Calling all CISSP's.....your feedback is needed!

Friends,

I have been in the business of IT Education for more than 10 years.

In talking with CISSP Certified Pros recently and for purposes of this forum, I wanted to start a brief disucssion on whether or not any of you feel that the CISSP Certification is light on the "Applied or Skills based knowledge" and heavy on the "theoretical and policy".

Not being CISSP certified I don't feel I'm qualified to answer in an unbiased manner. I'd love to hear what the pros are thinking if you feel inclined.

Best, Brad

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

dynamik

My general impression, and from what I've seen a lot here, is that many consider it to be, "a mile wide and an inch deep."

Also, welcome to the forums

LarryDaMan

As someone who is testicles deep into studying for this exam, I would say it is supposed to be high level and mangement oriented to a certain extend. The CISSP is not a tech exam nor does it claim to be one.

The Security+ and SSCP are two that come to mind that are more technical in nature. The CISSP domains attempt to give you a look at the overall big picture of information security and how all of the aspects tie in together. I think a CISSP candidate is assumed to be knowledgeable about some of the basic technical concepts of security.

We have some CISSPs on these boards and I am sure you will get a great response, but those are my two cents.

Paul Boz

My experience studying for the CISSP leads me to believe that it is in fact "an inch deep and a mile wide." I've gone through the first four chapters of the Shon Harris book over the last few days and while I feel it's probably enough to prepare me for the exam, it definitely isn't enough to get any projects done at work. It feels much more "management oriented" and I actually like that.

dynamik

LarryDaMan wrote:

The Security+ and SSCP are two that come to mind that are more technical in nature. The CISSP domains attempt to give you a look at the overall big picture of information security and how all of the aspects tie in together. I think a CISSP candidate is assumed to be knowledgeable about some of the basic technical concepts of security.

I don't know if I'd really consider the Security+ to be too technical. I consider it to be more of an overview than anything. I'd add the CEH and Offensive Security/Wifu to your list.

LarryDaMan

dynamik wrote:

LarryDaMan wrote:

The Security+ and SSCP are two that come to mind that are more technical in nature. The CISSP domains attempt to give you a look at the overall big picture of information security and how all of the aspects tie in together. I think a CISSP candidate is assumed to be knowledgeable about some of the basic technical concepts of security.

I don't know if I'd really consider the Security+ to be too technical. I consider it to be more of an overview than anything. I'd add the CEH and Offensive Security/Wifu to your list.

I guess I meant technical as in Security+ gets down into the weeds at the user level, and the CISSP is higher level stuff. But no, Security+ is not a super technical engineering oriented cert or anything, but we both knew that already.

UnixGuy

I've gone through Solaris Security Admin material, and it's technical oriented.

It's like, you MUST first know solaris, and then it teaches you techniques and features used to secure it.

I think it's better for technical people, you need techniques and steps to secure things