CISSP worth it?

NOC-Ninja

I currently work for NOC and have CCNA, CCNA-W, and CWNA. Also, one test away from CCNP-W and 2 tests away from CCNP. I'm really interested on security.

1. Is CISSP worth it to take?
2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?
3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?
4. How long did it take you to study?

ibcritn

Based on the fact that CISSP hits many requirements for DoDD 8570 (IAT III/IAM III) and HR/managers go goo-goo ga-ga over it. Yes its worth it.

It wont do too much as far as "technical" skills....sure you'll know how to spout out technical info, but wont develop practical "hard" technical skills like you see with Cisco exams.

I studied for 2 months with 3 hours a day after work and 4-5 hours on weekend...Last week I did a huge cram session studying 6 hours after work and 8 hours on day before exam (not really a good idea).

Spent a lot of time studying, but it has done a lot for me already and hey I am not even endorsed/certified fully yet

NOC-Ninja

ibcritn wrote: »

Based on the fact that CISSP hits many requirements for DoDD 8570 (IAT III/IAM III) and HR/managers go goo-goo ga-ga over it. Yes its worth it.

It wont do too much as far as "technical" skills....sure you'll know how to spout out technical info, but wont develop practical "hard" technical skills like you see with Cisco exams.

I studied for 2 months with 3 hours a day after work and 4-5 hours on weekend...Last week I did a huge cram session studying 6 hours after work and 8 hours on day before exam (not really a good idea).

Spent a lot of time studying, but it has done a lot for me already and hey I am not even endorsed/certified fully yet

can you elaborate even more?

thanks

ibcritn

NOC-Ninja wrote: »

can you elaborate even more?

thanks

Well after passing I was immediately put in for a promotion/raise, which the details are being hammered out now, but it certainly seems to be a nice change in take home. I also just had to write up SOP's on doing various security assessments and I was able to speak to the "how to" a lot better with Risk assessment from CISSP knowledge.

Granted it wasn't directly related to CISSP (also job performance), but CISSP put the icing on the cake.

I perform security assessments as a govt. contractor, so for me having CISSP is a big deal as I look the part on paper.

I really like hacking/the technical side of security and I am finding SANS courses/GIAC certs are the best....very awesome. GSEC would be a good starter cert if you didn't want to jump directly into CISSP.

I am about to take GCIH and if you enjoy hacking this certification is up your ally.

Paladin

NOC-Ninja wrote: »

I currently work for NOC and have CCNA, CCNA-W, and CWNA. Also, one test away from CCNP-W and 2 tests away from CCNP. I'm really interested on security.

1. Is CISSP worth it to take?
2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?
3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?
4. How long did it take you to study?

Here are your answers, NOC-Ninja!

1. Is CISSP worth it to take?

Answer: Of course. I am at more than $99 / hour right now. But, your mileage may vary... Any questions?

2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?

Answer: Of course. I am at more than $99 / hour right now. But, your mileage may vary... Any questions?

3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?

Answer: It depends on your ability to learn the material.

4. How long did it take you to study?

Answer: It took me 80 to 90 hours. But, your mileage may vary... Any questions?

>;^)


Cheers!

Paladin
ISMS Architect and Data Center Manager

NOC-Ninja

ibcritn wrote: »

Well after passing I was immediately put in for a promotion/raise, which the details are being hammered out now, but it certainly seems to be a nice change in take home. I also just had to write up SOP's on doing various security assessments and I was able to speak to the "how to" a lot better with Risk assessment from CISSP knowledge.

Granted it wasn't directly related to CISSP (also job performance), but CISSP put the icing on the cake.

I perform security assessments as a govt. contractor, so for me having CISSP is a big deal as I look the part on paper.

I really like hacking/the technical side of security and I am finding SANS courses/GIAC certs are the best....very awesome. GSEC would be a good starter cert if you didn't want to jump directly into CISSP.

I am about to take GCIH and if you enjoy hacking this certification is up your ally.

