Should I get a lesser cert or CISSP?

I have a year left in my Bachelors in science cyber security (college of business) Have no idea how my diploma will read. All my class's are business classes and its a college of business but my major is Cybersecurity.

So anyway I finished my Network + class got a (B) in it. I have 1 year left in school I have alot of free time to study for a cert so should I just study for a ISC^2 CISSP Exam? Or should i do Network + or security PLus etc.? In my degree program I have to take those class's regardless and use the books but its just to prepare you for the exam the school doesnt administer them.

The school also told me that if I take and pass the CISSP exam it exempts me (give credit) to 3 classes which will satisfy my degree making me able to graduate sooner by a semester.

Anyway I am a noob to all of this please give any wisdom you may have.

I am not sure what direction I want to go inside the career field of cyber security I can only know that once im in the work force or intern (maybe) so what would you say is a better approach at things? I figured i need experience so might as well pass the text and everything else once im hired would fall in place 4 years later.

anyway let me know guys your the ones out there in the real world

Find more posts tagged with

Comments

jt2929

I would go Security+ if I were in your shoes. You won't be able to get the CISSP credential, or even mention passing the exam on a resume, without the required experience. No use in passing an exam if you can't use it.

TankerT

Go for the CISSP exam. jt2929 is only partially correct. While you can't list "CISSP exam complete" on your resume, you can claim Associate of ISC2 status if you register with ISC2 after passing the exam.

I wouldn't get Sec+ unless you are in a job market where it will provide some known specific value or it is a specific requirement for some jobs you are targeting.

If you pass the exam you get:
1- Finish school earlier - allowing you more time in the job market (from what you stated in your post)
2- Claim Associate of ISC2
3- Have the exam done, so you can certify when you meet the experience requirements.
4- Get all the other benefits of ISC2 membership

Sec+ you get an entry level certification which has limited long term value.

That's my opinion.

ITSec14

Nothing wrong with aiming high and attempting the CISSP, but maybe getting the Sec+ or SSCP before that would give a solid foundation of the material you'll see on the CISSP.

Don't just focus on the certs though. Find other ways to build your knowledge, such as doing practice labs for hands on experience. That's where you really see the biggest return.

ddayglo

Strong agree. Security+ first.

Then either cisa, sccp or ceh depending on the track you want. Each has sample tests you can try after you pass the security+ to see which topics interest you the most, which cert would seem easiest to tackle nextr, and especially as a guage to see what your interests arewithin infosec.

Danielm7

WIZARD1325 wrote: »

The school also told me that if I take and pass the CISSP exam it exempts me (give credit) to 3 classes which will satisfy my degree making me able to graduate sooner by a semester.

You're in no way the right candidate for the CISSP normally, but accelerate your degree by a whole semester? Will probably save you a ton of money, i'd totally do that. I know everyone makes a big deal about it, but it's not "replace a whole semester of school" level of difficult. As the others mentioned, be aware of what you're getting, you're trying to finish school, you're not actually a CISSP.

Now, with that all said. You somehow have a cyber security program in a business college, which is really bizarre. It's bad enough trying to get a job in security without experience, even with a degree, but it sounds like you barely even have security related classes in the first place. So, without knowing which classes you'd be skipping, or what it's costing you, it's hard to say what to do for YOUR situation.

dinger68

ddayglo wrote: »

Strong agree. Security+ first.

Then either cisa, sccp or ceh depending on the track you want. Each has sample tests you can try after you pass the security+ to see which topics interest you the most, which cert would seem easiest to tackle nextr, and especially as a guage to see what your interests arewithin infosec.

This is what I would do if I was you.

mritorto2

go for security + first then sscp then cissp.

TankerT

Danielm7 wrote: »

Now, with that all said. You somehow have a cyber security program in a business college, which is really bizarre.

Not at all bizarre. I sit on a board for a School of Business at a large University. They have had a security program for over a decade, and have been updating it every two years. Other schools in my area are either creating the program, or including some curriculum related to the topic.

TankerT

WIZARD1325 wrote: »

The school also told me that if I take and pass the CISSP exam it exempts me (give credit) to 3 classes which will satisfy my degree making me able to graduate sooner by a semester.

I'll emphasize this a little bit more than my previous post. This is key. Like others have said, it saves you money, and gets you out earlier. In the end, the value of this is way beyond the certification. I agree that you are not the typical CISSP candidate. But, you are not unique either.

