CISSP training worth it?

ptilsen

My boss has offered to send me to more training (just got down with the Deploying 2012 ConfigMgr course), and I am considering CISSP as a logical step towards branching into infosec. I would already be self-studying it, but with my current college workload I have put certs on pause until May.

What I want to really evaluate here is if taking a CISSP course is a good use of time. I am generally able to self-study for certifications and succeed. To me, it is simply a matter of whether instructor-led training is going to be a faster or better way to get the material in. Configuration Manager training was good because of the instructors' expertise and the lab setups that would be time-consuming to reproduce.

Since work is paying, money is not an issue, but I could take Microsoft or SANS training or something else if CISSP really doesn't justify the instructor-led training.

Any opinions here? I don't have unlimited training options, so if CISSP is too easy without training I don't want to waste it. My gut reaction is that is seems very approachable for book study and might not be the best choice for training.

f0rgiv3n

I don't have a CISSP yet but am currently pursuing it. In my mind, any high level, prestigious certification should be treated with respect. What does that mean to me? To me it means getting the best training experience you can get and milk it for all it's worth. I see the CISSP as a very prestigious certification and because it is a mile wide and a foot deep I am taking a SANS course. I have also heard great things about SANS training in the past so I'm very excited to have the opportunity.

I have self studied for every certification I have, except for my Juniper certs (I took a week long training). If you are looking to go down the infosec route, I say spend your training $$ on SANS training and not Microsoft.

That's my two cents, take it or leave it... or save it for later and maybe you can buy a soda.

Mrock4

I'd highly recommend it. I had network security experience, but no CISSP prep, and the bootcamp is what allowed me to pass hands down. Even then, it was a really difficult exam for me.

t17hha

I guess it comes down to how quickly you would like to pass, I didn't attend a bootcamp and I hadn't sat an exam for a number of years but I initially began studying for the CISSP in October initially and began to take a week or so to go through each module (slowly as I hadn't read a book in a while and Shon Harris was at times a bit too much) which took me to about end of December early Jan.I then created a study plan and from Jan to Tuesday this week, I believe I went through all the modules using Shon Harris OIG and also the Eric Conrad Study Guide, doing a module a day and I believe I was more than well equipped for the exam and didn't find it too difficult. I sat over probably 4000 questions but did dedicate more or less all my time to it.I believe it can be done without going for the bootcamp, I will probably share my study plan that I created which I used for the last couple of months for the final push, but it will take a lot longer and you will need discipline, A LOT OF IT!

t17hha

Apologies for the long message, for some reason it wont add the line breaks!

Iristheangel

You must be using IE 10, T17hha.

I would highly recommend the official ISC2 bootcamp. I studied 8 months prior to the bootcamp by watching the CBT Nugget videos, the AIO book and the official CBK. I ended up shelling out $2K for the bootcamp and I found that it really helped solidify my knowledge. I took the practice exam the first day of the class that they provided and got an 80% on it but by the end of the week, I was scoring 90% on most of the objectives (Except BCP... GRrrrrr *waves fist*). I originally planned to take the exam 3 months after the bootcamp but I rescheduled my exam for that weekend and not only did I pass but I completed the exam in only an hour and a half.

I highly recommend the training seminar

ptilsen

Three CISSPs, one of whom is almost a CCIE, probably aren't wrong.

Thanks for the feedback. I'll see if my boss agrees to it.

Alternatives I'd consider are the SANS training aligning with GCWD or the next ConfigMgr course because they align more with what I'm actually doing right now. I am in a very broad and deep role right now that goes all the way from security policy and configuration to Windows 7 and software deployment using SCCM 2007 and eventually 2012 CM. The CM training is more pertinent to my current day-to-day, and it's not like I'm ever going to starve by being a System Center expert, but I do want to branch into security and out of MS specializations. We're possibly about to get very siloed so I think CISSP now is wise.

Thanks again.

Mrock4

Absolutely. One thing I love about the CISSP is you'll find individuals who hold the CISSP in very different roles. In my current role I'm doing consulting, for example, and our customers really take comfort in having a CISSP who knows networking. I'm not suggesting you learn networking, but just illustrating if you get your CISSP and learn more about MS technologies, you'll be in a great position to use both sets of skills (security and your vendor-specific skills). Let us know how it goes!

t17hha

Nice picture Mrock4, and nope I'm using Google Chrome...

If you are able to do the bootcamp then I would, unfortunately I wasn't given an allowance because my manager said he would prefer me to understand the domains then just learn to pass them and to a point I felt that was true especially when you haven't done any certs in a while!

All the best, would be a good idea to get a bit of a heads up before the boot camp to help grasp more from it from what I have read.

RanMic

I would recommend the boot camp also. You dont have to test then if you dont wan't too. We had at least 4 people in our class that attended the bootcamp and then went back home to study and take it at a later date. I myself took it then, faild it and retook it three months later (two weeks agao) and passed. The class did give me a good foundation to build off of when I started self studying. The test the second time around for me was a ton easier, but still challagening. I think I was overprepared......and that is not a bad thing.

Good luck in whatever you choose to do.

bobloblaw

I gotta play devil's advocate here. With your background in net+, sec+, and access control, you already possess a pretty high amount of the technical info in the book. You should almost breeze through half the thing. Then just quiz quiz quiz and brush up steadily on the info you don't already know.

You could also pull an audible. Plow through the book, do some quizzers, and see how confident you feel. If you're not confident, then op for the boot camp.

If time is a factor, then I'd say do the boot camp. Otherwise I agree with you on opting for the SANS training.

dijital1

If you're serious about a career in information security, then "Yes" you should get the CISSP certification. I'd also recommend that you take on 1 or 2 of the specializations as well as they fill out some of the knowledge gaps that the CISSP leaves.

ssehg

CISSP is the most respected certification. I recommend you to attend boot camp . I myself attended one by Simplilearn.

webgeek

If your employer is willing to pay for you to go to a bootcamp I would take it in a heartbeat!

wembley1973

Hi Angel,How did your ISE project go?I was thinking of doing a CISSP, no you have done it do you think it was worth it?Kind Regards,Ashl