Compare MCSE vs. CISSP

Hi. For the people who have taken both certs. Please compare the quality of the test and questions. I don't want to bash the MCSE but I feel it is pretty useless for learning any worthwhile. I am wondering if the CISSP is different or is it just a cert to get you in the door?
Thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

jkstech

woah there buddy, first, do a google search on the two, they are completely different in terms of content and career path, but many get both which is to their advantage.

the first question is what do you want to do? information security or systems administration?

sprkymrk

antknee869 wrote:

I don't want to bash the MCSE but I feel it is pretty useless for learning any worthwhile.

How can you feel that way if you haven't already gone down that road? You never know what you might learn along the way.

As jsketch pointed out they are completely different. It's like asking which tastes better, an apple or orange.

The CISSP certification has requirements besides just passing the 250 questions. You can pass the exam and still not get your CISSP certification. You need an ISC2 sponsor and 5 years of documentable InfoSec work experience too.

Ahriakin

The MCSE has a tremendous amount of useful information, it just has way too many folks taking shortcuts. It also gets a lot of criticism for not being realistic and focusing too much on minutiae, but there have been enough times I've been able to implement or resolve something based on those details that I think they are worthwhile, even if rarely used.
Also as you'll see pointed out security is realistically best approached after you have a good understanding of networking/administration, you need to know the lay of the land before you can even think about Policing it. I'm not saying you need the MCSE or any Cert in particular, but at least have a depth of knowledge equivalent in the levels of detail, you need to know where those tiny cracks are.

jkstech

^^^ agree with both of the above

techlee

I agree with all of what you guys are saying. I have worked in the field for a few years before attempting any of the certifications. I have MCSE. I was recently told by my employer that upper management would like me to continue on to security Certifications. I am now studying for the SSCP and perhaps CISSP in the future. And Ahriakin is right, you got to know what you are protecting to know how to protect it.

snadam

agreed with everyone so far. Its like comparing apples to oranges. They are 2 different entities entirely, and they can both compliment eachother.

and FYI, anything you attain in IT weather it be a piece of paper or experience, is not "useless" as stated previously; ESPECIALLY the MCSE or CISSP!

I dont need to be an MCSE or CISSP (yet

) to tell you that

antknee869

I guess I didn't explain my question thoroughly. I have an MCSE. There is a lot of information in the tests.... useful? That is debatable.
I feel that the questions/answers are not very useful in a real world context. I also have a CCNA and I felt those tests contained information that was very practical and readily applicable to real world scenarios.
Having said that... for anyone who has taken the CISSP.... how relevant and useful so you feel the information is in real world scenarios?

snadam

antknee869 wrote:

I guess I didn't explain my question thoroughly. I have an MCSE. There is a lot of information in the tests.... useful? That is debatable.
I feel that the questions/answers are not very useful in a real world context. I also have a CCNA and I felt those tests contained information that was very practical and readily applicable to real world scenarios.
Having said that... for anyone who has taken the CISSP.... how relevant and useful so you feel the information is in real world scenarios?

okay that changes my opinion then. I agree that most exams dont have much "real-world" context in them. So if there is any confusion, my bad.

I was basing my opinion on how useful the actual credential was, not the exam content. there are a few CISSP's on here that could answer your question for you.

Schluep

I found the CISSP exam to be very useful in terms of the contact of the information, not just the value of the certification (especially since I lack the work experience to have the certification still).

It is not nearly as technical as many of the other certification exams. The test itself is great to get you thinking like a Manager or Consultant as opposed to a Technician, and is really what the exam is tailored towards.

The preparation for the exam is very helpful since it covers such a wide range of topics. It doesn't get far into the technical side of these topics, but is great for a very broad security understanding. I learned a lot about things I wasn't famliar with such as specifics regarding various encryption algorithms, physical security topics, and Business Continuity Planning/Disaster Recovery Planning.

For example, every study resource I used stated that you should be famliar with WEP/WPA and the differences between them. There is nothing on the technical level about cracking wireless encryption however. It is one thing to know that WEP has substantial security flaws, but it is another to crack it yourself in a short period of time to see the flaws. Another example is that it mentions what a buffer overflow is and how to protect against them, but you aren't going to be looking through source code for flaws in the script that would allow such an attack to take place.

If you want a broad view of the different aspects of information security this is something you will get with the CISSP. No matter how long you have been involved in IT it is likely you don't have a high degree of understanding in all 10 of the Domains, so if you are a Master of 3 of the 10 then it would be good to have a basic understanding of the other 7. This exam will do that for you.

I can't compare it to the MCSE as I haven't gone down the MS track yet, but in my case I found preparing for the CISSP exam to be a worthwhile experience. Now I just need to get more "Direct Full Time Information Security Experience" so that I can hold the certification.

sprkymrk

snadam wrote:

antknee869 wrote:

I guess I didn't explain my question thoroughly. I have an MCSE. There is a lot of information in the tests.... useful? That is debatable.
I feel that the questions/answers are not very useful in a real world context. I also have a CCNA and I felt those tests contained information that was very practical and readily applicable to real world scenarios.
Having said that... for anyone who has taken the CISSP.... how relevant and useful so you feel the information is in real world scenarios?

okay that changes my opinion then. I agree that most exams dont have much "real-world" context in them.