Just doing the math... as I mentioned above, I sit on a Board for a University. Lets say a semester costs you $10,000. (I am using a very generic number, as that can vary widely... just plug in your local number...) And, at the school I am on a board for... the average cybersecurity graduate makes $55,000 per year starting. So, a semester is roughly 4 months. So, you figure the gained income is about $18,000 and you are not out $10,000 in expenses.

That is a $28,000 financial gain just from passing one exam. (Again, local finances... just plug in your numbers...)

Financially, it makes great sense. Strategically, it sets you up for one of the premiere certifications.

Edit: Also, I am a c-level executive for a company, and am on several other boards. Security+ and SSCP are nice, but not really in demand in my area. I don't see a lot of long term value in them, unless you are targeting jobs as a government contractor, DoD, or other area where they are in demand regionally.

CryptoQue

Go for the CISSP because it will work out better for you in the long run. You can build your professional experience in InfoSec after you're completed with school. In my opinion, being an associate of ISC2 hold more weight/marketability than the other certs.

Danielm7

TankerT wrote: »

Not at all bizarre. I sit on a board for a School of Business at a large University. They have had a security program for over a decade, and have been updating it every two years. Other schools in my area are either creating the program, or including some curriculum related to the topic.

Not to totally hijack but is there not a CS or CIS or some technical related program it should be more linked to than business?

mritorto2

just curious what school is it. Is it an online school

kiki162

Before you even jump into certifications, do you have any idea on what area of the field you want to get into. In other words, what is your ideal job? On the CISSP, remember you need 5 years experience in the field. So even if you were to pass the exam, you would be an Associate of (ISC)² and NOT a CISSP. Try looking at going for the SSCP instead, as you might be able to swing by that exam depending on your classes.

Like everyone else is saying in here, go for Security+ then SSCP.

TankerT

Danielm7 wrote: »

Not to totally hijack but is there not a CS or CIS or some technical related program it should be more linked to than business?

You fill find that many IT related programs (CIS/MIS, etc) are in a school of business. In fact, many universities will have a CS program in their science school/department where as they have an MIS/CIS program in their business school.

Cybersecurity is all about managing risk, which has traditionally been more linked to people with a business background, and not a technical background. (Which is why some of the big security audits, like the SOC series, are put out by places like the AICPA... and most of the audits are provided as services by accounting firms.) You'll find that firms hire lots of people with accounting degrees to do their IT Audit work. (In fact, at the university I work with, when it comes to students majoring in accounting, their top minor is IT, which preps them for that type of work.)

TankerT

kiki162 wrote: »

Before you even jump into certifications, do you have any idea on what area of the field you want to get into. In other words, what is your ideal job? On the CISSP, remember you need 5 years experience in the field. So even if you were to pass the exam, you would be an Associate of (ISC)² and NOT a CISSP. Try looking at going for the SSCP instead, as you might be able to swing by that exam depending on your classes.

Like everyone else is saying in here, go for Security+ then SSCP.

I don't think what type of job is relevant here. He is getting a degree in Cyber Security. That is general program. The CISSP is a general certification. The CISSP exam will get him out of school early which has clear monetary benefit. So, the major benefit of the exam isn't the certification, it is the early degree completion. The eventuality of the cert is a secondary, yet major bonus. SSCP has little value in the market.

And, if he can pass the CISSP exam, if he needs a certification, he will be able to do the Security+ without sweating. But, I think the point many people are missing is that in this person's case, the major benefit isn't the certification, it is the education completion.

jt2929

TankerT wrote: »

I don't think what type of job is relevant here. He is getting a degree in Cyber Security. That is general program. The CISSP is a general certification. The CISSP exam will get him out of school early which has clear monetary benefit. So, the major benefit of the exam isn't the certification, it is the early degree completion. The eventuality of the cert is a secondary, yet major bonus. SSCP has little value in the market.

And, if he can pass the CISSP exam, if he needs a certification, he will be able to do the Security+ without sweating. But, I think the point many people are missing is that in this person's case, the major benefit isn't the certification, it is the education completion.

I don't agree with that at all. Security+ is way more technical than CISSP. The are two totally different exams focusing on different subjects.

ITSec14

I have to agree with Tanker on this one...

If you can save yourself money in tuition, that can mean huge financial savings over time. I've talked to so many people who say the CISSP really isn't even that hard. That doesn't mean EVERYONE can pass it, but I'd at least give it a shot.

shimasensei

It's great that the school would give you 3 classes worth of credit. I would go for based on financial and time savings, not to mention that CISSP is a valuable high level info-sec certification.