Please help me decide!

Cora5Cora5 Member Posts: 31 ■■□□□□□□□□
Hi All,

I have been studying for the CISSP since May of this year and recently have decided to try for the CISA exam in December. I'd say that I am about 70% ready to take the CISSP exam but it can wait for now. I want to get a gauge of how long it has taken most folks to study for the CISA exam.

My background is in IT Security and I do have some audit experience. I just want to make sure I'm making the right decision. I am unemployed right now and most positions are requiring a certification which I do not have. Thank you in advance to all that respond.


  • matthew2012matthew2012 Member Posts: 47 ■■□□□□□□□□

    It's a hard decision, but it doesn't mean you have a job just bcoz you have a cert.
    For me, CISSP is harder than CISA, and so assuming you have general idea of CISSP (70% ready of CISSP can pass) and as you can have enough time to study (between jobs right now). I think the preparation can be completed within a Month (now you have 2 months) .

    Good Luck.
  • Cora5Cora5 Member Posts: 31 ■■□□□□□□□□

    Thank you for the reply. In hind-site it doesn't make much sense to stop studying for the CISSP and try for a different certification less than 90 days away. I'm frustrated right now with my job search, as I have been unemployed now going on a year and a half.

    I have over 10 years experience in IT Security along with a bachelors degree. I do realize the importance of having the certifications but for an employer to trump years of experience and education for a certification is crazy to me. I'm probably over thinking this but after reviewing the ISACA website I didn't realize that they only test twice a year. So for me getting the CISA certification before the end of the year is crucial. I've been lurking around in the forums here and have read that some people took far less time to prepare for the CISA verses the CISSP.
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    It's not a matter of what trumps what. The first person to look at a resume is almost always HR. HR has no idea what they are looking at, so they just sort by what's important. Thanks to the (ISC)2 promotional machine over the last 9 years, most HR departments are told that the interviewees must have, "CISSP or better qualifications". HR, not knowing what a CISSP is, just puts "CISSP" in their resume search engine and send the results to the Tech department.

    This makes CISSP a "check-down" for security positions. Even though there are many certifications that prove qualifications better, you are going to be over looked if you don't have it.

    Personally, I have refused to get the cert. I have personal hang-ups with both (ISC)2 and CISSP. Although it has caused issues in the past, I have learned to overcome the HR issue and still get hired. I wouldn't tell anyone else to go my route though.
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager:
  • Experienced_and_TestedExperienced_and_Tested Member Posts: 30 ■■□□□□□□□□
    I took the CISSP in May and passed. After a short break, I started studying for the CISA and found that a lot of the information is the same although it may be asked from a different angle.

    I have 32 years of I.T. experience and many certs over the years (probably a dozen or so). I always debate my co-workers over the value of the certs. The folks who belittle the certs, I find, are often the ones who just don't want to buckle down and study. I have worked with many people who had no certs but really knew their stuff. On the other hand we've all known people who were well certified that didn't know anything...don't be one of them. Make sure you know your stuff and is certified to prove it to future employers. Then display it proudly.
Sign In or Register to comment.