Compare cert salaries and plan your next career move
ramrunner800 wrote: » Someone sent me a disgruntled PM about my comment calling CISSP a waste of time, particularly considering that I hold CEH. Fair point, so I'll take a second to explain my reasoning.
M0CAMB0 wrote: » It shouldn't, ramrunner is talking with a big bias based on the field he is working in, a big bias. CISSP is a management oriented certification, if you were to follow his advice you would be doing OSCP instead. I don't know about you, but I don't want to be doing malware analysis and reverse engineering exploits all my career, and that is essentially what you'll be pidgeon-holing yourself into if you go down this path and stick with it, because unless you have any management experience or education, you're going to be stuck doing it all your life and have a CISSP guy managing you. This is why there is a great demand for the hands-on guys, it is not a field of work the majority of people want to do for the rest of their life, you really have to be compassionate about it. At the end of the day, do what you want to do, not what the industry is demanding, Security in general is one of if not the hottest fields in the IT industry to be in right now, we are in demand everywhere.
Dr. Fluxx wrote: » I dont ever want to take the CISSP..to me, its a glorified CEH..its cheesy in a way as, for now, I am working toward the OSCP. BUT. This is the first time someone, after me looking somewhat down on the CISSP, has ever put that cert into perspective. Ech...as much as it pains me, that does make me think that i should probably, after my oscp look to at least get a CISSP. Especially if im more skilled that he is.
fabostrong wrote: » Thanks for the insight. What certifications if any would you recommend? Have you done packet analyst, forensics, and malware reversal? What was your first security job?
TeKniques wrote: » Being someone who holds both the CISSP and the OSCP I will give my .02 since the thread seems to have gone that way. The CISSP is a good certification to have simply because it can checkbox a requirement for a job application, and I am glad that I have it. That being said, I do believe the certification is overrated and after taking (and passing) the OSCP exam they are an apples to oranges comparison. When it comes to comparing difficulty, in my opinion the OSCP would be a 9/10 and the CISSP a 5/10 (totally subjective I know). Having said all that, and being an Information Security Manager if I was looking to hire someone for a technical role an OSCP certification definitely shows more technical aptitude on paper, but you really never know until you interview and ask the right questions. The advice I would give is to get both of those certifications, because they make you more marketable as a professional. Ultimately however, you need to make your success happen.
Mooseboost wrote: » It comes down to what you are looking for and what part of the field you wish to go into. Saying the CISSP is a waste of time is both true and false, with the line being drawn where you wish to place your focus.
M0CAMB0 wrote: » I don't know about you, but I don't want to be doing malware analysis and reverse engineering exploits all my career, and that is essentially what you'll be pidgeon-holing yourself into if you go down this path and stick with it, because unless you have any management experience or education, you're going to be stuck doing it all your life and have a CISSP guy managing you. This is why there is a great demand for the hands-on guys, it is not a field of work the majority of people want to do for the rest of their life, you really have to be compassionate about it.
Dr. Fluxx wrote: » What state do you live in...so i dont move there
ramrunner800 wrote: » Employers with cert requirements (outside of government, because that's a whole different ball of wax that NONE of this applies to) tend to be employers who don't know what they're doing. I know immediately that's going to be a bad fit, and I'm glad they don't call.
jelevated wrote: » I bet you would love an employer that called you in thanks to your precious GIAC certs, else why even bother taking the test? So some (well, many, actually) prefer ISACA or ISC2 certs and they don't know what they're doing. Ok, well, meanwhile those with ISC2 certs will continue to reap the benefits. Most employers like a specific cert to thin out the herd. Fact is that many many people have technical skills and a CISSP on top of whatever other certification they have. I see it in my organization. I see it in the resumes that hit my desk. Windows, Network, Firewall, IDS, Linux, lots of people have it. Surprise surprise. Those who have sought certification (in particular the CISSP) often have killer resumes and interviewing skills. They may not always be the best candidate, but they typically aren't the bottom of the pile with irrelevant experience and lacking depth.
