Should I Obtain CISSP Now?

guy2smooth

Hello all. I am in the military and I am about to use my certification fund before I get out. People have told me that it would be best to use this fund for the CISSP since it is more expensive and get other certs on my own. But I read that you cannot get the CISSP unless you have at least 5 years experience, which I don't have.

Right now I am trying decide which of 2 certificate programs to use my fund on.

Option A: is an entry level certificate program which I would obtain A+, Net+, Sec+, MCTS, CCNA, and CCENT

Option B: An Information Security certificate program where I would earn (IS)^2 and CISSP.

I have been leaning torward option B since it seems like it holds more weight and also because I have been advised to start with CCNA and go from there so I have been self studying. I can self study and obtain the lower certs with no problem. I just wanted the military to take care of the big one. Please let me know your thoughts.

redz

Without a better overall view of your experience, time remaining in service, and plans for when you get out, it's really hard to make an informed recommendation. I'll throw a couple scenarios at you, see if any stick.

Scenario: You will have over three years of CISSP domain-related experience at the time you are to separate.
Recommendation: Go for the CISSP. Take "Associate of..." title for the time being, and get a Security+ afterwards to cut the fifth year off to get the full thing, and find a CISSP domain-related job (even if that means sacrificing the location you want to live in until you have the requisite experience).

Scenario: You will have under 3 years of CISSP domain-related experience at the time you are to separate.
Recommendation: Option A. That will get you DoD 8570 IAT II and make it easy to leverage your (assumed) clearance to find a job once you're out. A lot of defense contracting firms and government agencies will have training funds for their employees, and Opt A will give you a good leg up on getting one of those positions.

Scenario: You will have over 1 year of CISSP domain-related experience at the time you are to separate, and have a CISSP domain-related job already lined up for your separation.
Recommendation: Option B. CISSP is substantially harder to self-study for than the others listed. If you already have a job lined up where you can get the experience you need and don't need the certification to help you get interviews for a job, take the "Associate of (ISC)2" title for the time being.

Honestly, Option A will open a lot more doors for you than Option B coming straight out of the military, and without further information, that's what I would have to recommend, because it's a substantially safer route.


EDIT: In either scenario where I recommended Option B, that recommendation is predicated on you actually attaining the other certifications, or a subset of the other certifications, "at your own pace" afterwards.

JDMurray

You can take the CISSP exam without having the requisite professional experience for full certification. That's good enough for DoDD 8570.01. 'nuff said.

guy2smooth

Thanks for the responses. As far as my background, I have 3 years left in the military. I am not currently doing an IT related job, I do not have a job lined up for when I get out, but I am preparing myself now to get into Network Security. I am enrolled in a bachelors degree program and I will have that before I get out but I want to knock out some certs too since I have the certification fund.

NavyIT

What branch are you in? The Navy had paid for all of my certs, and as far as I know there is no cap or "fund". I've never been denied a cert voucher that I've requested. They just keep on giving!

guy2smooth

I'm in the Air Force. We have a $4500 certification cap. My job is not IT related. IT related career fields are able to get all of their certs funded by their unit because that is part of their career progression. My unit will not fund these certs so I have to use my TA. the AF will fund 1 certification training. The 2 programs I found were the best I have seen for my $4500 limit.

da_vato

In option "A" do you only get one of the mentioned certs? or do you get them all? As you will read through out this board there isn't really such a thing as an entry level security job.

Personally I would recommend getting a CCNA and Sec+ before you shoot for CISSP simply because I believe there is no substitution for a strong foundation. If you have the basics locked down tight you will find that obtaining the CISSP will come a lot easier.

Your future employer might even pay the cost for you to obtain the CISSP because you having certain certs is just as valuable to the organization as they are to you.

guy2smooth

I would obtain all of the certs mentioned in option A. I talked to the advisors today about option B for more clarification. In option B I would actually be able to obtain the Sec+, SSCP, and CISSP. The CAP was also mentioned. I never even heard of that one yet. I feel pretty good about this course though, and I think I am going to dive into option B.

redz

I was in the wrong branch.................................................

You can't get any of the (ISC)2 certifications until you have some experience. I would try to pass the exams as close to being handed your DD214 as possible.

da_vato

Option B sounds like a smoking deal if you're looking to get into the security realm.

guy2smooth

That is what I'm aiming for

dmoore44

My question comes because I'm not clear, so my apologies in advance... but do you have ANY IT experience? If so, could you detail it for us?

If you have none (outside of the knowledge gained in your BS program), I would probably suggest Option A. If you have some (i.e. a year or two), I would still suggest Option A. If you've been around the block a few times, then Option B would be a better fit - you have to know how something works before you can start to secure it.

guy2smooth

I have no work related experience. Just my BS program and self study. I just read into it a little more. You need experience in at least 2 out of 10 of the domains. My job is actually physical security so that would count as one. For two I would be able to fall under Information Security Governance and risk management according to isc2.org. In the Air Force, everybody in every unit has to do cbt training modules on infosec, information assurance awareness, and operation risk management. I been in for 6 years.

da_vato

The annual infosec awareness training your are talking about does not cut it as far as experience. Based on your working experience I have to agree with dmoore44 to go for option A. With a strong foundation you'll be a better IT proffesional than if you went for option B right away. If you're lacking the basics it will show in your work.

It seems you were looking at the options through a financial aspect but you should really look at it from an educational aspect. Plus you need to explore the IT field to really know if Security is the realm for you. After some exposure to the field you may find another route is more suited for you than security.

guy2smooth

I was looking at it from a financial aspect. I see that option A is the smarter route so thats what I will do, thanks for the input guys.