Comptia Sec+ vs CISSP?

ntnguyenmba

Which one of the two is a harder exam in your opinion?

Find more posts tagged with

cissp

Security+ certification

comptia

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

kaiju

CISSP is definitely more difficult. If you do not have a strong Cyber background or do not meet the requirements to get the full CISSP cert, it would best to get Sec+ and then work your way up to CISSP. There are plenty of other certs that fall between Sec+ and CISSP.

Tekn0logy

If you have an extensive background that covers the domains of the CISSP and have the money to sit for the exam without any possibility of a free re-take, by all means go for it. If you have no cyber/security/management/enterprise experience, the CISSP exam is not for you. Network+, Security+, CySa should be on your roadmap.

NetworkNewb

I'd probably compare the difficulty of two as similar as "driving a car down an empty neighborhood block in the suburbs" vs "driving a racecar in the Indy 500"

sunto

There's really no comparing them. Security+ is an introductory certification for those looking to acquire a baseline of security terminology and practices. CISSP is an advanced certification that is a mile wide and a mile deep.

JDMurray

The Security+ is considered to be an "entry-level" certification, but in its current revision (v5) it's really quite a difficult exam because of the breadth of the objectives (exam topics). However, the CISSP is still considerably more difficult as IT cert exams go.

I always advise that people who qualify for the full CISSP certification now should go for the CISSP, otherwise they should start with the Security+.

StrikingInfluencer

Comparing the Security+ would be like comparing an elementary school level course to a college level course. Security+ is a fantastic foundational level certification for those who are interested or passively interested in information security. The CISSP is for hardened security professionals (whether it's actual engineers / architects or managers) and you have to not only pass the test but have 5 years of verifiable experience in the field.

If you're looking to get started the Security+ is a great place to start. However, I would also recommend that even the Security+ itself is quite difficult and if you don't have at least A+ and Network+ levels of knowledge going into it, you might struggle.

mikey88

I'm seeing this trend on job postings that will list something like 'Industry certifications preferred such as Security+, CISSP'

Makes me scratch my head thinking 'huh? How are these in the same sentence together'

StrikingInfluencer

mikey88 said:

I'm seeing this trend on job postings that will list something like 'Industry certifications preferred such as Security+, CISSP'

Makes me scratch my head thinking 'huh? How are these in the same sentence together'

Yeah honestly I think this happens when managers with no certs / non-technical people create job reqs. At my company the CISSP is highly regarded, but very few people have it. They host yearly training boot camps for it and lots of people sign up but few actually get it. So when new positions are posted it's usually the hiring managers and HR going through some sort of 'wishlist' and so they just want to see some sort of cert whether it's Security+ or CISSP or C|EH. In reality the CISSP is really not very relevant to most of these positions and they would be better off looking for candidates with specific industry-related certs like a CCNA-Security or vendor certifications.

Not trying to crap on the CISSP as I have it. However, it's funny to see how many non-CISSP holders and managers want candidates that possess it but they don't even possess it themselves / have other team members that don't have it. I once interviewed for a position where the manager and his engineers actually asked CISSP questions straight from a practice test and I HAD a CISSP but none of them did. I should be grilling THEM on the CISSP --- pathetic...