Update: 8 Months After Passing CISSP!

Guys,

Just want to post an update and offer my opinion for those considering taking the CISSP...

I took and passed the CISSP in March of this year (2013). At the time I wore several hats in a Network Engineering team at a Fortune 500 company, but the work I was doing was diminishing since what I was responsible for wasn't the core competency of our group. I had been at the company for 13 years. I started out in the Windows Server Admin team, migrated to a team that was focused on deploying Internet facing services in the DMZ (firewalls, hardening bastion systems, IIS administration, load-balancers, forward and reverse proxy servers, email gateways, two-factor authentication, etc.), and this group was eventually grafted into the Network Engineering team where I continued performing those duties. I never became a hardcore Cisco guy (can get my way around switches and routers, but not at engineer level), I leaned more toward the security side in our group, but our company was deciding to outsource more and more of the security work. I enjoyed the security work that I had done over the years and decided to shore up my credentials with the CISSP and a couple of vendor specific certs. (i.e. Palo Alto Networks firewall). My plan was to get into a job dedicated to security.

After passing the exam and posting my updated resume on the job boards, the calls started. I had to weed through the jobs where they wanted me to go to Timbuktu for 3 weeks, the insurance agent job in disguise, and the viable Security Engineer positions. My plan was that I'd keep myself on the boards for a year with the possibility of trying out a few positions to find the right one, which I'd want that one to be a permanent position (not contract). I took a long term contract position in early June at a major auto supplier in their IT Security Engineering team....Fast forward and I'm in my second position (contract to hire) and I was just offered a permanent position at one of the largest companies in the world - this might be that position I thought it'd take a year to find

I see people rip on the CISSP on the boards, but I'll say it has been a great addition to my toolbox in my quest to refine my career. Whereas it wasn't the most technical test in any specific area, it helped me to see the big picture. That isn't to say it wasn't a difficult test - it covered alot of ground! Studying the 10 domains as they defined them allowed me to make many mental connections between the disparate parts of the IT security discipline. I can now speak confidently about overall strategy (thanks CISSP), and then pull from my experience for the tactical and more technical portions. These last two jobs have been great, and the CISSP absolutely helped me get a serious look and the interviews.

I'd say, if you have the requisite experience but are maybe having difficulty making a total transition to Security, or you need to fill in some blanks in the logical big picture, then go for it. It really helped shore up my career. I'm really happy I did it!

Find more posts tagged with

Comments

da_vato

Congrats on all the success and thank you for sharing as this is a very inspiring tale.

zxbane

Congrats! I passed the CISSP in November myself and since then have accepted an assistant IAM position which I am excited to be starting in January. It certainly isn't a bad certification to add to the resume

MSP-IT

That's awesome! Excited news and progress.

kashmo

zxbane wrote: »

Congrats! I passed the CISSP in November myself and since then have accepted an assistant IAM position which I am excited to be starting in January. It certainly isn't a bad certification to add to the resume

Congrats zxbane on your new position!

jabney

Congrats

tprice5

Pretty ballsy to leave a company after 13 years! Congrats!

kashmo

tprice5 wrote: »

Pretty ballsy to leave a company after 13 years! Congrats!

tprice5,

You touched on something I really don't see discussed much here, but it is so important to ongoing success in this field - Confidence! It truly is a mental challenge to uproot yourself from somewhere you've been for a significant amount of time - no bones about it. This is especially difficult when you've become the "go to" guy for your areas of expertise and you've built a good reputation among your peers and management. But I try to be a person who doesn't allow things to happen to him - I'd rather stay in control of my career as much as possible.

The content of the exam gave me the confidence to speak more broadly about security and it put a reasonably respected cert on my resume so I'd get a few opportunities to discuss it. Uprooting and being successful in subsequent positions has given me the confidence to forge forward and do what's best for my career without being so worried about a particular job. Too many guys stay in jobs that are dead end or in which they aren't happy because of the fear of the unknown and lack of confidence that they can survive in a new environment.

Guys, again, I'm not saying that one exam is the golden key, but it's definitely a valuable piece of the puzzle. Will you have to start over and prove yourself to a new set of folks? Yes, and that's honestly a mentally challenging task. But, it's an exercise I know will make you much better in the long run. It's just like physical exercise: Allow yourself to be broken down to rebuild stronger.

Kashmo

joebanny

@Kashmo, thanks for sharing. My story is quite similar to yours, passed in May 2013 and it has been upward trajectory for me in my career. I moved from being a Sr. Tech Support Engineer in a fortune 500 company to being an Information Systems Security Manager for a relatively small firm within 6 months with huge salary boast, I know people who started in IT Security before mean still on the same job, hoping and wishing they get certified some day! You've got to take your destiny in your hand and take the plunge. Someone once said, there are 2 type of people in the world: "those who make things happen and those who watch things happen". I choose the former and have no regret about it.

teancum144

joebanny wrote: »

Someone once said, there are 2 type of people in the world: "those who make things happen and those who watch things happen".

Don't forget the third type of person: "those who wonder what happened".

Plan2succeed

Hi -
I am new to this forum and this is my first post.

I am planning to take this exam shortly and I have a question. I am Project Manager (risen through the ranks as a developer) and manage multiple projects. I am PMP certified (since 2005) and have a more than 15 years experience. Would it make sense for me now change career tracks and go for this? Or i can still be Manager with this certification in which case the question is - how much does this assist me in career as a Manager.

I really want to do this and would help any suggestions.

vasyvasy

Hi, and welcome to the forum Plan2succeed

I don't think anyone can help you with this question... you can read the curricula for the (ISC)2 CISSP available here: https://www.isc2.org/CISSP/Default.aspx
And then decide whether you should pursue this piece of paper, given your plans for your career

Please bear in mind that once you get a certification, this will not get you fired from your current position of Project Manager...

If anything, it should help you gain a higher position or at least you will learn some new basic stuff about security just can prove very valuable for any incoming projects

Btw, many consider the CISSP as being a manager-ish certification, as it will only test the infosec domains from the manager perspective and is not over-technical

Best of luck

emerald_octane

Plan2succeed wrote: »

I really want to do this and would help any suggestions.

CISSP + PMP? Wow, that's a potent mix. Many employers would be happy with either one. Both is twice as nice.