CISSP Motivation

RobbyRobRobbyRob Registered Users Posts: 4 ■□□□□□□□□□
Hey everyone! Been lurking for a few years, but really never had a reason to post. I have been in Information Security Assurance for 10+ years and Network Security for the past 4-5 years. My current company is "recommending" that I obtain the CISSP. However, going through the first few videos from the official material, I just can't seem to find the motivation. Being that I work in the trenches every day and the CISSP is just management type stuff, I find it boring. How do other do other technical focused guys find ways to keep this stuff interesting?

Comments

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Simple....keep your eyes on the prize. If you work in IA that’s means you are government, thus CISSP + Security+ maxes out IAT 1-3, and IAM 1-3, plus some of the other categories are almost maxed out. That lets you be able to get more positions, more money, and if you decide to leave government you will be more desirable.

    If you have that much experience, the technical information won’t take long if you have to review, and a lot of policies and best practices you see everyday are based on the CBK...guaranteed...so even that won’t be too difficult. Look at Cybrary and CBT Nuggets...tbh the books are all pretty dry.

    If you don’t really want to get high up or into Management you don’t have to get the CISSP...but honestly it’s one of the things you really should do no matter what in InfoSec.
  • RobbyRobRobbyRob Registered Users Posts: 4 ■□□□□□□□□□
    Hi TechGuru, thanks for the advice. I will look into the 2 more interesting video sources. I am not government anymore, but I am in a position where I never know who I will be consulting next. I looked at a couple of practice tests and they seem straightforward. I just need to figure out how much of the material is "memorization" from the study material. If it's just high-level stuff I think a few weeks of studying and refresh may work. I never really wanted to take the exam so I never looked at the material until I bought the Sybex book on Amazon.
  • mattster79mattster79 Member Posts: 135 ■■□□□□□□□□
    For me the motivation was to develop and progress my career. My company wanted me to get certified and they paid every cent of the cost. But as my manager said, getting certified isn’t just important for my current position but it’s also important for any position I go for outside of my current company.

    Being a CISSP makes you more valuable to your employer for a whole host of reasons (we’ll it has for me anyway).
    CISSP
    CISM
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    If you have a lot of background experience, avoid Shon Harris books, I would recommend Eric Conrad's books. Start with his big book then the "11th hour book". They are straight to the point in covering material, no filler story like in Shon Harris. Then do a few practice exam to get a feel of the question and spot your weakest area.

    You should be ok.
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    RobbyRob wrote: »
    Being that I work in the trenches every day and the CISSP is just management type stuff, I find it boring. How do other do other technical focused guys find ways to keep this stuff interesting?

    I was motivated by knowing that someday I would want to move out of the trenches. It was a difficult mindset switch going from 5 consecutive technical Cisco exams to an (ISC)2 offering, but it helped me see the bigger picture instead of just focusing on the technologies that I had so much fun with.

    I never found a way to make the material more interesting, but was able to connect the dots when making the material relate to my job so it helped with actually understanding what I was studying. Also helped with making sense of management's decisions.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    Same sentiments here with mattster79.

    In my case, I've been into the information security field for a little over 3 years (as I came from an audit background) and getting certifications made me realize that I've only seen the tip of the iceberg. While it cannot replace actual experience, certifications are a nice way to expand your knowledge. :)
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    E Double U wrote: »
    I never found a way to make the material more interesting, but was able to connect the dots when making the material relate to my job so it helped with actually understanding what I was studying. Also helped with making sense of management's decisions.

    So true!
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    There's always buckling down and getting it over with once and for all. If your doing consulting and have the years it probably time "to do the paper" and just finish it. Should be less hassle than simply putting it off and thinking about it off and on. Though I have huge respect for those who have "gone paperless" and suffered no consequence.

    Now, I suffer the constant hamster wheel of CEUs/recerts instead of exam anxiety. icon_lol.gif

    - b/eads
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    beads wrote: »

    Now, I suffer the constant hamster wheel of CEUs/recerts instead of exam anxiety. icon_lol.gif

    - b/eads

    Before taking this journey to SSCP and CISSP, I was wondering if I would be able to maintain after. I took my SSCP in fev 2017, and since I am over 50 CPE out of 20 required/year and I am sure I skipped some. It is not a problem to maintain if you like IT and IT Security.
  • RobbyRobRobbyRob Registered Users Posts: 4 ■□□□□□□□□□
    Thanks for the advice everyone! I think I will just have to get in the "get it over with" mindset. I'm more of a technical focused person that just needs to really understand the big picture to deploy my company's products more effectively. As a senior level engineer, I don't have much interest in moving into management anytime soon. I also hate doing the certifications. But, I guess for overall security design this certification will provide proof that I know what I am doing to customers.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    RobbyRob wrote: »
    Thanks for the advice everyone! I think I will just have to get in the "get it over with" mindset. I'm more of a technical focused person that just needs to really understand the big picture to deploy my company's products more effectively. As a senior level engineer, I don't have much interest in moving into management anytime soon. I also hate doing the certifications. But, I guess for overall security design this certification will provide proof that I know what I am doing to customers.

    Also, remember that management stuff don't change every 2-3 years like technical stuff :) and look at the CPE guideline to know how you will maintain your certs. It could be a good opportunity to ask for training/conference, it would give you many CPE in a few days. Make sure you understand the difference between Type A CPE and Type B CPE while you are making your maintenance plan.
  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    RobbyRob wrote: »
    How do other do other technical focused guys find ways to keep this stuff interesting?

