaving my job and I wouldn't get any immediate promtion from having the CISSP. It might help me broaden my scope of resonsiblity and help me for future promotions. I'm also thinking of retirement, althouth it's like 15 years away at least, but i'm thinking of being in the position to do consulting work in the info security arena. I also like the hands on techy side of things and wouldn't want to become a report writer.

So, would it make any sense for me to go through all the trouble when I have no intention of looking for another job anytime soon, and it won't get me a promotion anytime soon, if ever. Are there other cert paths that would be more appropriate for advancing my security knowledge and career. Also, if I choose to cancel this class and go with something else and then later down the road want to go for the cert but the class isn't available to me, is that really a big loss? I guess I'm asking how useful is the class really?



  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□

    The CISSP works the other way around. You're supposed to get the experience and knowledge under your best FIRST, then sit the exam.

    1. Do you really expect to pass the CISSP with little to no security experience? People who have years of experience often struggle with this exam. You will have questions thrown at you not really related to something you've read in any book or study guide, but you would have normally dealt with in your experiences. The exam prep stuff gives you an understanding of most of the concepts, for example, you'll learn security management concepts. However, the test will test your knowledge along the lines of that concept, for example, what do you do in a certain situation.

    2. The companies who are hiring CISSP's are usually security consulting companies or larger companies needing a CISSP or two to head their security teams. You wont land either of these positions without relevant experience. The jobs that are out there asking for a CISSP that don't fall into one of the two categories I just named are the ones wanting to hire a CISSP and pay a desktop support technician salary.

    If you really want to get into the field, I would suggest starting with something a little lighter like Security+ or some of the lower level SANS certs. Then work into LPT, CEH or SSCP. From there you'll be much more prepared for the CISSP. Remember this exam covers 10 domains. Most of us who have successfully passed it are usually experienced in 1 to 3 of the domains.

    Let us know what you decide.
Sign In or Register to comment.