It doesn't change my opinion, and while many test "questions" may not always reflect real world situations, the process of studying and practicing to know the material as opposed to just knowing the answers to test questions is very useful and helpful.

However, I see that you are specifically asking about the exam questions and answers, not the material or certification as a whole. In that case I see little difference in any of the various vendors I have tested with - MS, Cisco, CompTIA, National Electrical Code, or college calculus. The tests are a means to an end - certification, electrical journeyman license or college diploma. Unless the certification process includes task oriented testing results, similar to the CCIE or RHCE then I don't think you'll ever really find an exam that matches anything close to "real world".

Why the concern? If you understand the "real world" technology, why worry about the exam itself? Or being certified for that matter? You don't need either to be great at what you want to do.

snadam

sprkymrk wrote:

snadam wrote:

antknee869 wrote:

I guess I didn't explain my question thoroughly. I have an MCSE. There is a lot of information in the tests.... useful? That is debatable.
I feel that the questions/answers are not very useful in a real world context. I also have a CCNA and I felt those tests contained information that was very practical and readily applicable to real world scenarios.
Having said that... for anyone who has taken the CISSP.... how relevant and useful so you feel the information is in real world scenarios?

okay that changes my opinion then. I agree that most exams dont have much "real-world" context in them.

It doesn't change my opinion, and while many test "questions" may not always reflect real world situations, the process of studying and practicing to know the material as opposed to just knowing the answers to test questions is very useful and helpful.

However, I see that you are specifically asking about the exam questions and answers, not the material or certification as a whole. In that case I see little difference in any of the various vendors I have tested with - MS, Cisco, CompTIA, National Electrical Code, or college calculus. The tests are a means to an end - certification, electrical journeyman license or college diploma. Unless the certification process includes task oriented testing results, similar to the CCIE or RHCE then I don't think you'll ever really find an exam that matches anything close to "real world".

Why the concern? If you understand the "real world" technology, why worry about the exam itself? Or being certified for that matter? You don't need either to be great at what you want to do.

sprkymrk, I see what you mean. I think I used the word "opinion" incorrectly. I think "thoughts on your statement" would suit my statement better. My opinion follows the same philosophy as yours in regards to exams. I guess thats what I was trying to say the first time. I fully agree with your first paragraph. You need to learn the material and have the upmost knowledge of the technology. Perhaps I was a bit too vague in my first response. Im having a hard time expressing here...

sprkymrk

No problem snadam, and I'm not trying to be disrespectful to either you or the OP. I have been known to have been wro...wron...., uhhh, incorrect a time or two. :P

We're all entitled to our own opinions, and by posting them here we are in essence opening a dialogue to discuss the merits and follies of each.

snadam

sprkymrk wrote:

No problem snadam, and I'm not trying to be disrespectful to either you or the OP. I have been known to have been wro...wron...., uhhh, incorrect a time or two. :P

We're all entitled to our own opinions, and by posting them here we are in essence opening a dialogue to discuss the merits and follies of each.

Well sometimes I speak before I think, and express my opinion incorrectly. So it needs a little "modification" every now and then. And I never figured you to be disrespecting anyone, its all good.

WHEW!!! okay, sorry for letting this one get off track!

antknee869

My concern is I really only want to go through the certification process if I am really going to get something from it besides some letters after my name.

shednik

antknee869 wrote:

My concern is I really only want to go through the certification process if I am really going to get something from it besides some letters after my name.

you'll always gain knowledge in some aspect of what your studying for the certification...that there makes it worth it in my mind. Even though I haven't passed my CCNA yet being the youngest guy in my team at work and having a lot of them come to me as escalation of more difficult issues it make it feel even more worth while to put the effort in to learn more.

blargoe

Is it that the MCSE stuff doesn't apply to the real world, or that you haven't been in a position to apply any of it to the real world? I'll agree some of the base knowledge that Microsoft requires you to know isn't really that helpful for many, but I and many other admins supporting larger MS networks have found the process of learning through certification invaluable to understanding how things are supposed to work and how (in the Microsoft world anyway) to implement them correctly and support when something breaks.

steve_steele

As someone who has MCSE:Security and CISSP I felt I might be able to add a little insight.

The CISSP was by far the most difficult single exam I've taken although I think that will be beaten by the CCIE R&S Written that I'm sitting in a couple of days. However the CISSP was a single exam, MCSE constitutes half a dozen separate exams.

I found overall that I spent more time studying for MCSE than I did for either CISSP or CCNP. CISSP gives you an excellent high level overview of the whole security arena. But on it's own it does not teach how to secure a router, firewall switch or server.

Microsoft will always recommend a Microsoft solution, Cisco will always recommend a Cisco solution, CISSP helps a bit with perspective.

I recently deployed a wireless group policy to configure multiple laptops to connect to Cisco Access Points and authenticate using certificate authentication via radius. CISSP talks about different wireless security solutions and their relevant strengths, MCSE taught me the group policy deployment stuff and the rest came from Cisco.

