Options
Am i underselling myself with Security+ certification and not CISSP? Please read
I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
Comments
-
Optionstedjames Member Posts: 1,179 ■■■■■■■■□□Many people (myself included) see Security+ as a stepping stone and not a final destination. A lot of Security+ material is covered in CISSP. Consider continuing your Security+ studies and then go right into CISSP when you pass. Getting that first certification will give you the confidence and the practice you need to pursue something higher. Also, look at the CISSP requirements. If you don't have the necessary experience, you could still take and pass CISSP, but you would not be awarded the certification until you have gained the appropriate level of experience.
-
OptionsRinzler Member Posts: 34 ■■■□□□□□□□I agree with tedjames. Think of it as 'Security+ CE' as making the cake then 'CISSP' as masterfully putting the icing on the cake. Good luck...
-
Optionsrs23 Member Posts: 27 ■■■□□□□□□□Just curious, how easy is to recertify through CPE for both?
-
OptionsTekn0logy Member Posts: 113 ■■■■□□□□□□I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. What do you guys think?
I think you should stick to your plan. Get your feet wet with Security+ and then move up QUICKLY. Don't rest on your laurels between certs so you don't get brain-drain. I would also get an industry specific cert as well. -
OptionsNetworkNewb Member Posts: 3,298 ■■■■■■■■■□I think you should stick to your plan. Get your feet wet with Security+ and then move up QUICKLY. Don't rest on your laurels between certs so you don't get brain-drain. I would also get an industry specific cert as well.
Seems like a waste of $300 for the exam + cost of book/materials + time taking the test, just for something that will borderline useless for you in short period of time.
Then there is the chance you might want to take a break after it. Just my thought though... if you want something go right for it. -
OptionsSteveLavoie Member Posts: 1,133 ■■■■■■■■■□I did SSCP from ISC2 as an alternative to Security+ on my way to CISSP. The exam difficulty is quite similar to Sec+. Also, when you will be CISSP, most CPE acquired can be used to keep your SSCP active.
-
Optionsmattster79 Member Posts: 135 ■■□□□□□□□□Bite the bullet and go for the CISSP. It’ll be hard work but it’s worth the effort.CISSP
CISM -
OptionsLonerVamp Member Posts: 518 ■■■■■■■■□□Just curious, how easy is to recertify through CPE for both?
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
OptionsThePawofRizzo Member Posts: 389 ■■■■□□□□□□If you've already been studying go for Sec+. Just another feather. It is foundational security, but it is well known. Then do CISSP. The SSCP is similar - a bit harder I thought - than Sec+, but the material you learn for SSCP is closer to the basics for CISSP, in my opinion. So, if you don't consider Sec+, but want to earn a cert sooner, yet still be on track studying for CISSP, then consider SSCP.
-
OptionsPC509 Member Posts: 804 ■■■■■■□□□□I'd disagree with others. I'd go straight for the CISSP. With the CCNA & CEH behind you and your education, you have a good background with the networking and security foundations. With the employment experience, you've got a good head start on the CISSP. I wouldn't waste time on the Sec+, which will be a lot of review of what you already know, stress of an exam that may not be that big of a deal employment wise, and costs a few hundred bucks. I'd just dedicate time to the CISSP and go for that. Especially with a family, you don't want to spread yourself too thin going for the Sec+ and then really spending a lot more time and effort into the CISSP.
Sec+ is a great foundation certification. I hold it pretty high. However, with your background, I feel it'd most likely be a review and a cert just to have a cert. Not getting the Sec+ won't hold you back any when getting the CISSP. You've got the foundation already. -
OptionsLonerVamp Member Posts: 518 ■■■■■■■■□□I agree with the previous poster. With your experience, honestly, the Sec+ isn't going to add anything. It won't get you noticed nor will it contribute to a specific new job unless you already have something lined up or in mind that requires it.
That said, studying for the Sec+ is quite similar to studying for the CISSP, so other than some money and time, you're not necessarily out a whole lot. But CISSP should be your next focus. That one will get you noticed and contacted and called up.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Optionschapter Member Posts: 14 ■■□□□□□□□□Just study CISSP for 2 months. You have experience plus CCNA & CEH - you will be fine.
-
Optionsrs23 Member Posts: 27 ■■■□□□□□□□Thank you everyone. All of you have given me valuable input. I appreciate your time!
-
Optionsscasc Member Posts: 461 ■■■■■■■□□□Agree with the ones who are saying go straight for CISSP. Don’t waste time and bite the bullet. You will pass this it’s not impossible. If you want to go down cloud route I’m inclined to say forget about CCSP etc and go straight for Azure or AWS. I’ve seen people with CCSP who can’t advise on AWS controls as they don’t get it.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
Optionsrs23 Member Posts: 27 ■■■□□□□□□□I have never worked on AWS. So would you suggest AWS Solutions architect associate? I believe that is the starting point.Agree with the ones who are saying go straight for CISSP. Don’t waste time and bite the bullet. You will pass this it’s not impossible. If you want to go down cloud route I’m inclined to say forget about CCSP etc and go straight for Azure or AWS. I’ve seen people with CCSP who can’t advise on AWS controls as they don’t get it.
