Is CISSP for me?

I have reached a point in my career, where I believe I should start transitioning into a more senior/management role. The field of the network security really interests me and I would like to make it my primary field of expertise. I am looking for a certification that would give me a "jump start" into that field. At first I was thinking about OSCP but after reading these forums for quite a bit, I am not so sure any more and started thinking about CISSP as more beneficial. I read Keatron's post about the progression and I think more or less followed it.

Here is a bit of info about my background and education.

I started out as a help desk in USAF in 2000. After 4 years, I got out and found a civilian job as a help desk which eventually turned into a system admin. For the past 5 years, I work as a network engineer. Since I am with a relatively small company, I am the only person who supports the whole infrastructure and my responsibilities are very diverse. I support two colo's and one office locations including about 18 Cisco routers and switches, 6 Cisco ASA, IPS and around 70 servers.

My security related experience: DMZ and DR design and implementation, firewall management, IPS configuration including custom signatures for our in-house app (we process commission's for traders), VPN's - dial-in and site-to-site, implemented RSA SecurID, preparing my network for compliance and security audits, vulnerability scanning, patching, a bit of pen testing my network perimeter, GPO's, server hardening, logs and traffic monitoring. I also wrote policies for the backups, DR, router and server hardening with checklists and etc.

Education: BS in Computer Science, MS in Telecommunication Networks, CEH, CCNP Routing & Switching, CCNA Sec. Currently, I am 1/2 into CCNP Sec - still have VPN and Secure exams left but I will sit for them by the end of October (doesn't take long to study if you work with the technology every day).

Questions:
1. Given my experience and education background, is CISSP a next logical step for me? Or is there any other certification which would be better suited?
2. I know some of the posters here are in the senior/management positions. Would you hire me if I had CISSP?
3. I am afraid that coming from a small company would lower my chances of getting a job in a big corporation. Does my fear have a merit?

Thank you for reading and your comments in advance.

Find more posts tagged with

Comments

NetworkVeteran

Kreken wrote: »

3. I am afraid that coming from a small company would lower my chances of getting a job in a big corporation. Does my fear have a merit?

I've encountered concerns going from mega-corporations to startups and vice-versa, so yes, that's a valid concern. I've navigated them; others haven't. I more often see large corporations turning down folks from startups than vice-versa. The concerns often relate to the following:

1. Small companies tend to want folks who wear many hats. Large companies tend to want specialists who wear fewer hats but outperform the generalist at each one. If you've been a generalist, you may not be as strong as desired in the specialty areas.

2. The scale of devices, connections, people, threads, etc. tends to be much larger at corporations. There may be concerns about your ability to adapt without making blunders.

3. Small companies tend to be more direct; large companies tend to have more politics and inter-organizational dynamics you must understand and navigate to thrive.

You can somewhat address the specialty knowledge by learning more. You can somewhat address familiarity with large-scale by simulating that on your own.

demonfurbie

i would think that you having a ccnp:s (or soon will) why not go ccie:s

Kreken

NetworkVeteran, thank you. I do have a small lab home (7 routers + 3 switches) and run a lot of configurations in GNS3. At my work, we have a stringent security requirements since we process and store financial data and we deal with large banks and trading firms. I am sure I can pass a technical interview.

demonfurbie, thank you. CCIE Sec is planned sometime in the future. I want to hold off on it for now till I get a job that will actually benefit from my knowledge and would be interested in me getting it. Plus, if to be frank, I am bit tired of Cisco certifications and want to get something else. In the past 1.5 years, I took 7 Cisco exams not including two I still have to take to finish CCNP Sec.

ptilsen

I think CISSP seems like a great choice. It's definitely a good-to-have for almost any security position, and a must-have for many (although few would turn down a CCIE:S). CISSP is going to be much easier to attain than CCIE, and should definitely help you move into a network security position. I think between that, CCNP:S, and your existing certifications, you should do fine.

bigdogz

Kreken wrote: »

Questions:
1. Given my experience and education background, is CISSP a next logical step for me? Or is there any other certification which would be better suited?
2. I know some of the posters here are in the senior/management positions. Would you hire me if I had CISSP?
3. I am afraid that coming from a small company would lower my chances of getting a job in a big corporation. Does my fear have a merit?

Thank you for reading and your comments in advance.

1. If you are making an attempt into management then CISSP or even CISM is one way to assist you. The CISSP is more
recognized and marketable.
2. You seem well rounded and would be a great asset to any company.
3. NetworkVeteran is right. If you choose to work for a bigger company it may be more specialized. Sometimes you may be able to
step in and follow the packets from start to finish.

Good Luck!!!

Kreken

Thank you all for providing your input. Much appreciated.

Bigdogz, that is exactly the reason why I am looking into CISSP - to help me get into a management position. I think with my diverse background in IT, I should have a more clearer insight from the policy making view which things would work and which would be detrimental to the business because I have done it myself at some point. Maybe not on the same scale as in a big corporations but the way I see, the best practices for securing a server or a router are the same here and there.

How long on average it takes to study for CISSP?

bigdogz

YMMV. This depends on your experiences within the domains. I think you may have the Telcomm and Network domain down!!!
Most people take 3 - 6 months to study while others may take a year. Remember that there may be technical questions you have know down (which should not be a problem for you) this exam should be looked at from a managerial standpoint. I think having your MS would give you that assistance as well.

Kreken

I am just trying to plan ahead and thinking which certification to get after CISSP. I would really like to get OSCP but not sure how beneficial it would be or should I start studying for CCIE:S as it would take a considerable amount of time? On the other hand, after I will pass CISSP, I will start looking for a new job. Should I just wait until then and then tailor my certifications to a company's needs?

bigdogz

Studying for more than one certification at a time for different vendors may confuse you. Take one pill at a time. You will have better focus.
I would tailor your certifications that would best assist you in the field of your choice.