Compare cert salaries and plan your next career move
GAngel wrote: » I don't think I know anyone who's passed the exam that would consider it technical. Its a management exam for experienced techie's looking to make the transition nothing more or less.
docrice wrote: » I think this point can be argued for practically any certification. I don't have a CISSP, so I can't comment on its difficulty nor its potential to make me more relevant as a practitioner. However, I do have several GIAC certs and GIAC is generally well-respected in the infosec community. So does this mean I'm competent? Yeah, right... Part of the problem lies in how the certification is accepted at a higher level. I know many management types who look for the CISSP on a candidate's resume. It's the only infosec cert with "safe" brand recognition that they're aware of and don't understand what it really is. To them, it's a pinnacle of achievement and they weigh it accordingly. From their eyes, there's the assumption of technical competency, and perhaps this is a failure (or success depending on how you look at it) on the part of the certification authority in providing an understanding of what the cert really measures.
SephStorm wrote: » Unfortunately theres not much chance of that happening. Even people who hate the CISSP with a passion for that reason, will end up taking it because they cant get through HR without it.
SephStorm wrote: » Even people who hate the CISSP with a passion for that reason, will end up taking it because they cant get through HR without it.
tpatt100 wrote: » The CISSP like what was already mentioned is a higher level security cert. You can hire a bunch of super hacker white hat techies and your security will still suffer because somebody has to know how to design, manage, organize your security. I used to think the CISSP was just a way to get through the HR wall but realize now it taught me pretty solid foundation that allows me to explain the importance of security during an interview rather than throw out a bunch of techno babble.
jadedsecurity wrote: » It's not supposed to be technical, my argument is that it shouldn't assure competency.
JDMurray wrote: » Please supply a link or reference to official (ISC)2 documentation that states their certifications "assure competency." I've never seen that direct claim made by any major certification organization.
competence (ˈkɒmpɪtəns) — n 1. the condition of being capable; ability 2. a sufficient income to live on 3. the state of being legally competent or qualified 4. embryol the ability of embryonic tissues to react to external conditions in a way that influences subsequent development 5. linguistics performance langue Compare parole (in transformational grammar) the form of the human language faculty, independent of its psychological embodiment in actual human beings
chrisone wrote: » . The world of IT is less chaotic with more CISSPs behind management decisions IMO.
Bl8ckr0uter wrote: » Notice number 1 and 3. I am sorry but this is a very weak argument. A certifying body isn't going to come out and say "Our certs don't mean you know anything" because no one would take the time to get the cert at all and no one would require it for their current and potential employees. The marketing department of the certifying body is going to push that cert until the market thinks it "means something". If the CCNA didn't have a "worth" and didn't prove a perceived compantancy, would anyone go after it? No not all. The CISSP is pushed by ISC2 as being the "ultimate" security cert and a lot of people in high places believe that. ISC2 makes it seems that if you have a CISSP you can secure pretty much anything and the market believes that. They make it seem that passing the exams proves ability and thus makes you competent. The bottom line is this: Certs are only as good as the people who hold them. There are probably CCIE's who know less than folks with CCNAs or Network+. Individual knowledge cannot be gauged from what certs a person has but unfortunately that is what hiring people do, that is why they want CCNP's instead of CCNA and CISSPs instead of security+ holders. I honestly have no idea why people defend or attack it so much. It is just a cert and like all the others suffers from the same problems as all certs. I guess maybe because a lot of CISSP certified people believe their own hype. Many of them are great but a lot aren't and they walk around like smiling bob. But again that isn't the fault of ISC2, that's the markets fault for believing them. ISC2 just wants to push a product and they need for that product to be looked at as the primeo. Just like cisco does with its certs and Microsoft does with their certs. You just proved my point entirely and you should like marketing for ISC2. You assume a CISSP can make better decisions because they are a CISSP (circular reasoning). And none of these are meant to be attacks on anyone who has the cert, wants the cert or anyone period. I respect all of you and I also respect ISC2 (mostl there hustle but they also seem to be giving back to the community which is good) . But it is just the truth. All certs only mean what the market says they mean. If the market says that the CCIE is no longer the top network cert and say the Network+ becomes the big dog, then having the network+ will make you an expert (IN THEIR EYES). In practice, that is a totally different story.
Bl8ckr0uter wrote: » The CISSP is pushed by ISC2 as being the "ultimate" security cert and a lot of people in high places believe that.
Bl8ckr0uter wrote: » The bottom line is this: Certs are only as good as the people who hold them.
Bl8ckr0uter wrote: » All certs only mean what the market says they mean. If the market says that the CCIE is no longer the top network cert and say the Network+ becomes the big dog, then having the network+ will make you an expert (IN THEIR EYES). In practice, that is a totally different story.
cabrillo24 wrote: » I think the point the person was trying to make is that at the very least, someone with a CISSP certification would be in a position to align strategic alignment to the objectives of management vice someone who's never had the training or education or the exposure to this. Remember, it wasn't too long ago where security was just considered an IT thing, and system administrators did as they please. Now security is baked in to all aspects of the organization and our security professionals need to have that understanding. Security is simply not about applying patches, but understanding cost-benefit analysis, continuity, RPO, RTO, law and regularity compliance, user aware-ness etc. I'm not saying that the CISSP wil give you that knowledge, rather, it gives you a foundation of understanding the 30,000 foot view of security within an organization.
JDMurray wrote: » If the only purpose of certification was to impress other people to get a job then this might be true. Certification, however, overlaps with education and experience. Pursuing certification is an excellent way to study new fields of learning, provide instruction in a classroom setting, engage in an intellectual hobby, or understand just what the heck the people you manage do for a living. Certs must have a meaning to the cert holder first to be of any value.
