CISSP this year

mukuljackmukuljack Member Posts: 25 ■□□□□□□□□□
Hi All,
I am planing to give CISSP EO this year,
I am currently working in the Identity Management(AccessControl) domain and have a little exp of securoty operations(Monitoring) and Application Security.

I dont have any security certification under my belt so I am eager to do my CISSP.
My questions are
1.I have 4ys of exp(1 yr will be exempted as I have B.E degree)..Now how will getting CISSP help me.I really want to work on the other domains of Security.

2.I am confused as my major exp goes with access control, and which one should I use as my 2nd expertise for fulfilling the CISSP req.?

Any other suggestions for this newbie?

Regards
Mukul
Mukul

Comments

  • unsupportedunsupported Member Posts: 192
    mukuljack wrote: »
    ...
    1.I have 4ys of exp(1 yr will be exempted as I have B.E degree)..Now how will getting CISSP help me.I really want to work on the other domains of Security.

    2.I am confused as my major exp goes with access control, and which one should I use as my 2nd expertise for fulfilling the CISSP req.?
    ...

    1. The CISSP will show that you have studied and are able to pass the certification exam based upon the other domains. The CISSP is the "gold" standard security certification and a lot of employers use it to let someone interview, but then it is up to you to show you know.

    2. Look through your resume and you might be surprised with how you are able to link other domains to your experience. If you have ever been tasked with performing backup, or writing standard operating instructions then you have performed BCP/DR. If you have setup access controls on a router then you have performed Telecommunications and Network Security. If you have worked with PKI, PGP, or Kerberos, then you have experience in Cryptology. It just depends on how you look at it.

    Good luck!
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • mukuljackmukuljack Member Posts: 25 ■□□□□□□□□□
    hmm....Thanks for your answer...
    I have done the BCP planning..bt that was for a small team,(just planned how the work will continue in case of some unwanted circumstances)and we didnt performed any hardcore bcp tasks...since I dont have much of the working exp,isnt it wd be difficult for me to justify the same

    Also is it a fact that u can demad for a much higher salaries if u are a CISSP or it will have very less effect in my salary hike..?

    Regards
    -Mukul
    Mukul
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    mukuljack wrote: »
    I dont have any security certification under my belt so I am eager to do my CISSP.
    I really recommend getting one or two entry- or mid-level security certs before going for the CISSP. The Security+ and SSCP are good ones to consider. This is really important if you don;t have years of real InfoSec work experience already under your belt.
    mukuljack wrote: »
    My questions are
    1.I have 4ys of exp(1 yr will be exempted as I have B.E degree)..Now how will getting CISSP help me.I really want to work on the other domains of Security.
    Studying for the CISSP will help you learn what the world of Information Security is all about. There are a lot of different InfoSec fields to choose from for your career.

    And you might want to check with the (ISC)2 if your degree qualifies. At one time they were only accepting 4-year degrees from American universities or equivalent, but that may have changed. If your degree doesn't qualify, you can get the Security+ (or other) cert and still get the year waived.
    mukuljack wrote: »
    2.I am confused as my major exp goes with access control, and which one should I use as my 2nd expertise for fulfilling the CISSP req.?
    You'll need to look to your resume and answer that yourself. Most technical people have some experience in the network security/telecom domain.
    mukuljack wrote: »
    Also is it a fact that u can demad for a much higher salaries if u are a CISSP or it will have very less effect in my salary hike..?
    No, this is a myth. You can demand a higher salary if you have years of professional, specialized InfoSec work experience, but not just for passing a certification exam. And not all employers recognize the CISSP certification, so being CISSP-certified does not automatically guarantee higher wages at any job.
  • unsupportedunsupported Member Posts: 192
    mukuljack wrote: »
    ..Also is it a fact that u can demad for a much higher salaries if u are a CISSP or it will have very less effect in my salary hike..?l

    You can demand all you want, what you would get is a different story. I feel getting my CISSP was instrumental in me getting a promotion/raise and now a high merit increase this year. I feel my boss was not able to provide me with all the money he wanted during the promotion (I was one out of a few who received a promotion), but he will try to make up for it during my merit increase. Our managers have the ability to give extra percentages if they feel the employee has worked above and beyond.

