CISSP Reputation

I just had a conversation with a friend who made a comment that people should not get their CISSP. He actually passed the exam a while ago but didn't have the years of experience quit yet so he is an associate. I didn't go into detail as to why, other than I told him that it has opened some doors for me and that I feel more well rounded as a security professional from what I learned in my studies. He is a VERY smart guy with an excellent understanding in the more technical areas such as penetration testing and forensics. Among many other certifications, he just got his OSCP and is working on his OSCE.

My questions is, what are other hearing about the value and reputation of the CISSP? I know that Dave Kennedy is now on the board which I believe is a good sign. I studied extremely hard for the CISSP and it was very difficult so I guess I am just hoping the hard work wasn't wasted. I know it has helped me get my new job and is assisting me down the road of building a new security program, bringing my organization into compliance, and completing risk assessments. When I first started down the road of security I never knew the importance of GRC. I was alway tantalized by the sexy world of penetration testing.

Thoughts??

Find more posts tagged with

Comments

gespenstern

Well, CISSP reputation is certainly better than of some other certs not to be named... They do a good job producing high quality questions, battle brain **** and manage to cover "all security" which is a pretty hard thing to do.

BTW I voted for Kennedy, Wim Remes and a japanese granddaddy last year. Was very glad to see them all winning.

For me it didn't give much in terms of knowledge, most of new things I've learned while preparing were government things (TCSEC, Bell-LaPadula, etc) that I never or barely use in real life anyways. But for passing HR barriers this cert is second to none.

g33k3r

Thanks for the feedback! My background was in operations primarily so I gained a different side of knowledge in my prep which is more valuable than I thought.

TechGuru80

Nobody knows everything in the CBK because more than likely you only work in a few domains. Unfortunately your friend who is wishfully thinking...CISSP is still one of the most listed certifications on job postings and will continue to be.

beads

(*Yawn*) The CISSP has become nothing more than the required piece of paper to pass HR and recruiter filters - nothing more. I routinely tell recruiters that if you give me the book and materials on Friday I will pass whatever cert come Monday morning. Tech certs at least. Back in college I have written advanced papers in business, chemistry and nursing with the lowest grade being a B+ - usually an A but an A- being acceptable. I was a CS and Psych major. The 1980s was not like today where the top grade was the most common award but much the opposite. A C was average and the most likely grade awarded. Fast forward to the modern tech age things are certainly different. Having meet many a faux-CISSP in recent years has left me a bit pale when it comes to actual skills if not "skillz". Posers exist in all fields but we do a poor job at best in removing or enforcing any standards to membership. This is key to becoming an actual profession.

No matter what the cert says we are aren't professionals by any stretch of the imagination, we are analysts. A profession requires governmental sponsored licensing and a few other requirements you can feel free to educate yourself, if you wish.

@gespenstern

I have great expectations of change, each and every election but year settle for small incremental changes. Happy to see the standing ethics committee. Haven't read the minutes to see what has transpired but will hope to see something more positive in the future.

- b/eads

wacky5

Just my opinion only....

I equate the CISSP certification to a college degree. Was it difficult to get? Not really. Did it cost me money and time? Yes. I don't think this certification is as exclusive or as highly regarded as some think, and this is the same with someone with a MS or BS degree. Just because you have these things it doesn't mean that you are better than everyone else. It just means you put effort and time into making yourself better and were rewarded with a degree or a certification.

In the IT field, you see people who talk about getting it and people who actually do it. In a sense, I will differentiate someone who has spent time and money for experience but I understand that there are some who go with the experience route that doesn't require time and money.

In short, this certification will separate you from the masses but stay humble.

dustervoice

This has been discussed a million times on here If investing $650 in a cert helps you get a better paying job then it has value it doesn't matter if the test ask you to colour the picture of a face. CISSP doesn't turn one into a security expert but it validates that you know the very basics and recruiters/HR likes it.

beads

@dustervoice;

It has been discussed and will continue to be discussed a "million" more times on this board because of the interest in this or any other get rich scheme. Then again there are others on this board who insist that if you can pass the exam you should be able to ignore any requirement to any exam.

