which has more value: CISSP or Bachelors Degree

ajs1976

Daydreaming today and came up with this. If I my position was eliminated tomorrow, which would help me more with finding a new job: CISSP or a Bachelors Degree?

I have almost 14 years of experience, multiple certs from MS, Citrix, and CompTIA, and an Associates in CIT focusing on Network Administration. I have a plan for the next 6-9 months. Just trying to figure out what comes after that.

N2IT

Six in one hand, half dozen in the other.

NetworkVeteran

I'll go with, "The Bachelor's degree, of course!" The devil's in the details. While I'm sure you could identify a low-value degree from a low-value school, not much beats a challenging degree from a well-regarded school. Once you have actual degree programs and schools under consideration, we would be able to make a better comparison.

gbdavidx

get degree then cissp? ****, my goal is just to become sys admin right now

emerald_octane

I know lots of infosec folks with degrees and no CISSP. I know of very few individuals who have a CISSP without a bachelors.

So i'd say go for your bachelors, especially since you already have an AA, then shoot for the CISSP.

ChooseLife

If you are planning to do both eventually, do some homework on which one helps the other most - e.g. Bachelors will help with the CISSP experience requirement (but then you've got multiple certs covering that), and there are some degrees that will grant some credits for having CISSP.

pinkydapimp

I think short term, if you have the 5 years security experience and you are looking for a job right now, obviously the CISSP will help and if you have the experience you can get it in a bout 3-4 months. Long term, the Bachelors will obviously be more valuable.

JoJoCal19

As someone who just graduated with my bachelors from (arguably) the best school in FL, the University of Florida, has over 6 years InfoSec experience and most of that with the largest financial firm in the US, I have to go with CISSP. From my job searches, and applications submitted, I'm finding the CISSP to be the gatekeeper to the better InfoSec jobs. So many people apply that if you don't have the CISSP, your resume is not getting past the filters. Also most of the jobs that would be a move up for me all prefer a CISSP, and you know people are applying that have one. Now my experience isn't everyone's experience and may not be the situation in other locales, but I'm just sharing with you my experience and I would bet you would find the same elsewhere.

RoyalRaven

Better get both - you're competing on a level field with folks holding a CISSP and a masters Overall the CISSP will help your IT career immediately (however long you want to work in this field), the Bachelors degree will help you for life, even if you switch careers. I see the Bachelors more of a requirement than anything else in IT and the CISSP as a requirement for most InfoSec disciplines. I have told every person I know to get a bachelors if you're going to stay in IT...you cannot apply to many of the openings without one now, regardless of how talented or certified you are!

sratakhin

I would rephrase your question in the following way: which would hurt your prospects of finding another job the most - not having CISSP or not having Bachelors?

jibbajabba

ajs1976 wrote: »

<snip>

Whilst you say how much experience you got in x, you don't actually say what you want to do. That pretty much dictates what is best for you - Bachelors or CISSP

Also depends which Bachelors obviously.

You are applying for a position in Veterinary Science
Will a CISSP help ? Nope !
Will a Bachelors in Music help ? Nope !

You are applying for a position in Infosec
Will a CISSP help ? Yepp !
Will a Bachelors in Music help ? Nope !

You are applying for a position in a Music Academy
Will a CISSP help ? Nope !
Will a Bachelors in Music help ? Yepp !

So how long is a string ?

Basically - it depends

ptilsen

Expanding on jibbajabba's point, it really depends on what you're experience is and what you want to do. If you're trying to break into security with 14 years of largely non-security experience, I think it's the CISSP, hands down. A bachelor's degree is great, but it doesn't magically make you more qualified for security positions overnight.

On the other hand, if you're not looking for pure security roles (regardless of how technical), I would say a bachelors degree is going to have a lot more marginal value at this point, especially if you're trying to get into more of a managerial role. A bachelor's degree should also be substantially more work than a CISSP (frankly, if it's not, it's not worth having), so it should be more valuable. I just don't think it is for pure security positions at this point.