ramrunner800 wrote: » I'm not exactly sure of the point you're trying to make here. Could you clarify a little? I think you're trying to point out a contradiction in what I've said based on my holding of GIAC certs, but I encourage you to read my post(s) again. Certs matter, 100%. I do get calls based on my GIAC certs, but that isn't really relevant here. GIAC certs indicate competence in a particular area, and do not indicate competence in others. The same is true of CISSP; that shouldn't be a point of controversy, unless you believe that CISSP is a highly relevant certification across the entirety of security. If you believe that, sorry, it's not true. If you want to do things that actually involve breaking into systems, or hunting for people who break into systems, CISSP is a feather in your cap(and sometimes a scarlet letter), but not a lot more. There are certainly some tech folks who pursue CISSP to get more calls. I feel that I acknowledged that fact, and that it's a valid approach. As I stated, I'm not one of the folks who throws out CISSP resumes, though those folks do exist. I also didn't say certification doesn't matter, quite the opposite. My C|EH, which is rightfully one of the most maligned certs available, helped my career quite a bit. You get what you think helps you feed your family, and there's absolutely nothing wrong with that. There are also some fields where ISC2/ISACA certs are relevant, and that's okay. People with ISC2/ISACA certs deserve to reap benefits in those fields. I certainly don't contest that. I thank the good lord daily that I don't work in those fields, and I'm sure folks in those fields are happy not to work in mine. I'm not questioning ALL requirements for CISSP. I'm questioning a selection of them, in fields where it isn't a relevant cert. The problem with CISSP in particular is that it claims to be applicable to all of security, and so people recommend it to every security professional, or aspiring security professional. That's simply not appropriate. There are definitely lots of tech folks who hold the cert, especially as in the past it was much more valuable. That said, there are folks winning Person of the Year awards in technical fields whose twitter display names are variations on "notacissp." And thankfully there are lots of orgs that are dropping it as a req. I checked the postings of a few major financial institutions, who tend to be at the bleeding edge of the security field, to see what they were looking for. Some of them even had management positions with 20 item long "Preferred Certification" lists, which didn't contain CISSP(though thankfully for me all my GIAC certs, and even more, were listed). Bottom line: Do what you gotta do to get a job, but if you're early career and working on the tech side, there's likely better ways to spend your time.
LordQarlyn wrote: » LOL, yeah, sure, dude, nobody in all of planet earth right now wants anybody with a CISSP, sure, buddy. https://www.my.jobs/jobs/?q=%22Chief+Information+Security+Officer%22#1Why, just take a look at these CISO postings, they all want GIAC certs. Oh, wait... if they're asking for any certs it's CISSP or CISM...Well then, look at these search results for CISSP versus GIAC! Oh, wait, CISSP jobs outnumber GIAC jobs over 3 to 1, and some of the GIAC postings also would be interested in CISSP. But yeah, like you said, no banks or financial companies want anything to do with anyone with CISSP certifications, right? Right? Oh, wait, there are quite a few banks and financial auditing firms with CISSP openings.Well, buddy, I guess I am just hurting from the $25k+ raise I got from my CISSP
ramrunner800 wrote: » like a madman, and avoid waste of time certs like Cisco and CISSPmy comment calling CISSP a waste of time Some folks on the tech side of security say they throw away resumes with CISSP unless you believe that CISSP is a highly relevant certification across the entirety of security. If you believe that, sorry, it's not true. one of the folks who throws out CISSP resumes Second, the days of CISSP being a good path to management by itself are numbered. Some of them even had management positions with 20 item long "Preferred Certification" lists, which didn't contain CISSP
LordQarlyn wrote: » I used hyperbole but no, all your posts on this thread have been claiming the CISSP irrelevant and employers toss out resumes with CISSP on them, see your words below. A five minute search showed that to not be true. At least others who don't want to pursue the CISSP, or your certifications, acknowledge they have value, that they simply aren't in the career path they want to pursue, while your very long replies can be boiled down to that any certification that you don't have are worthless certs lol. Hell, dude, you even called the Cisco certs worthless when 90% of the internet routers are made by Cisco lol, to say nothing about the amount of Cisco switches out there. And yeah, I'm an obnoxious jerk lol.
redsteel wrote: » This thread is really killing my mojo.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
