Worth going for Associate of (ISC) ?

mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
I have about 5yrs of IT experience but not in Security. With Security+ I can get a 1yr waiver towards required experience. Is it worth pursuing associates or should I be looking at something else instead?
Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    You get the "Associate" title for passing any of ISC2's exams without having the experience. I wouldn't ever take an exam where I wouldn't actually get the certification but some people have their reasons. (the Dept of Defense accepts it for example)
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Do you have experience in security related experience? Did you check the domains?
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    Why wouldn't it be worth it? I just saw 3 job postings the other day that accept Associate of ISC2 status if full CISSP isn't acquired yet.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    ITSec14 wrote: »
    accept Associate of ISC2 status if full CISSP isn't acquired yet

    lol, the more I hear stuff like this, the less I think the value of some certifications are. Misses the point of the certification and is against ISC2's code of ethics.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    +1 on jamesleecoleman's comment. The requirement is experience in the domains, not a security title. A lot of people in IT like have the required experience and don't even realize it.
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    cyberguypr wrote: »
    The requirement is experience in the domains, not a security title. A lot of people in IT like have the required experience and don't even realize it.

    I just explained this to a colleague today.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Sounds like a good thing to do NavyMoose CCNA. I was thinking about doing the same thing.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    If there is a local (ISC)2 chapter that you can visit it might be worth the time and effort. I was able to talk to a Denver chapter rep several years ago at a conference and she told me that my experience qualified me to sit the exam. I haven't pursued the certification yet due to other things being higher on my list, but I at least feel confident that my work experience shouldn't be a roadblock to successfully receiving the full certification.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.
    If I recall correctly, they won't evaluate your resume unless you actually take the exam.

    Honestly if you have done anything related to two or more domains you will be fine, just make sure to word your resume correctly. IT is closely related by hardening systems, account management, and many other duties. Also, if you have Security+ or a degree...you get 6 years to acquire the 4 needed (the waiver removes one year). I would not take the exam until around 2.5-3 years experience or more though because you don't benefit much in the short term by taking the exam early but at that experience level you shouldn't be hurt much by the study time.

    For the comment on the ISC2 Chapter Rep...unless it is somebody paid by ISC2, I would take what they say with a grain of salt but most tech jobs that we all have should be applicable to the requirements.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    TechGuru80 wrote: »
    If I recall correctly, they won't evaluate your resume unless you actually take the exam.

    Honestly if you have done anything related to two or more domains you will be fine, just make sure to word your resume correctly. IT is closely related by hardening systems, account management, and many other duties. Also, if you have Security+ or a degree...you get 6 years to acquire the 4 needed (the waiver removes one year). I would not take the exam until around 2.5-3 years experience or more though because you don't benefit much in the short term by taking the exam early but at that experience level you shouldn't be hurt much by the study time.

    For the comment on the ISC2 Chapter Rep...unless it is somebody paid by ISC2, I would take what they say with a grain of salt but most tech jobs that we all have should be applicable to the requirements.

    The individual was an employee of (ISC)2 but you do make a valid point about due diligence. Always take the advice given with a grain of salt as one person, even a competent endorser, may get the process wrong. Getting someone to review your resume before you sit for the exam should only be used for peace of mind, honestly, as TechGuru80 is spot on with his advice. If you have the necessary experience and you word your resume correctly, you shouldn't have any issues getting through the system. Even if they audit your application you would be golden. If you know you don't have the experience, then don't try to get the full endorsement and just take your Associate status and build the necessary experience to fulfill the requirements. Too easy, in my opinion.

    I think, given the rather busy schedule I have to the end of the year, that I will start my studying for CISSP after the New Year and aim for end of first quarter, beginning of second quarter testing.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • Terminator XTerminator X Member Posts: 60 ■■■□□□□□□□
    When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

    Not sure if you're in the Navy but anyone in the military can knock out one domain just by having to stand watch (Physical Security) which will count as a check in the box. If you recall they speak about physical security within the CBK. All you need to do is find something else in your experience that covers one of the other 7 domains.
    -Tact is for those not witty enough to be sarcastic-
    ~Unknown
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

    Or just post it here. You might find tougher critics on TE :)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    What was once stringently required for experience has long been replaced with a much more candidate friendly experience requirement. Shortly before dropping the physical paper exam it was openly agreed the experience requirement would likewise be relaxed.

    The reason for this was to answer the increasing (perceived) demand for certified analysts. Wish I had saved the articles from that time but a number of interviews were given to primarily Federal computing publications outlining the new regimen. Old timers howled at the moon about it but eventually gave up.

    We want bodies not well qualified bodies. Just the bodies, thanks.

    Yes, please go ahead and report me to the ISC(2) again. LOL

    - b/eads
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    I don't particularly agree with experience requirements to obtain a certification. One of our senior engineers at my last job was a 23yo who knew more than most. Experience is not and should not always be measured by years in the field.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    ITSec14 wrote: »
    I don't particularly agree with experience requirements to obtain a certification. One of our senior engineers at my last job was a 23yo who knew more than most. Experience is not and should not always be measured by years in the field.

    Exception are not the rules... there are some very good 23yo and some 50yo smuck with 30 year of experience who shouldnt be allowed near a computer. However by asking an exam and verifiable experience, it mitigate the risk of a having 14yo CISSP, with 3 MCSE and all Comptia certs. This discredit the certification and dont help anybody. I would not have said this at 20yo, but knowledge is something important, but at 41yo, I can tell you that experience, networking(people) and knowledge make you a career (order of those criteria is not of importance).
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    ITSec14 wrote: »
    Experience is not and should not always be measured by years in the field.

    I wouldn't expect a certification body to go anymore in depth then what they do now. Are supposed try and judge the difficult of people's positions now? icon_rolleyes.gif Would be pretty ridiculous imo. Going by length of time doing specific tasks in the domains they chose isn't too bad. The cert isn't meant for new people in the field, no matter how smart someone thinks they are.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    E Double U wrote: »
    Or just post it here. You might find tougher critics on TE :)
    My resume does need a fresh set of experienced IT eyes to look at it. I'm not getting as many bites as I would expect. I think I'll be able to do that

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    beads wrote: »
    Yes, please go ahead and report me to the ISC(2) again. LOL

    Done and done :)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I've seen beads' ISC2 complaint file. Let's just say the wing that houses the room where they keep it is called the Beads Wing.
  • laurieHlaurieH Member Posts: 109 ■■■□□□□□□□
    I would look through the exam outline that (ISC)2 provides for the CISSP - its a good guide to compare your experience against to see how it matches up. You might surprise yourself as it's quite broad. If you've had a varied 5 years in IT you have probably had some security experience which will count. The exam outline is here: https://cert.isc2.org/cissp-exam-outline-form/ (although it's changing in Spring 201icon_cool.gif
    CCNA - expired
    CISSP - live n' kickin'
    My CISSP study apps
    My CISSP study advice blog
  • mritorto2mritorto2 Member Posts: 61 ■■■□□□□□□□
    what ares of IT is your experience in? If its networking they you should be ok.

    You can always go for SSCP & Security + first.
Sign In or Register to comment.