-
Optionsscasc Member Posts: 461 ■■■■■■■□□□100%. Provided an excellent foundation. Also get the free aws security fundamentals course - 4 hours long, that’s really good.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
OptionsClm Member Posts: 444 ■■■■□□□□□□With 10 years experience I would definitely go for the CISSP. Especially if you are doing this for career growth. and then you can move onto CCSP or CCSK.I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
OptionslaurieH Member Posts: 109 ■■■□□□□□□□Depends a bit on what you want to do. But seeing as you already seem to have lots of experience and are already in a management position I would think you should just get the CISSP - the Sec+ is a waste of time in my opinion. Fine if you want to be more hands on or don't have much experience but it's not really suited to your situation.
-
OptionsGoteki54 Member Posts: 79 ■■■□□□□□□□rs23 said:I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.CompTIA A+, Network+, Security +., SSCP -
OptionsLonerVamp Member Posts: 518 ■■■■■■■■□□I want to join in, too! With your experience and goals, I would say skip the Sec+. It's not going to open any door for you that your experience doesn't already open. Even if you get it, it's a step, while the CISSP is going to still be your goal to achieve in the next calendar year or however long it'll take you. Normally I suggest students and those new to security or IT take Sec+ first. But for your experience, it wouldn't really add anything unless you feel like you'll learn from it.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Optionsrs23 Member Posts: 27 ■■■□□□□□□□Goteki54 said:rs23 said:I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP. -
OptionsGoteki54 Member Posts: 79 ■■■□□□□□□□rs23 said:Goteki54 said:rs23 said:I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.
I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold. My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
CompTIA A+, Network+, Security +., SSCP -
Optionsrs23 Member Posts: 27 ■■■□□□□□□□Goteki54 said:rs23 said:Goteki54 said:rs23 said:I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.
I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold. My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal. -
OptionsGoteki54 Member Posts: 79 ■■■□□□□□□□rs23 said:Goteki54 said:rs23 said:Goteki54 said:rs23 said:I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.
I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold. My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
Ok, got it. Well if you feel you have the 5 years, then I would say get the Security+ as you planned, then go for the CISSP then and AWS SA. That path makes sense. Just curious, since you want to go into cloud security, what do you think of ISC(2) Certified Cloud Security Professional?CompTIA A+, Network+, Security +., SSCP -
Optionsrs23 Member Posts: 27 ■■■□□□□□□□Goteki54 said:rs23 said:Goteki54 said:rs23 said:Goteki54 said:rs23 said:I have 10 years Federal consulting experience and have a MS in Computer and Network security from 2008. I let my CCNA and CEH expire a few years ago as i shifted to middle management. I serve as a technology lead for our corporate teams advising on solution mainly in Office 365/Cloud migrations and have worked previous in NOC/SOC and ISO 27001 audits.
I started my Security+ certification prep but a lot of my friends/peers feel i am aiming too low and should do CISSP and CCSP or CCSK since my end goal is to do cloud security. At 40 with 3 kids/wife i dont have too much time to waste and need to get a couple of certs under my belt for better opportunities. What do you guys think?
Thank you
I would probably take a different approach. If I had the a CCNA and CEH cert but let them expired but wanted to get back into security, I would probably consider setting a 3 month time frame to knock out Security+ to get it out of the way, but instead of going for CISSP next, I would probably go for the CCNA Security Cert next pass that and then go for CISSP. The Sec+ and the CCNA Security would be a nice one two punch on your resume to get back into the security area while you work on toping it off with CISSP.
Here's my logic Let's say that you pass the Sec+ and then pass the CISSP exam, So now you have one certification, your Security+ and a designation from ISC(2), Associate of ISC(2) CISSP, which means you pass the exam but doesn't have the experience to get the cert. So lets say that the security domain related roles you need to get from other job roles in order to fulfill your experience requirement require you to have more then a Security + Certification, then what will you do? In other words, instead of the "ready, aim fire" approach, it's now fire,aim, ready.
I could be wrong about this, but I believe if you pass the CISSP and get the Associate badge, it's good for the same amount of time as the CISSP. If that's true, then you will have to pay the full exam price the first time of $699 just to get the associate badge and then again 3 years renewal later just to get the "associate badge again".if you haven't met the experience threshold. My thinking is that if I'm going to spend that kind of money on an exam, (A) I'm going to expect the full cert upon passing, which means I will have had all the work experience to get it or (B) I will be darn close to meeting the work experience to get to convert from Associate to full CISSP before renewal.
Ok, got it. Well if you feel you have the 5 years, then I would say get the Security+ as you planned, then go for the CISSP then and AWS SA. That path makes sense. Just curious, since you want to go into cloud security, what do you think of ISC(2) Certified Cloud Security Professional? -
OptionsTechGromit Member Posts: 2,156 ■■■■■■■■■□A current CISSP is a must if you want to do federal consulting. I met a guy at a security conference that knew the guys who developed the OSCP, and thought certifications were a waste, but he still had a CISSP, because expert hacker or not, many federal agencies require that check box if you want to do security work for them.
Still searching for the corner in a round room. -
OptionsMickyDee Member Posts: 32 ■■■□□□□□□□
If someone were so inclined, couldn't they also do the CISA/CISM for meeting the cert requirement for federal consulting instead of the CISSP? I'm just going by the DOD 8570 chart, so just wondering if you knew.
-
OptionsTechGromit Member Posts: 2,156 ■■■■■■■■■□I think the chart is pretty self explanatory, a CISA only gets you Information Assurance Technical (IAT) Level III, CISM Information Assurance Management (IAM) to Level II, the CISSP is a valid cert for the Information Assurance architecture and engineering areas (IASAE) Level II and everything below that. I guess it would depend on what exactly your consulting for what level they would require. In short the CISSP gives you the most bang for the buck.
Still searching for the corner in a round room.