    Is this a trick question?
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    ITHokie wrote: »
    Is this a trick question?
    I see this as looking through the darks side :)
  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    I see this as looking through the darks side :)

    Haha, well said. One would be tempted to think it's fun to look through the dark side. A perusal of Shon Harris' book or the CBK would quickly disabuse one of that notion.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    beads wrote: »
    . Though I have huge respect for those who have "gone paperless" and suffered no consequence.
    - b/eads
    A friend of mine has this philosophy and doesn't have a single cert and is never lacking for work.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • mattster79mattster79 Member Posts: 135 ■■□□□□□□□□
    ITHokie wrote: »
    A perusal of Shon Harris' book or the CBK would quickly disabuse one of that notion.

    Very true 😁😁👍
    CISSP
    CISM
  • ANGUANGU Registered Users Posts: 1 ■□□□□□□□□□
    I book the exam for next week 10/23...I pray that I pass it this time.
    I have failed it in 4 different attempt and I scored 684 in my last attempt...it was very painful.
    I have several other certifications but CISSP as they say, "is the Gold standard" for InfoSec,
    HR of Fortune 500 company and multi-billion dollar companies go crazy over it.
    Look at the bigger picture of the doors that it might open for you if you have it.
    The certification is so popular that most Executives know about it and you'll earn a lot of respect if I you have it.
    More so, the pay is good, if you are currently earning below 6 digits, CISSP can bump you way up very quickly beyond your expectation.
    I hope I have motivated you.
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    OP - You can tackle the exam material through a different variety of ways: CBT, CISSP bootcamps, and reading several study guides. Listening to audio books and utilizing flashcards helps too! Ultimately the motivation for me to get the certification was career advancement (biggest driver). I've been with the same company a little bit over 5 years.


    I am actually in the same boat as you are in, I am in trenches for my current position (consulting) in a MSP environment and was dedicating every evening, weekends, holidays studying for this exam. It eventually paid off. That being said, it almost took me a full year to study with the work that I've been doing - I hope this gives you inspiration to book and pass the exam. Good luck on your CISSP journey!
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    DZA_ wrote: »
    OP - You can tackle the exam material through a different variety of ways: CBT, CISSP bootcamps, and reading several study guides. Listening to audio books and utilizing flashcards helps too! Ultimately the motivation for me to get the certification was career advancement (biggest driver). I've been with the same company a little bit over 5 years.


    I am actually in the same boat as you are in, I am in trenches for my current position (consulting) in a MSP environment and was dedicating every evening, weekends, holidays studying for this exam. It eventually paid off. That being said, it almost took me a full year to study with the work that I've been doing - I hope this gives you inspiration to book and pass the exam. Good luck on your CISSP journey!

    I work in the same kind of environment, you said it paid off. In which way it paid off?
  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    ANGU wrote: »
    I have several other certifications but CISSP as they say, "is the Gold standard" for InfoSec,
    HR of Fortune 500 company and multi-billion dollar companies go crazy over it.
    Look at the bigger picture of the doors that it might open for you if you have it.
    The certification is so popular that most Executives know about it and you'll earn a lot of respect if I you have it.
    More so, the pay is good, if you are currently earning below 6 digits, CISSP can bump you way up very quickly beyond your expectation.

    I'm not sure I'd go that far, but there is a lot of truth in this statement. It's a sad commentary on the corporate mindset toward hiring for infosec roles.
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    I work in the same kind of environment, you said it paid off. In which way it paid off?

    It definitely gives me the opportunity to find new jobs in the security industry as many of the Canadian companies are requesting for a minimum CISSP certification. I have worked at the company for 5 years so the growth is stagnant. If I progressed any further in the organization, I would not have seen much value for the time dedicated vs the results. The number of job requests after you get your CISSP will be overwhelming. This is my experience.
  • laurieHlaurieH Member Posts: 109 ■■■□□□□□□□
    For me it depends on what the reason is that you are certifying. If you don't have to and dont want to then I dont see why you should. If you need to then for me it was making sure that I was focusing on passing - yes some of the material is dull but if you want to pass you just have to knuckle down and do it. On the other hand because it's so broad there may be some things that you learn which are actually useful!
    CCNA - expired
    CISSP - live n' kickin'
    My CISSP study apps
    My CISSP study advice blog
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    DZA_ wrote: »
    It definitely gives me the opportunity to find new jobs in the security industry as many of the Canadian companies are requesting for a minimum CISSP certification. I have worked at the company for 5 years so the growth is stagnant. If I progressed any further in the organization, I would not have seen much value for the time dedicated vs the results. The number of job requests after you get your CISSP will be overwhelming. This is my experience.

    Where are you in Canada?
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    I'm in downtown Toronto - a few of my other colleagues who obtained their CISSPs managed to find work with large private and public organizations. The job opportunity was their biggest motivation as well.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    DZA_ wrote: »
    I'm in downtown Toronto - a few of my other colleagues who obtained their CISSPs managed to find work with large private and public organizations. The job opportunity was their biggest motivation as well.

    Thanks you, I was only curious :)
  • gkcagkca Member Posts: 243 ■■■□□□□□□□
    DZA_ wrote: »
    I'm in downtown Toronto - a few of my other colleagues who obtained their CISSPs managed to find work with large private and public organizations.
    I'm just curious what kind of experience and technical / infosec background did they have prior to obtaining the CISSP and their new positions?
    "I needed a password with eight characters so I picked Snow White and the Seven Dwarves." (c) Nick Helm
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    Both of them had over 5 years of experience working in system administration and network security. One of them had their CCNP security.
Sign In or Register to comment.