Thanks for the info. The problem is Im working on NOC and I dont know if I should pursue security even Im not on that department. Im not the best but security is something that Im very interested.

NOC-Ninja

Paladin wrote: »

Here are your answers, NOC-Ninja!

1. Is CISSP worth it to take?

Answer: Of course. I am at more than $99 / hour right now. But, your mileage may vary... Any questions?

2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?

Answer: Of course. I am at more than $99 / hour right now. But, your mileage may vary... Any questions?

3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?

Answer: It depends on your ability to learn the material.

4. How long did it take you to study?

Answer: It took me 80 to 90 hours. But, your mileage may vary... Any questions?

>;^)


Cheers!

Paladin
ISMS Architect and Data Center Manager

That's a good pay but I'm sure your PMP and years of experience counts. I'm just a noob trying to see if there's a market here and if I have a better future pursuing security aka making the right decision for myself.

how many years of IT experience do you have in your belt?
how many years of managerial experience do you have in your belt?
are you a contractor or full time?

thanks

Turgon

NOC-Ninja wrote: »

I currently work for NOC and have CCNA, CCNA-W, and CWNA. Also, one test away from CCNP-W and 2 tests away from CCNP. I'm really interested on security.

1. Is CISSP worth it to take?
2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?
3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?
4. How long did it take you to study?

It's a rubber stamp for many security type jobs these days. The ROI is a variable. A LOT of people clattered through the CISSP from 2000 - 2005 in the dash to be a security professional. Many of these people had marginal security experience (at best). The entrenched security crowd got very, very upset about it. The endorsements not worth the paper they were written on by buddies, the braindumping and just the general lack of experience of CISSP holders. I think the requirements are a little tighter these days.

Some folks get through the test with about 60 - 90 hours studying. Others put in hundreds of hours doing a lot of background research. If you have demonstrable security experience and you can convince timeserved security peers you will work with that you are not fluff then there are some good jobs and rates to be had. But it is competitive as so many people pinned their hopes on a security job after the telco crash. CISSP gives you a framework, but the business of actually delivering on security projects can vary from enterprise to enterprise so you want that portfolio of real accomplishments behind you.

SephStorm

mmm, I disagree on the requirements being harder these days, but I wont rant again.

Turgon

SephStorm wrote: »

mmm, I disagree on the requirements being harder these days, but I wont rant again.

hehehe..well at least that's what all the new people say when people bash the CISSP! The bashing has been going on for years now but that goes for all popular certs really.

Paladin

NOC-Ninja wrote: »

That's a good pay but I'm sure your PMP and years of experience counts. I'm just a noob trying to see if there's a market here and if I have a better future pursuing security aka making the right decision for myself.

how many years of IT experience do you have in your belt?
how many years of managerial experience do you have in your belt?
are you a contractor or full time?

thanks

NOC-Ninja

how many years of IT experience do you have in your belt?

Answer: 10+

how many years of managerial experience do you have in your belt?

Answer: More than 8

are you a contractor or full time?

Answer: Contractor

Side note: Number of job offers per day = 15 to 20

Cheers!

Paladin
ISMS Architect and Data Center Manager

Chris:/*

A large portion of CISSP holders I have met were Business undergraduates who had never really worked in the IT arena. There are exceptions as noted above by they are far fewer.

Turgon

Chris:/* wrote: »

A large portion of CISSP holders I have met were Business undergraduates who had never really worked in the IT arena. There are exceptions as noted above by they are far fewer.

I know what you mean. It can be amusing when they start lecturing you on hardening your unix and network environment.

Chris:/*

I actually had one tell me how he could hack anything and regularly competed in black box challenges but could not explain the basic NMAP scan forms. It is unfortunate because people who hold similar certs make those that are knowledgeable look bad.

At the same time they make us look like the hero when the stuff hits the fan.

cbigbrick

NOC-Ninja wrote: »

I currently work for NOC and have CCNA, CCNA-W, and CWNA. Also, one test away from CCNP-W and 2 tests away from CCNP. I'm really interested on security.

