Should I take the CISSP Exam?

baraynavabbaraynavab Member Posts: 2 ■□□□□□□□□□
Ok first of all my background.

I have a Bsc in Electrical Engineering. and have a good job that i enjoy a lot in the Wireless Telecom industry(Can you hear me now) doing Data System performance. The thing i realized in this company is there is not a lot of room for advancement to become a manager etc.etc... Althought the money is decent I know with my background i can do some kind of consulting and get better money.

So what got me thinking of CISSP is that my brother got a consulting gig at $70/hr doing SOX stuff. If he got that much then i thought I surly can do some other kind of certification and go into consulting. Frankly it for the money for me. especially if i dont see any advancement.

My background is in Wireless Networks, Networking(i did get myself a CCNA in 2000) that helped me a lot in this job. Cause it does require me to log in and configure Cisco routers and switches. So this type of experience and a 4 year degree will enable me to take the CISSP exam. And i do have lots of experience in fixing, building, deploying small IT networks. Not a lot of experience with sniffers and sniffing protcols.

So now in my early 30's i am thinking of changing my field to IT security and I believe CISSP is a good way to start. All the experience I have is in the above fields. Not a lot in Security. But by looking at the exam i know some of the Domains are not to hard and others are(cause i didnt come in contact with them).

With the above history of mine do you CISSP experts even think its worth my time to try to study and get this exam?. I know i can get the certification after about 3-4months of studying.

Also i would like to know what kind of pay scale do decent CISSP people make? frankly speaking I make about $30/hour.

Please advise me. Thanks a lot

Comments

  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    baraynavab wrote:
    Ok first of all my background.

    I have a Bsc in Electrical Engineering. and have a good job that i enjoy a lot in the Wireless Telecom industry(Can you hear me now) doing Data System performance. The thing i realized in this company is there is not a lot of room for advancement to become a manager etc.etc... Althought the money is decent I know with my background i can do some kind of consulting and get better money.

    Make sure the money is not the only reason. You can't be great in IT Security unless you truly enjoy it. Things change almost daily (latest exploits and vulnearbilites, etc), so you have to be able to commit to constant reading and knowledge enhancements. I hear people complain about reading 2 to 4 hours per day preparing for exams; I read that much almost every day even when I'm not preparing for exams. If you don't think you'll enjoy reading, it will be tough. Unless you get a job that only requires you to know one very specific area (like a firewall specialist), and even then you'll have to read some.
    baraynavab wrote:
    So what got me thinking of CISSP is that my brother got a consulting gig at $70/hr doing SOX stuff. If he got that much then i thought I surly can do some other kind of certification and go into consulting. Frankly it for the money for me. especially if i dont see any advancement.

    You have to be careful here as well. A lot of times people land these jobs out of necessity or pure luck. For example, being in the right place at the right time. I can tell you for a fact, I've done no less than 10 Sox Audits (as a subcontractor of one of the Big Three accounting firms), and it's the most boring thing I've ever done in IT Security (except maybe watching packets all day). So again, $70 an hour might sound good, but will you enjoy it enough to stick with it. Ask your brother what his job is like every day and try to figure out if you can see yourself enjoying it. I'm certainly not saying it wont be enjoyable for you, because different people enjoy different things. I'm simply saying find out what the job entails. I'll be happy to post what a typical month is for me.

    baraynavab wrote:
    My background is in Wireless Networks, Networking(i did get myself a CCNA in 2000) that helped me a lot in this job. Cause it does require me to log in and configure Cisco routers and switches. So this type of experience and a 4 year degree will enable me to take the CISSP exam. And i do have lots of experience in fixing, building, deploying small IT networks. Not a lot of experience with sniffers and sniffing protcols.

    People mean different industries often times when they say wireless networking. Some people are referring to celluar carriers, and others are referring to WLANs. Which are you referring too (I can only assume cellular based on the can you hear me know bit). Wireless LANs (specifically 802.11 based) has become a field of it's own. I've seen several people leap in to 802.11 world out of Celluar land and end up running for the hills. Again not saying it will happen to you, just research and make sure you feel you can maintain interest. Concerning meeting the requirements to sit the CISSP, you will never know 100% if you qualify until you apply and your application is evaluated. Keep in mind, qualifying to sit the exam, and actually qualifying to be awarded the certification are not one in the same. However, on the surface it certainly sounds like you meet the requirements.
    baraynavab wrote:
    So now in my early 30's i am thinking of changing my field to IT security and I believe CISSP is a good way to start. All the experience I have is in the above fields. Not a lot in Security. But by looking at the exam i know some of the Domains are not to hard and others are(cause i didnt come in contact with them).