    But none the less, CISSPs typically do make more money than non certified individuals.

    Good luck! Don't worry about the money, just worry about the test. :)
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    As noted here repeatedly, you typically make your money walking in the door. If you're looking for a big boost post-CISSP, you're more than likely going to have to switch jobs. Also, it is ultimately just a piece of paper. If you don't have the skills to back it up, you're probably going to fall short of your expectations.

    Good luck with your studies. I'm going to take a stab at this myself in 2-3 months.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    But none the less, CISSPs typically do make more money than non certified individuals.
    Yes, but not necessarily because they have a CISSP. It's the work experience that's the ticket. The CISSP cert is just an additional way to demonstrate what you know.
  • SysAdmin4066SysAdmin4066 Member Posts: 443
    Typically it's required for Gov security positions. Not helpful, required, as in you cannot get an interview for this position unless you have it. So there's that.
    In Progress: CCIE R&S Written Scheduled July 17th (Tentative)

    Next Up: CCIE R&S Lab
  • unsupportedunsupported Member Posts: 192
    JDMurray wrote: »
    Yes, but not necessarily because they have a CISSP. It's the work experience that's the ticket. The CISSP cert is just an additional way to demonstrate what you know.

    Well, the fact that you need to have the work experience to get the CISSP work experience to get the money.

    Or, in laymen terms, I'z gotz da skillz, dat payz da billz! :)
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • mukuljackmukuljack Member Posts: 25 ■□□□□□□□□□
    Thanks Guys for all the valueable inputs..
    I have started with AccessControl and will move further...
    Any suggested stratergy for studing CISSP?
    What I mean to say is..
    It is possible that I dont understand all the stuff in one go...
    Shd I go a head and complete and then revise OR I shd clear my doubts before going further?

    -Mukul
    Mukul
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Study each domain in the order of interest. I like physical security and telecom a lot so I studied that stuff first. There's no necessary order to study them in. However, if you feel that you don't understand the material or don't have the experience to validate it, you may want to hold off and get a different security cert first. The CISSP is a monster of an exam because it tests just about every aspect of a security program. Without the requisite experience its just worthless knowledge.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Paul Boz wrote: »
    ...However, if you feel that you don't understand the material or don't have the experience to validate it, you may want to hold off and get a different security cert first. .... Without the requisite experience its just worthless knowledge.

    +1 too bad I can't spread more +ve for Paul
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • unsupportedunsupported Member Posts: 192
    Typically it's required for Gov security positions. Not helpful, required, as in you cannot get an interview for this position unless you have it. So there's that.

    CISSP is one of the few certifications that I have seen that meet DoD 8570.1 requirements for all levels of IAT and IAM levels and most of the other levels.

    I would win if I ever played DoD 8570.1 BINGO.

    Oh, yeah, a good DoD 8570.1 chart is here, DoD Directive 8570.1 M - Department of Defense Information System Security Systems.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    I would win if I ever played DoD 8501.1 BINGO.
    There's a lot more to being hired by an agency of the DoD or a DoD subcontractor than having the CISSP cert; it's not an automatic ticket in.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    JDMurray wrote: »
    There's a lot more to being hired by an agency of the DoD or a DoD subcontractor than having the CISSP cert; it's not an automatic ticket in.

    I think he meant he'd fill the squares up on that image icon_lol.gif

    Plus, he's definitely got the knowledge to back it up ;)
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    I meant that more for people viewing this thread in the future who might be given the idea that a CISSP is required for DoD work. Being able to obtain a security clearance, for example, is by far more important.
  • unsupportedunsupported Member Posts: 192
    JDMurray wrote: »
    I meant that more for people viewing this thread in the future who might be given the idea that a CISSP is required for DoD work. Being able to obtain a security clearance, for example, is by far more important.

    ...That and you need to train, say your prayers, eat your vitamins and be a good little Infosec-Maniac!
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
Sign In or Register to comment.