Change of Career - CISSP Route

blacksta_5blacksta_5 Registered Users Posts: 1 ■□□□□□□□□□
Apologies if this matter has dealt with many times

Firstly, I have been a Performance tester in the UK for the Last 7 years and would like further my career options by specialising in Infrastructure security from the point of penetration testing or other applicable areas. I am very interested in obtaining a CISSP certification

I have gone through the ISC candidate profile would like to know if my last 7 years can be considered as pre requisite professional experience required to obtain a CISSP.

I also hold a degree in Computing.

or what route would you recommend Thanks


  • Commander JamesonCommander Jameson Member Posts: 8 ■□□□□□□□□□
    No-one on this forum is going to discourage you from doing a CISSP!

    Let’s begin by looking at how certifications and salaries relate to each other.

    CISSP average UK salary of £50,000
    CISSP Jobs, Average Salary for CISSP Qualifications

    Certified Ethical Hacker average UK salary of £42,500
    CEH Jobs, Average Salary for CEH Qualifications

    I have put CEH there as you may want to look at this before CISSP. My experience is that penetration testing is a constant learning curve as you need to keep up with modern attack techniques to remain relevant in your role. CISSP, however, has many eternal principles which apply no matter how the technology changes over the years.

    Now, I’m not adducing that certs equal higher salaries, as there's more to the job market than that. But I would say that they play a role in presenting people as competent professionals, who have put themselves through independent testing and that this likely helps in the recruitment process.

    By studying for CISSP or CEH, you will get a feel for the typical issues that crop up in the security world. By doing so, you can make up your own mind on your appetite for a change in career focus.

    The CISSP cert is tough one to get as it is very broad and some concepts are highly counter-intuitive to people new into the profession, e.g. that well-known and studied encryption algorithms are ‘safer’ than one which you have developed yourself in secret and only you know how it works.

    However, if you can study the heck out of material, as I’m sure you did in your computing degree, then surely you can pass the exam.

    Passing CISSP exam is usually valid enough in the UK job market. If you are concerned about the professional experience element, you can read about it here

    I recommend you take a look at some CISSP books and make your own mind up.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,718 Admin
    You can take the CISSP exam before have acquired the prerequisite professional experience needed to obtain the full CISSP certification. After you have passed, you are given six years to obtain the necessary professional InfoSec experience before being required to take the CISSP exam again. As Commander Jameson pointed out, having only passed the CISSP exam can be a sufficient qualification for employment and promotion with many employers (it certainly is with the US DoD, anyway).

    As for your current work experience being applicable to CISSP certification, you would need too look over the ten domains of the CISSP CBK and determine if what you've done fits into any of the ten broad categories of InfoSec work experience. What the (ISC)2 is looking for is work directly related to Information Security process and procedures.
Sign In or Register to comment.