1. Is CISSP worth it to take?
2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?
3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?
4. How long did it take you to study?

Please take a look at JDMurray's Blog here on Techexams.net. He has several writeups about his experince in taking this exam. It has help me in preparing for the CISSP which I'm studying for right now.

JDMurray | TechExams.net Blogs

Of course you milage may very......

[Deleted User]

The user and all related content has been deleted.

Turgon

sabooher wrote: »

My job required us to get certified in one of the infosec certifications last year. Some of my team chose sec+, others sscp, one did gsec, and me and a few others went the cissp route. I attended a boot camp which I didn't find too worhwhile. I studied an additional 6 wks on my own for about 8 hrs a day. I didn't study too much on the weekends. Yes the test is grueling and I'm still trying to gauge the value in it. I am infosec by job title but my profession is messaging architecture and engineering but at my job my statement of work is within infosec and we specialize in messaging security so I am hoping in the near future more infosec doors open up for me. So that is why I chose the cissp to pursue. I think it was worth it in the long run even though I am not so sure of the immediate benefits just yet.

A lot of companies have a tick box exercise for security these days requiring certified people. So far as the CISSP is concerned I think it's worthwhile if you can afford the time. There are some good jobs out there for CISSP holders with a solid portfolio of security accomplishments but also a lot of competition as the field is really heavily oversubscribed. I looked at it myself in 2002 after enduring a BS7799 audit but work commitments left it on the back burner. I have the endorsements lined up but no bandwidth for the exam swotting at this time. The six hour exam looks like a lot of fun.

cabrillo24

NOC-Ninja wrote: »

I currently work for NOC and have CCNA, CCNA-W, and CWNA. Also, one test away from CCNP-W and 2 tests away from CCNP. I'm really interested on security.

1. Is CISSP worth it to take?
2. For the certified CISSP's, is the ROI high enough for all the time you spent on studying?
3. How long does it usually take to study if I spend 3-4 hrs every weekday after work and 6-10hrs every weekend?
4. How long did it take you to study?

* CISSP is always one of the top security certifications to take, and has a good return on investment, as security/best business practices is relevant to every IT related function.

* Yes

* It varies per person, and experience plays a factor. Usually reserving 12 weeks to study for the exam, with 2 hours per day is usually enough time to grasp the concepts and take practice exams to re-enforce the material you've gone over.

* 10 weeks.

NOC-Ninja

SephStorm wrote: »

mmm, I disagree on the requirements being harder these days, but I wont rant again.

can you explain why you disagree on the requirements not being hard?

NOC-Ninja

Thanks guys.

I guess the next question is what should I align on my experience & certifications.

I have CCNA > CCNA-W > CWNA
Going for CCNP-W and CCNP then CISSP

Any recommendation what's next after CISSP that has a high ROI?

Thanks!

Chris:/*

What do you want to do in Security. There are many different types of jobs within Security and you will have to do many of them to reach the higher levels in the field.

NOC-Ninja

Chris:/* wrote: »

What do you want to do in Security. There are many different types of jobs within Security and you will have to do many of them to reach the higher levels in the field.

As I understand there's the red team, blue team and the policy makers. I like the blue team. i want something techie. Policy maker is good but I want my hands to get dirty.

What do you guys think is a good path so I can be a Manager or a Director of I.T.?

Chris:/*

NOC-Ninja wrote: »

As I understand there's the red team, blue team and the policy makers. I like the blue team. i want something techie. Policy maker is good but I want my hands to get dirty.

What do you guys think is a good path so I can be a Manager or a Director of I.T.?

Yes, there are positions within both Red Teams, Blue Teams & Policy writers but there are a number of other positions. You will have information assurance teams, CERT and CIRT positions, security administrators and system administrators, trainers and many many more.

Paladin is correct with the typical requirements for a Manager or Director positions but I see less people in those positions with a PMP than a CISSP. Most of those positions usually require at least 10 years experience as well.