Of course, even there, the specifics of what you want to do really come into play. If you want to do something highly technical, a CS degree could be a lot more valuable than CISSP, even for a security position. For example, CISSP hardly qualifies anyone to be a real pentester (to write reports, sure, but not to do the actual ground work), but a CS degree would easily give and prove the skills needed to at least pick up pentesting pretty quickly.

ITcognito

Expanding on TC's question, with a Bachelor degree in InfoSec completed or in progress, is Security+ worthless if you'll try to obtain CISSP in a few years anyways or is it a good way to get your foot in the door?

ptilsen

CISSP builds on quite a bit of the Security+ content, and Security+ can be a valuable credential on its own. It certainly doesn't make sense to pursue Sec+ if you're already or nearly qualified for CISSP, but if that is a few years down the road, I would get it (and did). Even if it doesn't get you into a full-time security position, within other positions you can quickly become the person that gets turned to on security issues, even with just a Security+.

holysheetman

If I had to go back to before I had a degree then I would say, the CISSP. The ROI is much greater than how much time/energy you will have to invest into a degree, given that you pass the CISSP first time lol - study study study!

N2IT

If security is your game the CISSP is it. I've seen security managers with just CISSP and high school diploma, no college. I've rarely seen a security manager or high level analyst without some security credentialing. Besides networking, security is number 2 in certification requirements. (JMHO)

JoJoCal19

N2IT wrote: »

Besides networking, security is number 2 in certification requirements. (JMHO)

Agree wholeheartedly. Good luck moving up from a entry or lower level InfoSec job without one of the more well known security certs.

dave330i

jibbajabba wrote: »

So how long is a string ?

2x the distance from mid-point to either end-point.

ajs1976

thanks for the feedback everyone. I'm in a Manager/Security/Sr. Tech role and as I look for material that will help with my day to day work, I keep coming back to the CISSP. Originally planned to start back for BS in the spring and then going for the CISSP after, but thinking that reviewing the material sooner, may help my current position. If i'm going to review the material, might as well take the exam too. Came up with the question while wondering about the impact switching the order might have if an unexpected situation came up.

jibbajabba

dave330i wrote: »

2x the distance from mid-point to either end-point.

How Long Is A Piece Of String?

apr911

So I read this question and specifically thought of it as "What will help me secure a more quickly..."

I think the answer to that is the CISSP. Its stature has fallen a bit (it used to be the be-all-end-all of security certs and if you had it you could write your own ticket) but the CISSP is kind of like the union card of IT security professionals and if you dont have it and are looking for a career in IT security, a lot positions are closed to you.

Having a degree does open a few doors but not as many as not having a CISSP closes. Of course having both would be the ideal.

Now that being said, thats only part of the picture.

Experience will play a bigger role than either the CISSP or degree and if you want to move up into management within the organization, I think the degree will take you further than the CISSP.

And of course this is all predicated on the theory that you have a degree valuable to the industry your in (IT) or the company you work for. (i.e. a degree in music isnt likely to get you far in IT or Business [unless maybe if you work for a music company] by itself or with anything else for that matter)

zidian

I'm coming in a couple days late, but my opinion lies mainly on where you want to be in the next few years. Many of the jobs that I apply for want to see a 4 year degree plus 10 years of experience. These jobs say that 2 years of experience may be substitute for each year of the degree. In your case, that would mean you need 14 years of experience to meet the base qualifications of the job.

These jobs also typically comb through the work history to ensure all the stated experience is IT/Technical in nature (Tier 1 is usually considered the most basic that is accepted as IT Related) with the more recent job roles needing to be similar to what is being applied for.

So with that said, if your experience of 14 years can all be attributable to IT, I'd say go with the CISSP. It should give you the most bang for the buck in the short term. If some of your early years of experience are likely to be excluded as IT experience, I say go with the 4 year degree and then get the CISSP after that.