Not pointing fingers but you know who you are.

I'll stick by my guns on the weekend comment. Been there - done that. Now, I don't update my cert list.

- b/eads

g33k3r

wacky5 wrote: »

In short, this certification will separate you from the masses but stay humble.

I like this comment!

What I've heard from those I respect in the field is what you do after you obtain your certifications is what matters. There were domains on the exam I had little experience and areas where I spent most of my career. Knowing this and the demands of my current job, I have taken on this challenge and have expanded my knowledge in the domains where I need work. The main reason why I got into this field is because there is always something new to learn, which keeps me humble.

renacido

For the millionth time, look at job advertisements for positions you want to fill, if the majority of them desire candidates with CISSP, then yes it's worth getting.

You DON'T need CISSP to get any infosec job (outside of DoD8570), and the role it is best suited for is Security Manager for a medium-large enterprise.

The reason the average salary of a CISSP is high is because the average CISSP has 14 years of infosec experience. Having this certification does not by itself qualify you for positions paying 6 figures.

Please copy and paste this on all the 793,827,374 other threads asking this same question.

SuperISSO

renacido wrote: »

For the millionth time, look at job advertisements for positions you want to fill, if the majority of them desire candidates with CISSP, then yes it's worth getting.

You DON'T need CISSP to get any infosec job (outside of DoD8570), and the role it is best suited for is Security Manager for a medium-large enterprise.

The reason the average salary of a CISSP is high is because the average CISSP has 14 years of infosec experience. Having this certification does not by itself qualify you for positions paying 6 figures.

Please copy and paste this on all the 793,827,374 other threads asking this same question.

Interesting. I see plenty of infosec jobs outside of DoD require the CISSP (especially contractor positions). Usually, Federal positions states that they highly desire the CISSP.

In summary, just get the CISSP

because for the most part it is worth obtaining. As for the CISSP concentrations, I would suggest only getting them if the job requires or pays for the training.

renacido

SuperISSO wrote: »

Interesting. I see plenty of infosec jobs outside of DoD require the CISSP (especially contractor positions). Usually, Federal positions states that they highly desire the CISSP.

You're in Maryland I see. That explains a lot.

So, they are "Federal" positions (so GS positions for FedGov) and contractor positions. I'd bet many if not most of those positions you are seeing are under DoD-8570 (NSA, DIA, DISA, NRO, mil contractors, contrators with mil clients, GS employees under DoD or working on DoD sites such as the Pentagon, Andrews, Bolling, Meade, etc).

If you were in NYC, SF, Chicago, or anywhere else where you're not surrounded by military bases and military contractors, you'd have a very different perspective.

Gess

Yeah, replying that they're not DoD but Contractor positions instead is pretty funny.

havoc64

IMHO it still has great value. I have over 20+ years of IT Security experience, I am retired Air Force and currently still in the IT Security work force. I review a lot of articles and magazines and when it comes to the topic of Top 10 IT certifications to hold, CISSP is always on the list, and always close to the top.

Some may feel that it's a HR check box during the hiring process, but let me put it this way. Many of you would not have the jobs you do now if you didn't have your CISSP, Would you have your new car, your house, that nice watch, etc etc etc?

Secondly, since it has become a world wide certification, look at the number of non-US people that have posted in these threads about taking the test. That only reinforces the fact that it's reputation is still strong.

Does it have value=Yes
Is it worth the effort=Yes
Is it's reputation still good=Yes

Ertaz

havoc64 wrote: »

Many of you would not have the jobs you do now if you didn't have your CISSP, Would you have your new car, your house, that nice watch, etc etc etc?

I was told that obtaining the CISSP within a year was a requirement when I got this job last July, so I am very much aligned with this statement.

I would also note that the CISSP has value outside the government umbrella, in the financial world.