Worth going for Associate of (ISC) ?

I have about 5yrs of IT experience but not in Security. With Security+ I can get a 1yr waiver towards required experience. Is it worth pursuing associates or should I be looking at something else instead?

Find more posts tagged with

Comments

NetworkNewb

You get the "Associate" title for passing any of ISC2's exams without having the experience. I wouldn't ever take an exam where I wouldn't actually get the certification but some people have their reasons. (the Dept of Defense accepts it for example)

jamesleecoleman

Do you have experience in security related experience? Did you check the domains?

ITSec14

Why wouldn't it be worth it? I just saw 3 job postings the other day that accept Associate of ISC2 status if full CISSP isn't acquired yet.

NetworkNewb

ITSec14 wrote: »

accept Associate of ISC2 status if full CISSP isn't acquired yet

lol, the more I hear stuff like this, the less I think the value of some certifications are. Misses the point of the certification and is against ISC2's code of ethics.

cyberguypr

+1 on jamesleecoleman's comment. The requirement is experience in the domains, not a security title. A lot of people in IT like have the required experience and don't even realize it.

E Double U

cyberguypr wrote: »

The requirement is experience in the domains, not a security title. A lot of people in IT like have the required experience and don't even realize it.

I just explained this to a colleague today.

NavyMooseCCNA

When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

jamesleecoleman

Sounds like a good thing to do NavyMoose CCNA. I was thinking about doing the same thing.

stryder144

If there is a local (ISC)2 chapter that you can visit it might be worth the time and effort. I was able to talk to a Denver chapter rep several years ago at a conference and she told me that my experience qualified me to sit the exam. I haven't pursued the certification yet due to other things being higher on my list, but I at least feel confident that my work experience shouldn't be a roadblock to successfully receiving the full certification.

TechGuru80

NavyMooseCCNA wrote: »

When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

If I recall correctly, they won't evaluate your resume unless you actually take the exam.

Honestly if you have done anything related to two or more domains you will be fine, just make sure to word your resume correctly. IT is closely related by hardening systems, account management, and many other duties. Also, if you have Security+ or a degree...you get 6 years to acquire the 4 needed (the waiver removes one year). I would not take the exam until around 2.5-3 years experience or more though because you don't benefit much in the short term by taking the exam early but at that experience level you shouldn't be hurt much by the study time.

For the comment on the ISC2 Chapter Rep...unless it is somebody paid by ISC2, I would take what they say with a grain of salt but most tech jobs that we all have should be applicable to the requirements.

stryder144

TechGuru80 wrote: »

If I recall correctly, they won't evaluate your resume unless you actually take the exam.

Honestly if you have done anything related to two or more domains you will be fine, just make sure to word your resume correctly. IT is closely related by hardening systems, account management, and many other duties. Also, if you have Security+ or a degree...you get 6 years to acquire the 4 needed (the waiver removes one year). I would not take the exam until around 2.5-3 years experience or more though because you don't benefit much in the short term by taking the exam early but at that experience level you shouldn't be hurt much by the study time.

For the comment on the ISC2 Chapter Rep...unless it is somebody paid by ISC2, I would take what they say with a grain of salt but most tech jobs that we all have should be applicable to the requirements.

The individual was an employee of (ISC)2 but you do make a valid point about due diligence. Always take the advice given with a grain of salt as one person, even a competent endorser, may get the process wrong. Getting someone to review your resume before you sit for the exam should only be used for peace of mind, honestly, as TechGuru80 is spot on with his advice. If you have the necessary experience and you word your resume correctly, you shouldn't have any issues getting through the system. Even if they audit your application you would be golden. If you know you don't have the experience, then don't try to get the full endorsement and just take your Associate status and build the necessary experience to fulfill the requirements. Too easy, in my opinion.

I think, given the rather busy schedule I have to the end of the year, that I will start my studying for CISSP after the New Year and aim for end of first quarter, beginning of second quarter testing.

Terminator X

NavyMooseCCNA wrote: »

When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

Not sure if you're in the Navy but anyone in the military can knock out one domain just by having to stand watch (Physical Security) which will count as a check in the box. If you recall they speak about physical security within the CBK. All you need to do is find something else in your experience that covers one of the other 7 domains.

E Double U

NavyMooseCCNA wrote: »

When I am ready to sit for my CISSP, I am going to send my resume to ISC2 and ask if they think I have enough experience or if I will need to go in as an Associate.

Or just post it here. You might find tougher critics on TE

beads

What was once stringently required for experience has long been replaced with a much more candidate friendly experience requirement. Shortly before dropping the physical paper exam it was openly agreed the experience requirement would likewise be relaxed.

The reason for this was to answer the increasing (perceived) demand for certified analysts. Wish I had saved the articles from that time but a number of interviews were given to primarily Federal computing publications outlining the new regimen. Old timers howled at the moon about it but eventually gave up.

We want bodies not well qualified bodies. Just the bodies, thanks.

Yes, please go ahead and report me to the ISC(2) again. LOL

- b/eads

ITSec14

I don't particularly agree with experience requirements to obtain a certification. One of our senior engineers at my last job was a 23yo who knew more than most. Experience is not and should not always be measured by years in the field.

SteveLavoie

ITSec14 wrote: »

I don't particularly agree with experience requirements to obtain a certification. One of our senior engineers at my last job was a 23yo who knew more than most. Experience is not and should not always be measured by years in the field.

Exception are not the rules... there are some very good 23yo and some 50yo smuck with 30 year of experience who shouldnt be allowed near a computer. However by asking an exam and verifiable experience, it mitigate the risk of a having 14yo CISSP, with 3 MCSE and all Comptia certs. This discredit the certification and dont help anybody. I would not have said this at 20yo, but knowledge is something important, but at 41yo, I can tell you that experience, networking(people) and knowledge make you a career (order of those criteria is not of importance).

NetworkNewb

ITSec14 wrote: »

Experience is not and should not always be measured by years in the field.

I wouldn't expect a certification body to go anymore in depth then what they do now. Are supposed try and judge the difficult of people's positions now?

Would be pretty ridiculous imo. Going by length of time doing specific tasks in the domains they chose isn't too bad. The cert isn't meant for new people in the field, no matter how smart someone thinks they are.

NavyMooseCCNA

E Double U wrote: »

Or just post it here. You might find tougher critics on TE

My resume does need a fresh set of experienced IT eyes to look at it. I'm not getting as many bites as I would expect. I think I'll be able to do that

E Double U

beads wrote: »

Yes, please go ahead and report me to the ISC(2) again. LOL

Done and done

cyberguypr

I've seen beads' ISC2 complaint file. Let's just say the wing that houses the room where they keep it is called the Beads Wing.

laurieH

I would look through the exam outline that (ISC)2 provides for the CISSP - its a good guide to compare your experience against to see how it matches up. You might surprise yourself as it's quite broad. If you've had a varied 5 years in IT you have probably had some security experience which will count. The exam outline is here: https://cert.isc2.org/cissp-exam-outline-form/ (although it's changing in Spring 201

mritorto2

what ares of IT is your experience in? If its networking they you should be ok.

You can always go for SSCP & Security + first.