Food for thought.

blueberries

A B-degree in electrical engineering and east asian studies are two different things....

ajs1976

zidian

Previously when looking at job requirements, most of the jobs that interested me ask for a bachelors or equivalent work experience. Now the jobs that interest me are asking for a minimum of a bachelors degree and a masters is preferred.

paul78

Andy - a good measure of whether your qualifications could land you a job is to simply send your resume to a few prospective employers. Technically speaking my job requires a BS with Master's preferred but I have neither.

sratakhin

ajs1976 wrote: »

Previously when looking at job requirements, most of the jobs that interested me ask for a bachelors or equivalent work experience. Now the jobs that interest me are asking for a minimum of a bachelors degree and a masters is preferred.

I think you just answered your question.

anITguy

I have a BS in Info Sec/IA and am a CISSP. I found that the types of jobs I'm looking for require CISSP and ample experience, rather the BS. I suppose it's the type of job you're trying to land. Another thing to think about is that the CISSP credential (unless strictly looking for an IT security position) is often coupled with other subdivisions of IT. For example, employers love when Sr. Net engineers or programmers are CISSPs as it serves as almost assurance that the net engineer or programmer understands the importance of, for example, defense in depth or interleaving security throughout.

I am in IT forensics so being a CISSP landed that job for me, over the BS.

Greg

PsychoData91

The way I've had this explained to me is usually
Certification --> I Know these objectives and I've passed a test to prove it
Degree --> I've had classes that include some of this stuff.

Another thing I'e always been told is that you can learn what you need on the job, but certifications prove you know that part.

The benefit of a degree, in my experience, is that it has a little bit of everything instead of a concentration in one thing. That might be better than a certification, it kind of depends on the position.


My gut feeling: If you have the 5 YEARS of experience to get a CISSP, then get the CISSP and document that experience on a resume. Maybe even include the BA with an expected graduation on it.
In my situation - I'm just starting. I'll have an Associates (most places ask for bachelors I know), a CCNA, SSCP, A+. I also have some MOS certs that my school was doing free testing on, I'm not turning down free testing. As it stands I'm interviewing to get a job of around 55K with no work experience except a networking department internship and regular work experience.

EDIT: Another thing of HUGE importance is the way you spin yourself and your experience. I'm interviewing for Level II helpdesk from no IT experience and I got most of my spin from previous experience in Best Buy Mobile, Domino's Pizza, and certifications.

Best Buy Mobile: Helping customers use and understand technology
Troubleshooting devices in person and over the phone
Keeping customers calm and helping calm customers that are already upset

Domino's Pizza :Managed employees and kept the phones answered, the food made, and the drivers on time.
Performed on site technical and network troubleshooting
Communicated effectively with in store and district supervisors to meet goals and increase sales

[Various Certs] : Technical knowledge in bla field


I related IT and helpdesk experience to domino's pizza. I deserve a cookie or something

CyberfiSecurity

In my own opinion a CISSP is equivalence to a Master degree in Information Security.

jvrlopez

As a CISSP holder with no degree, I'd say it helps in the short term. I did land a $20k raise because of it. But as time goes on, I'm noticing how not having a bachelors is a glaring shortfall amongst my peers. However, I do see more job listings in my industry that require a CISSP (thank you DoD 8570) as opposed to an explicit requirement for a degree. I also have come across some listings where there is parity between the required amount of experience and the degree you hold (no degree and 7 years, associates and 5 years experience, bachelors and 3, or a masters and none).

Doyen

Since you made the point of what if your position was terminated tomorrow, I would have to agree with the person below about getting your CISSP. Of course, I am under the assumption that you do not have either at that moment, so my reasoning is studying for the CISSP certification would be faster and less expensive than working on a undergraduate degree. Long term, however, your undergrad will aid you in progressing with your career opportunities with most employers than not having one. Hopefully that was the answer you were looking for.

pinkydapimp wrote: »

I think short term, if you have the 5 years security experience and you are looking for a job right now, obviously the CISSP will help and if you have the experience you can get it in a bout 3-4 months. Long term, the Bachelors will obviously be more valuable.