JDMurray wrote: » Once again, you will need to supply me a reference to official (ISC)2 documentation that makes this claim. Simply saying "their marketing literature makes people believe this" is is a subjective opinion and not a definitive fact.
CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement. The Certification That Inspires Utmost Confidence The CISSP credential demonstrates competence
JDMurray wrote: » And when you make this judgement for the CISSP, be sure to consider all 70,000+ people that hold the certification. All too often people will judge a cert based on only a few cert holders, or on some second-hand information (or rumor) they they were told. People tend to retain negative information more than positive information, so negative stories are always present. Judgements based on extremely small sample sizes, and biased opinion, are not likely to be an accurate representation of the true situation.
chrisone wrote: » Lets face it, everyone here if we had our own multi-million or billion dolar companies, knowing what we know, since I assume we all work in IT here, we would hire those individuals with he high end certs. I wouldnt trust my company's security with anyone that doesnt have those high end certs IMO.
chrisone wrote: » Exactly! i dont believe certs are made to make a profit.
Bl8ckr0uter wrote: » Just thought that was funny I have spoken to idk maybe 40 CISSP certified people. I will not go out and survey 70k people. I can tell you without doing that any cert is only as good as the person that holds them. I don't need to go and talk to every CISSP to determine that. For those people who use certs as a hobby, sure maybe certs have a different meaning. But for those of us trying to get/keep jobs, certifications are about that skrilla. Nothing else applies. I can assure you that the vast majority of CISSPs (or X certification) holders aren't going after those certs for fun or for interest. Certs are an investment and you expect to get something out of them and most of the time, that something is money. I think you are taking everything I say about the CISSP personally which was not my intention. Maybe it took you a while to get that cert and you are proud of it, which I can understand, I feel the same way about the CCNA. But seriously it is just a cert, nothing to get all religious about. Maybe if I get the CISSP I will understand why people get on here and fight tooth and nail over it, but probably not.
cabrillo24 wrote: » If and when you obtain this certification, please refer back to this topic, will be pretty interesting to see what your views are then after you're introduced to the material. I think we've given you plenty of examples of the value of this certification and what its intended for and what its not intended for.
The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers. CISSP professional work experience will typically include: • Work requiring special education or intellectual attainment, usually including a liberal education or college degree. • Work requiring habitual memory of a body of knowledge shared with others doing similar work. • Management of projects and/or other employees. • Supervision of the work of others while working with a minimum of supervision of one’s self. • Work requiring the exercise of judgment, management decision-making, and discretion. • Creative writing and oral communication. • Teaching, instructing, training and the mentoring of others. • Research and development. • The specification and selection of controls and mechanisms (i.e. identification and authentication technology, not the mere operation of these controls).
jadedsecurity wrote: » That's exactly my point cert with experience is competency without its worthless. isc2 is a cash machine with a huge conflict of interest in how they run their business. Security practioners need to change the perception associated with the CISSP.
Bl8ckr0uter wrote: » I thought this was interesting:
L0gicB0mb508 wrote: » I'll throw my two cents in just for funsies. I don't hold the CISSP to a very high standard either. It is the gold standard of security certifications for whatever reason, but personally I just don't see it. I see too many people with the certification that really don't impress me, especially with all the requirements needed to get it. I'm not saying everyone with a CISSP is an idiot or anything, but it seems that certification draws them in because it's the cert to have. With that being said, I will probably end up taking it at some point just because everyone wants it. It would be more of a check box for me than anything else.
cabrillo24 wrote: » I think the people that don't grasps the importance of this certification or appreciate its difficulty tend to be those who serve in engineering/systems administration roles or tend to believe security is an IT thing. The CISSP gives you that 30,000 foot view.
cabrillo24 wrote: » By no means does this certification make anyone an expert, but it is a difficult exam, requires a certain amount of experience and is costs a pretty penny to obtain. You personally may not be impressed with certain CISSP's; however, they were able to pass the exam. Granted, their certification status may not be applicable to their job, but people need to get out of the mantra of "well if you have your CISSP you should be good in this..." It doesn't work like that.
cabrillo24 wrote: » But it often seems that the people who critique the CISSP certification, often are the ones who don't have the certification. To me it's an extremely valuable certification, and has really been applicable to what I do career wise and has set a foundation for my other studies. Not to mention the monetary compensation. As the saying goes...don't knock it, until you try it.
L0gicB0mb508 wrote: » I don't work in engineering or systems administration. I am however experienced in managing/performing security testing, audits, and compliance efforts. I also have done hands on packet level security work. To be honest I actually respected the cert more when I was a sysadmin. I'm sorry, but passing an exam doesn't really earn my respect. I have no doubt its a difficult exam, as I have read CISSP study material. I know it doesn't make you particularly good at one thing or the other, however the perception that the CISSP is the best security certification out there is getting old. I chose not to take the exam. I read material to even possibly take the exam at one point. To get my DoD IA Tech III certification I chose GCIH over CISSP. I'm just sharing my opinion on why I think the CISSP is overhyped beyond belief. I realize you have the certification, and I'm glad you find value in it. I actually mentioned in my post I will end up taking it at some point.
cabrillo24 wrote: » Ok? Your point? I do realize you have a contrarian attitude on these boards..
cabrillo24 wrote: » some people hold certifications and it makes us scratch are head
The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
• Work requiring the exercise of judgment, management decision-making, and discretion. • Creative writing and oral communication. • Teaching, instructing, training and the mentoring of others. • Research and development. • The specification and selection of controls and mechanisms (i.e. identification and authentication technology, not the mere operation of these controls).
cabrillo24 wrote: » You're required to hold a certain number of years of experience related to the domains of the exam. Once you apply for certification, you must be validated by another person holding the certification or audited by ISC2 to validate your experience.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
