CISSP GIVES VISIBILITY! (Warning: Long Read)

CISSP Cert pays off in a BIG Way!I passed my CISSP certification the last Friday of April 2013 and got my endorsement completed within 2-3 weeks after (would have been shorter but for my first endorsee taking time on it- had to use someone else). Since then, I had updated my resume, updated my job search profiles and other profiles like LinkedIn. Since doing this, boy, has there been a visibility or not!

Things have really changed for me big time! While I have done a number of phone interviews based on the jobs that I applied for, the one that have surprised me the most have been the countless ones that I didn’t apply for that have been coming my way. Many came from different parts of the country which I declined because I don’t want to relocate at this time.

Because I so badly wanted to change job, I was frustrated for a while because even though I did many phone interviews and I had a few who told me they are waiting for their bids to go through (the Govt basically delaying them), I had quickly forgotten that it has only being about 1 month since getting my CISSP certification!

Well, my breakthrough came about 2 weeks ago, and it came just like every other job that I have worked at in the last 10+ years. It came through a recruiter finding my resume and telling me the company wanted to hire in a few days. He asked for my desired salary, I gave him a figure in the range of 50-75% higher than my current salary. He agreed to submit me for the job- no question!

The company requested a face to face interview within 2 working business days. I did the interview and the Project Manager was so impressed that I have my CISSP! They told me they were making a decision that same day! Well, by the time I was leaving my current job for that day, the recruiter called me that they decided to hire me for the job at a rate above my least figure- at least 50% above my current salary! It was incredible! I'm starting in less than 2 weeks!

That’s not the end of the story; I am still getting calls for interviews. Currently there is another one that a recruiter has just submitted me for. I turned another down a couple of days ago because I didn’t want to lead them on to the point where it will be hard for me to decide what to do!

Why am I sharing this? I just to encourage anyone out there contemplating taking this certification that it is well worth it! This is no doubt that this is the best pay off ever on any certification I have ever had in my career! So if you want to boost your career, this is the cert to take, stick with it, your effort is never in vain! Be encouraged! You can do it, your sacrifice of money, time (with family) etc will be well worth it in the end!

Find more posts tagged with

Comments

the_hutch

Yeah....I can second this. When I dropped CISSP on my LinkedIn page, I got like 5 times the number of hits from recruiters than I did before that.

danny069

Great story man, I was looking into the CASP, but looks like i'm going to go straight for the CISSP too, I hope I meet all the credentials for endorsement. Congratulations once again!

emerald_octane

Great post haha. I love how you can pick and choose job, location, salary etc. Very good position to be in

.

For those wondering, Associate status does give give a muted but noticable boost aleast in my organization. I swear people talk to me moreso about infosec since passing the test.

sigsoldier

Congrats to you! Hard work always pays off!

YuckTheFankees

Can go into a little more details.

What was your past experience in?
What kind of jobs are you getting interviews for?
etc..

cyberguypr

Awesome. CISSP gets badmouthed in some circles but it definitely gets you noticed. At the end of they day that is all that matters.

f0rgiv3n

Dude... I'm so giddy right now after reading this. I'm currently looking for other opportunities and have been getting a little bummed out. But I hope that having my current certs + CISSP will put me into a whole new ballgame. As soon as my official email comes in, I'll be throwing CISSP on my linkedin and resume!

emerald_octane

No need to wait. Officially, everyone who passes the exam or is waiting for endorsement approval is an "Associate of ISC^2 toward CISSP".

ChooseLife

Awesome! Congrats and thanks for the motivation!

da_vato

emerald_octane wrote: »

No need to wait. Officially, everyone who passes the exam or is waiting for endorsement approval is an "Associate of ISC^2 toward CISSP".

Is this for real Octane? I passed the exam and am waiting for my endorser to .... well I am waiting on him, Ill leave it at that.

joebanny, I want to thank you for posting this to encourage those who are getting discouraged. I went to a boot camp and only one of us did not pass, the rest of us are trying to get this individual to study harder and retake it. Now I am going to refer him to your post.

cyberguypr

From ISC2:

How to Become an Associate

Don't Meet the CISSP, CAP, CSSLP, SSCP or CCFP Professional Experience Requirements?

Don't worry! You can still become an Associate of (ISC)² by completing and submitting the examination form and successfully passing either the CISSP, CSSLP, CAP, SSCP or CCFP examination.