You will always gain more knowledge from the studying of most certs. some emplooyers love them some don't but if nothing else it proves you have sufficient interest in an area to spend your own time doing it.

thats my 2 cents

Steve

JDMurray

steve_steele wrote:

CISSP gives you an excellent high level overview of the whole security arena. But on it's own it does not teach how to secure a router, firewall switch or server.

I've heard it said that the (ISC)2 CBK needs an 11th domain to instruct how to apply the knowledge in the other ten domains. I wonder if that could ever be done effectively in a vendor-independent way. Maybe the 11th domain should be how a CSO should merge information security concepts with the business processes of a corporation. Even Microsoft and Cisco don't have a cert for corporate politics.

Schluep

JDMurray wrote:

I've heard it said that the (ISC)2 CBK needs an 11th domain to instruct how to apply the knowledge in the other ten domains. I wonder if that could ever be done effectively in a vendor-independent way. Maybe the 11th domain should be how a CSO should merge information security concepts with the business processes of a corporation. Even Microsoft and Cisco don't have a cert for corporate politics.

Keeping the exam vendor neutral and adding any type of specifics seems like an impossible task to me. To add multiple large vendors would certainly take the test far beyond its designated scope and drastically increase the difficulty. This would cause those who took it earlier to have a much more wortwhile certification for less effort.

I like the idea for the 11th domain focused on the corporate politics. The only reason they may shy away from this one is because a lot of smaller companies (especially private ones) don't have a CSO (or even more than a 1 man security department). They do cover the role of the CSO and other Security positions within a corporate environment in one of the other domains (can't remember which one since they had different names in my various books due to the name changes). Perhaps expanding this domain to include more depth could worK?

lopezco

antknee869 wrote:

I guess I didn't explain my question thoroughly. I have an MCSE. There is a lot of information in the tests.... useful? That is debatable.
I feel that the questions/answers are not very useful in a real world context. I also have a CCNA and I felt those tests contained information that was very practical and readily applicable to real world scenarios.
Having said that... for anyone who has taken the CISSP.... how relevant and useful so you feel the information is in real world scenarios?

From my perspective most of questions in the CISSP where from situations you can face or things you need to know if you work in the security field.

cashew

sprkymrk wrote:

antknee869 wrote:

You can pass the exam and still not get your CISSP certification. You need an ISC2 sponsor and 5 years of documentable InfoSec work experience too.

Sorry to hijack, but I had a few similiar questions.

I have 3 years sys admin experience at a company. I'm now a Security specialist for another company. If I go ahead and take the CISSP now, next January (which will be 4 years) will I become a CISSP automatically? I have my MCSE on 2003 so I figure I can substitute that 5th year for that.

dynamik

(ISC)2 wrote:

Once you have achieved the professional experience requirements for CISSP or SSCP certification, you must notify (ISC)² Services to convert your status from Associate of (ISC)² to CISSP or SSCP status.

https://www.isc2.org/cgi-bin/content.cgi?category=1330

You can waive one year with the MCSE: https://www.isc2.org/cgi-bin/content.cgi?page=1016

keatron

Speaking as a person who has both, I can tell you that the CISSP and the MCSE applicability are directly related to what you're doing on a day to day basis. I often hear people say that the MCSE knowledge is lacking in real world applicability. But having done national and global AD rollouts, I can say that most of the material is very applicable, if you ever need to use it. For example, the average sys admin never has to deal with a Multi Forest domain. Often times I'll read the post of a user on here saying how unapplicable the MCSE material is. Then months later I'll see Mark explaining to that person why their Group Policies aren't working.

Concerning the CISSP it's really the same principle. If all you do is trouble shoot router issues and connectivity issues all day, then the level of applicability of the CISSP knowledge won't be as high as a person such as myself who does some form of security consulting on a daily basis. That's just life. The truth be told, most people would gain some benefit from having CISSP knowledge, whether they work in security or not. I guess the best way for you to figure that out is pick up a book and start reading!!!! Good luck. And let us know what you decide on.

Keatron.

keatron

JDMurray wrote:

steve_steele wrote:

CISSP gives you an excellent high level overview of the whole security arena. But on it's own it does not teach how to secure a router, firewall switch or server.

I've heard it said that the (ISC)2 CBK needs an 11th domain to instruct how to apply the knowledge in the other ten domains. I wonder if that could ever be done effectively in a vendor-independent way. Maybe the 11th domain should be how a CSO should merge information security concepts with the business processes of a corporation. Even Microsoft and Cisco don't have a cert for corporate politics.

That would be very hard to do, and that's why there are vendor specific security certifications and training for vendor specific implementations. And even when you look at Cisco security stuff (for example the CCSP which I just finished), they still touch slightly on concept before you actually start learning how to configure equipment. Also if you look at the CISSP specialization for management (ISSMP), it really adds that 11th domain type focus you're referring too, but in an in depth way. It will be interesting to see what develops though. BTW I've pretty much convinced myself that this year will be the year I start working on writing something. I haven't decided if it's going to be a very specific security area (like penetration testing or forensics), or something more general (like the 11th Domain you referred too). Hmmm.