Is the CISSP still the pièce de résistance on resumes for security management roles?
This is not meant to be a certification vs. experience poll. From what I hear both internal to my organziation and external, the general consensus still seems to be that CISSP is the way to go if you want to move into security management/architecture/advisory type roles.
Feel free to add an opinion in the comments, but let's keep it relevant, civil, and objective.
Feel free to add an opinion in the comments, but let's keep it relevant, civil, and objective.
Is the CISSP still the pièce de résistance on resumes for security management roles? 12 votes
Comments
-
JDMurray Admin Posts: 13,099 AdminYesPerception is reality; the perception by HR and hiring managers is that the CISSP is (still) something to highly value.
-
UnixGuy Mod Posts: 4,570 ModNoI hold CISM and I don't have CISSP. I'm in management, no one seem to care about certs in management roles (in Australia, things may be different at your end).I dont recall being rejected from a role for not having CISSP
-
E Double U Member Posts: 2,239 ■■■■■■■■■■Other (Please elaborate)I voted other because at the level of jobs I look at I always see both. I think the people creating these vacancy descriptions have been instructed to simply list any (ISC)2 and ISACA credential they can think of.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
JDMurray Admin Posts: 13,099 AdminYesUnixGuy said:I dont recall being rejected from a role for not having CISSP
-
UnixGuy Mod Posts: 4,570 ModNoJDMurray said:UnixGuy said:I dont recall being rejected from a role for not having CISSP
yeah I thought that should be case. In all honesty I interviewed for and got jobs where they had certain skills and certs as required and I didn't have them so there is that, I personally wouldn't reject a candidate for a management role based on a certificate, but maybe I'd require something like OSCP for pentest as an example.
-
JDMurray Admin Posts: 13,099 AdminYesUnixGuy said:
I personally wouldn't reject a candidate for a management role based on a certificate, ... -
E Double U Member Posts: 2,239 ■■■■■■■■■■Other (Please elaborate)UnixGuy said:I don't recall being rejected from a role for not having CISSP
This makes me wonder though, has anyone ever been asked to show proof of their certifications let alone asked about them in the interview? Interviewed with NATO some years back and was required to bring physical copies of the certs. Even more years back I had a manager ask if I had obtained the CCNA yet. Outside of those two experiences I have not had any other remarks about any certifications during the hiring process in my 18 year career.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□CISSP is still a thing I think if you want to work in IT Security. It is broadly recognized and it is worth the effort to get it and maintain it.
-
Info_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□NoWhat worked for me was the CISA (even though I'm not in Management). While CISSP is listed in the JDs of the positions I applied for, I don't think not having it results in an employee not being interviewed so long as he has other certs or credentials to boost his resume or his chances of getting interviewed.
And agree with @E Double U on employers not really verifying the authenticity of certs you put in your resume. While ISC2 and ISACA offers a way to verify those, no employer has asked me for my certificate number thus far.X year plan: (20XX) OSCP [ ], CCSP [ ] -
UnixGuy Mod Posts: 4,570 ModNoE Double U said:UnixGuy said:I don't recall being rejected from a role for not having CISSP
This makes me wonder though, has anyone ever been asked to show proof of their certifications let alone asked about them in the interview? Interviewed with NATO some years back and was required to bring physical copies of the certs. Even more years back I had a manager ask if I had obtained the CCNA yet. Outside of those two experiences I have not had any other remarks about any certifications during the hiring process in my 18 year career.Honestly, no one has ever asked for proof for anything. I had one Defence engagement where they needed two certs for a specific accreditation but thats about it.The only time when a cert made a difference was the GCFA for a SOC analyst role, the skills were needed but that's about it.Now they look at my experience/certs/skills as a combination (management), but a single cert - I don't think so. An exception may be a service provider that's submitting a proposal where they need certain number of certified people, but I can't see this happening with CISSP. Maybe for some technical certs...who knows.I'm not trying to persuade people to not do CISSP, I think it has one of the best return on investment as far as certs go, but in my case it didn't make a difference that's all. At the management level things are different, they prefer to see evidence that you managed certain environments for a number of years, that you are familiar with certain frameworks/technologies. I'm sure exceptions exist when it's more a technical team management (SOC/forensic/pentest) for example. The vast majority of managers/Directors/C-level have zero or one certs (in Australia...) -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□CISSP is a good cert to help you transition from a technical position to a more management or infosec job.
-
Mike7 Member Posts: 1,112 ■■■■□□□□□□YesCISSP, CISM and other ISC2/ISACA certs help get me into security field, it was a preferred job requirement. They also provide credibility when interacting with customers. I list the certs on my LinkedIn profile and link them to Credly digital badges; it attracts recruiters.
Understand CISSP is a requirement under DOD 8570 for govt roles in US.