The Associate of (ISC)² toward CISSP designation is valid for a maximum of six years from the date (ISC)² notifies you that you have passed the exam, within which time, you'll need to obtain the required experience and submit the required endorsement form for certification as a CISSP.

JoJoCal19

Thank you so much for the post joebanny! You have just validated what I have been feeling all along. I have what I would consider a pretty solid resume (at least to move up from my current Infosec position) and I have had no luck with job apps. I just feel that I'm not even making it past the HR search filters due to lack of keywords, specifically CISSP. I've been studying for it for a couple of months and anticipate testing in August. I've been telling my wife from all of my job searches online, the CISSP seems to be the gatekeeper to mid/upper level Infosec positions. You've just given me even more motivation than I already have.

instant000

Agreed. Of the certifications that I currently possess, CISSP has the highest ROI. Of course, I would argue that meeting the prerequisites for full endorsement means more for it than anything else.

I don't consider it the be-all/end-all of information security, but if you are trying to branch deeper into information security, CISSP would be a logical step-up from the Security+.

Then again, I get to come across CISSP's who don't know what nmap is (even though they possess a CEH) -- stuff like this makes you question how they got their credentials.

Hrm, I am getting off-topic.

Back on subject: CISSP is high on ROI, as far as certs go. Just make sure that you know more than what's in a cert track.

Hope this helps.

badrottie

instant000 wrote: »

Then again, I get to come across CISSP's who don't know what nmap is (even though they possess a CEH) -- stuff like this makes you question how they got their credentials.

Nmap falls into telecom and network security for the main part. The CISSP is focused on information security, and from a theoretical aspect, not an applied one.

That being said, any infosec professional that doesn't know what nmap is and what it is used for in this day and age....

JDMurray

badrottie wrote: »

That being said, any infosec professional that doesn't know what nmap is and what it is used for in this day and age....

...would be an InfoSec professional who doesn't work in the domains related to network security.

colemic

JD I get your point, but using this specific example, NMAP is a pretty basic (as in fundamental) security tool. I may not know how to use it, but at least I know what it is.

ptilsen

Nmap happens to be a popular host/service/vulnerability scanner. It is far from the only one, and I would argue that someone can be well aware of what such scanners are, what they do, and still not be familiar with Nmap.

I do get where you're coming from, but my opinion is that one should not shoehorn the totality of infosec into that of technical infrastructure security. There are undoubtedly competent policy managers who have virtually no technical knowledge of network scanning and in turn no tool familiarity. Conversely, it wouldn't surprise me if there were skilled malware analysts, programmers with graduate degrees, who have no knowledge of it. I advocate for a strong, broad base, but there are definitely people who can go extremely deep in one area, be successful and competent and productive, and still lack basic knowledge in other, closely related areas. Just as I've known extremely talented software engineers who couldn't pass A+ to save their life (without the requisite 1-5 weeks of studying), I'm sure there are competent infosec professionals who know nothing of Nmap.

Anyway, getting back on topic, this is good confirmation for what should be known. CISSP has its flaws and there are strong opinions about it for good reason. What I don't really see as debateable is its clear demand in the marketplace. There are a lot of positions out there for CISSPs in all domains, period. It's definitely a resume-worthy addition, and I would argue one of better cost-benefit investments one can make.

joebanny

badrottie wrote: »

Nmap falls into telecom and network security for the main part. The CISSP is focused on information security, and from a theoretical aspect, not an applied one.

That being said, any infosec professional that doesn't know what nmap is and what it is used for in this day and age....

One could be CISSP certified without really having the technical expertise of a tool like Nmap and many others used for pentesting, which is why the CISSP is a cert for managers- thus it is not a cert focus on any specific domain. I like its dynamism- which enables you to relate to security in the way you want to. For instance one could be a Project Manager but required to have CISSP perhaps because they will be involved with documentation that must meet FISMA requirements, this individual certainly may have heard of nmap (or whatever tool out there) but may NEVER have any use for it-still they are still involved in security. What I have seen at organizational levels is that Security roles are broken into Technical (involving things like SOC, vuln mgmt etc) and POLICY (documentation, compliance etc). For me personally, I'm involved in both worlds and love that, while I have been a tech for most of my career, my technical writing skill is helping me play a role in policy, this is making me a better Security personnel. So at the end of the day, it really depends on what you want to use your CISSP for, so it is not absurd at all that a CISSP may not know or have exposure to a particular tool. Besides, even for the most prolific security techie out there, you will be surprise at the unbelievable amount of tools you may not even have a clue about!