    It's certainly not too late to change careers. If you have a true passion for it, the sky is the limit as to where you can go. I have never recommended anyone "start" a career in IT security by going straight for the CISSP. It's expensive, and requires serious study time. Start with something simpler and not as broad. Security+ or a vendor specific equal. Though some of the domains SEEM to be not hard, you might be very shocked when you actually see the real test questions. They are very complex, and often scenario based. After a few hours your brain starts to drain and last thing you want is scenario questions at the point. And guess what you'll get? More scenario questions!!!!! I've posted some simple versions of CISSP-like questions in this forum in the past. Look at some of those and you'll basically get and idea. Remember mine are simplified versions.
    baraynavab wrote:
    With the above history of mine do you CISSP experts even think its worth my time to try to study and get this exam?. I know i can get the certification after about 3-4months of studying.

    Really? How do you KNOW this? As I've already stated, just because you pass the exam doesn't mean you'll get the certification. I have over 11 years experience in IT security and training, and that's direct IT security and I didn't risk only preparing for 3 to 4 months. Again, you might be better starting with something simpler and working up to CISSP, while getting some hands on in the process. I recently won a pentesting contract over a person with a PHD, but his experience was not even close to mine. So a CISSP's value is increased exponentially with the right experience behind it.
    baraynavab wrote:
    Also i would like to know what kind of pay scale do decent CISSP people make? frankly speaking I make about $30/hour.

    Please advise me. Thanks a lot

    Most CISSP's I personally know make anywhere from 45 to 85 an hour, if working on an IT staff, and from 55 to 125 working on a consulting team or for a consulting company. I bill at much higher rates than that, and own 80% of the company. Which means my actual income reflects well over what you'd expect as just an employee. But just pure salary wise I pay myself about 200,000/year, which based on my experience, and qualifications, I'm right in line with the top 10 percent of the industry. And I pay my employees just as well (almost half my guys make more than I do in salary). But again, if you go grab a CISSP without any relevent experience (which will be difficult enough), you'll find it tough to land a top paying job. You certainly shouldn't have much of a problem actually getting a job, but a really good one will reserved for people with significant experience. For example, a CISSP implementing firewalls all day (not designing rules, just implementing someone else's designs) would be better suited to be going after that specific vendor's firewall certifications (remember it's usually best to try to certify in what you work with everyday FIRST).

    All in all I think you have a good shot at making a successful career out of it all, just be careful, research plenty before making the jump, and ask many questions.

    Keatron.
  • ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
    Keatron,

    Thanks for the great post. I'm also looking into the CISSP, but I know it is a couple of years away. I going to start laying the ground work now, and I wanted to see if your (or anyone else) had some advice for me.

    Certifications: I have one Citrix exam that was security oriented and involved their Secure Gateway application. I used a Security+ book to help me with the general concepts of the exam, and I am looking at taking the Security+ this summer. I may also be working with Citrix' Access Gateway Appliance later this year and will need to certify on that also. I am thinking about taking the SSCP sometime next year. MS security exams are also a possibility, but i'm waiting to see what they do with the Longhorn exams.

    Education: Currently have an Associates in Network Administration. Planning on starting to work on a BS in the fall. The online program i'm looking into doesn't have an IT program, so i'm leaning towards Organization Leadership or Criminal Justice. Would a degree in Criminal Justice by useful in the InfoSec / CISSP world?

    Experience: 1 year helpdesk. 7 years IT consultant working mainly on Windows based DC, File/Print, Exchange. About 5 years of Citrix. I have done some security work (Citrix Secure Gateway, FDIC audit recommendations) but nothing fulltime in InfoSec. Trying to figure out how to guide my job more in that direction.

    thanks for any advice
    Andy

    2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
  • baraynavabbaraynavab Member Posts: 2 ■□□□□□□□□□
    1stly i would like to thank you Keatron for your indepth reply.

    Ok I should explain myself a little better. I am not only condisering doing my CISSP only for money but only out of bordem and as i have said before no career advancement(unless i move out of my home town). Quiet frankly i am getting somewhat bored at my work because i have learnt almost everything i have to learn and see engineers in my group who have been in the same position for 10 years. Yes they get merit increases in pay but staying in one place would drive me nuts.

    Regarding doing SOX consulting...I know i will get bored fast doing IT auditing such as sox. But saying that..I know they will be situations in CISSP with I will be doing auditing and I dont mind it if its not my full time job.

    Regarding getting a job with the CISSP I was thinking either looking at jobs at the company i work for. And or if that not possible then i will just look for a position outside. I know I will not get the top paying job initially, but I suspect with around 1 year of consulting experience I should have better experience. As long as I am getting an initial job i'll be happy.

    Oh and yeah saying i'll get it in 3-4 months was a little optimistic..but it can be done in 6 hopefully :)

    Thanks for sharing your comments.
Sign In or Register to comment.