NOC-Ninja

Chris:/* wrote: »

Yes, there are positions within both Red Teams, Blue Teams & Policy writers but there are a number of other positions. You will have information assurance teams, CERT and CIRT positions, security administrators and system administrators, trainers and many many more.

Paladin is correct with the typical requirements for a Manager or Director positions but I see less people in those positions with a PMP than a CISSP. Most of those positions usually require at least 10 years experience as well.

I'm sure I'm not going to get a manager or director positions since I don't have 10 years experience and I cant get PMP without years of experience.

I guess my question is what should be the right path to get there?
Would being a security admin the right path?

What is CERT and CIRT?
What does the information assurance teams usually do? policy?

Chris:/*

Computer Incident Response Team (CIRT)
http://www.sans.org/reading_room/whitepapers/incident/computer-incident-response-team_641

Computer Emergency Response Team (CERT)
CERT: Frequently Asked Questions

Information Assurance Teams basically ensure Confidentiality, Integrity and Availability of Information is maintained on a site.
They ensure that personnel are trained as required and that the training is reoccurring.
They ensure policy is enforced on the site.
They work with Auditors to make sure that the paperwork matches up to the practices on a site.
They track vulnerability alerts and ensure the Security or System Administrators know of them and that they are patched or mitigated.
They work with personnel to ensure asset tracking is maintained with physical and logical security.

What you want to do depends on you, what is your end goal? What is your current experience level and what positions have you held?

Chrish

I know going into this, I will get slammed but at the risk of that, my honest opinion:

The CISSP is nothing more than a resume filler to get hits from an HR filter. That's it.

I can see it be of more value in the audit area but from an IT perspective, security or otherwise, to me it does not hold a lot of
value and I've had it for 2 years. The test is exactly what people say it is, a mile wide and an inch deep and that type of material does not get you far in the IT or Security world. It is fairly pointless, it is more an endeavor, a trek, a beginning to end stick-to-it accomplishment that shows you can apply some knowledge and endure a 6 hour test. It is akin to obtaining a degree, most of us don't use most of what we learn in college but employers like to see it.

That's my personal opinion.

cyberguypr

Respawn!

redz

Chrish wrote: »

The CISSP is nothing more than a resume filler to get hits from an HR filter. That's it.

1. Welcome to TechExams
2. Duh. It rarely holds much value to the people who have it. The people who don't, however, assign it a large amount of value... And generally, those are the people paying for someone who has it.

So... what did you think certifications were, if not a way to get through HR filters and into interviews?

You didn't think they proved your worth or something, did you?

EDIT: Lol @ "Respawn", I can't give you more rep right now, sorry

beads

Chrish wrote: »

I know going into this, I will get slammed but at the risk of that, my honest opinion:

The CISSP is nothing more than a resume filler to get hits from an HR filter. That's it.

I can see it be of more value in the audit area but from an IT perspective, security or otherwise, to me it does not hold a lot of
value and I've had it for 2 years. The test is exactly what people say it is, a mile wide and an inch deep and that type of material does not get you far in the IT or Security world. It is fairly pointless, it is more an endeavor, a trek, a beginning to end stick-to-it accomplishment that shows you can apply some knowledge and endure a 6 hour test. It is akin to obtaining a degree, most of us don't use most of what we learn in college but employers like to see it.

That's my personal opinion.

This is true of any certification without a professional bar (Engineering, CPA, Legal or Medical) association enforcing membership entry and long term standards. That is why they are called true professions. The rest of us are legally practitioners not professionals. Oh lets not forget professional sports like golf where you have to pass a couple of tests before being considered a "golf pro". Much the same for the NFL or NBA. You cannot legitimately represent yourself as a basketball professional without admission to the NBA now can you? You need to pass a 'bar' or 'bar exam' first. Seems there is a Jeopardy answer in there somewhere, doesn't it?

We aren't anywhere near there in IT and probably never will be. Hence all certifications are a bit weak in this regard but its all that HR and primary hiring managers have to start with.

- B Eads