Should I go for CISSP, or something else?

SHADOWSTRIKE1SHADOWSTRIKE1 Server & Network AdministratorMember Posts: 3 ■□□□□□□□□□
Hey everybody,

This is my first post here, and I'm trying to get some advice on certification/career trajectory.  I currently work as a "Network & Server Administrator" at a company I've been in for the last 5 years after getting hired immediately out of college.  While in college, I worked for two years for an online college as general "IT services" doing basic helpdesk work.  This past year, I decided to dive into certifications to gain some knowledge and fix some Impostor Syndrome.  In October, I passed CCNA.  In January, I passed Security+.  Last month I took AZ-900 for fun because I thought cloud was interesting and wanted to dip my toes and also diversify my resume a bit.  I also took NSE 1 & 2 if you want to count those.  So overall, I have 7 years of IT working experience, a Bachelors in CIT, and a couple certs under my belt.

Recently I've been feeling that I should change career direction towards Security after discussing things with our corporate office's security team.  Long story short, I lead our "Network & Security" team here in my office, but most security work is performed by our corporate office.  I'm like the main point of contact, so I get involved in incident response, and assign patching as needed.  Anyway, a lot of the guys over there suggested that I get more into Security rather than Networking, and they recommend I go for CISSP (almost all of them have it).

Now, I have the years of work requirement, and my job responsibilities certainly fill out at least 2 domains.  So that's not my concern... my main question is if this certification would be manageable for someone of my skill level?  Unfortunately my job hasn't required me to stretch my skills very far, and I've never had someone to mentor me, so mostly over the years it's been up to me to seek out new knowledge.  I guess the main question is if it's a good idea to just jump right into CISSP?  Or should I do something like CySA+, eJPT, or CEH first?  

I have no idea what type of job I'm looking to jump into.  I'm kind of at this point in my career where I feel I need to focus on a specialty and go with it.  I've been stretching myself between networking, sysadmin work, server admin, sql database admin, etc. for a while, and it's caused me to get into a "jack of all trades, master of none" situation... which is nice that it gives me a variety of things to do, but I hate being at a starter level with all these things.  All I know is that I've been told the Cybersecurity market is booming, and more lucrative than Networking.  

Second, what types of jobs should I be looking for after I get CISSP or another cert?  I'm kind of planning on moving to the northern VA area, as I hear there's lots of opportunity there.  Currently I'm making around 57K at my current job, but hoping I'd be able to find something around that range (or ideally a bit higher due to the higher COL in NOVA).  Just not sure what type of positions I should be on the lookout for.

Any advice would be a huge help.  If any of you have some experience, and feel like giving me a "if I had to do it all over again, this is what I would do", it would be greatly appreciated.

Comments

  • SteveLavoieSteveLavoie Member Posts: 961 ■■■■■■■■□□
    I would recommend you that you start with Security+ or ISC2 SSCP. Those basic infosec certification.   eJPT is a pentesting certification, it is a fun experience to do, but you should get a basic infosec certification.  You probably have enough experience to qualify for ISC2, however you could find the exam quite wide and I would suggest that you take a longer path.
  • SHADOWSTRIKE1SHADOWSTRIKE1 Server & Network Administrator Member Posts: 3 ■□□□□□□□□□
    I would recommend you that you start with Security+ or ISC2 SSCP. Those basic infosec certification.   eJPT is a pentesting certification, it is a fun experience to do, but you should get a basic infosec certification.  You probably have enough experience to qualify for ISC2, however you could find the exam quite wide and I would suggest that you take a longer path.
    Thanks for the response.  I did take my Security+ at the start of January, and passed with an 809.  So I think I have the basics down... though I felt that exam was very basic.  I thought it would be a good launching point before getting into CISSP, but with how easy it was, I'm not quite sure it was the stepping stone I thought it would be.  I mean, maybe it is and that was a good demonstration that I'm ready to take on CISSP... but I have no idea.  I originally was going to take SSCP before CISSP, but people said I shouldn't waste my time and just go for CISSP.

    Yeah, I understand eJPT isn't very well-known, and probably doesn't hold much weight... but from what I've read, it sounds like a lot of fun.  I also don't have a ton of experience with Linux and pentesting in general (my work just hires some company that basically does an automated pentest and sends us a list of vulnerabilities it found).  So I thought adding a bit of pentesting experience to my resume would help... but not sure if it's something I should do later after I've worked through CISSP or something else.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,171 Admin
    I originally was going to take SSCP before CISSP, but people said I shouldn't waste my time and just go for CISSP.

    I did the SSCP to prep for the CISSP, but that was many years ago. The idea now is to go straight for the CISSP--even bypassing the Sec+--if you have the experience to qualify for the full certification.
  • SteveLavoieSteveLavoie Member Posts: 961 ■■■■■■■■□□
    I think Security+ == ISC2 SSCP.. so doing either one is nice.  eJPT is a fun and inexpensive certification.. INE starter Pass is free (course and lab), then only 200$ for the exam (and a free retake is included, but you should verify).
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,171 Admin
    edited March 3
    I'm gonna say that the latest Security+ exam (R6) is more difficult than the SSCP because the target market of the SSCP is much smaller than the Sec+ and the CompTIA does a much better job of keeping the informational content of Sec+ relevant and update-to-date. I really recommend Sec+ -> CISSP and forget the SSCP.
Sign In or Register to comment.