Options
Newbie to CISSP: Question about applicant requirement &
Hello,
I am a newbie to CISSP. My 9 yrs IT experience has been in the field of Operations Management, Project Management, applications development & support.
I also have MS Comp Sc & MBA degrees, and PMI PMP, and ITIL Service Management Foundations certifications.
Although I do not have direct security experience but I do small security experiences while dealing with applications development and support.
Do you think I should study and try for CISSP certification? I am very enthusiastic for trying toward it and am confident that after studying for it thoroughly, I will have a good shot at it.
Pls let me know what you think?
Tx,
Rajesh
I am a newbie to CISSP. My 9 yrs IT experience has been in the field of Operations Management, Project Management, applications development & support.
I also have MS Comp Sc & MBA degrees, and PMI PMP, and ITIL Service Management Foundations certifications.
Although I do not have direct security experience but I do small security experiences while dealing with applications development and support.
Do you think I should study and try for CISSP certification? I am very enthusiastic for trying toward it and am confident that after studying for it thoroughly, I will have a good shot at it.
Pls let me know what you think?
Tx,
Rajesh
Comments
-
OptionsSlowhand Mod Posts: 5,161 ModDo you meet the requirements to be eligable to take the CISSP exam?
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
Optionsrbhatia6 Member Posts: 6 ■□□□□□□□□□I do not meet the professional requirements. So, I am planning to take the Associates exam.
-
Optionskeatron Member Posts: 1,213 ■■■■■■□□□□rbhatia6 wrote:Hello,
Do you think I should study and try for CISSP certification? I am very enthusiastic for trying toward it and am confident that after studying for it thoroughly, I will have a good shot at it.
Pls let me know what you think?
Tx,
Rajesh
I guess you should ask yourself why not. -
Optionsrbhatia6 Member Posts: 6 ■□□□□□□□□□That is exactly my question. Althogh I do wanna give it, I just want some feedack how ot can help me in my career.
Any advise will be greatly appreciated.
Tx,
Rajesh -
OptionsJDMurray Admin Posts: 13,035 AdminIn my opinion, having the Associate of the (ISC)2 certification will do nothing for your career unless you have information security-related experience too. If you are interested in an information security specialization, look at the CompTIA Security+ certification as an example of the type of subjects that you will be studying. Also consider studying for the (ISC)2 SSCP exam as preparation for one day sitting for the CISSP exam.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsTBLTZ Member Posts: 49 ■■□□□□□□□□Are these cissp requirments check by anyone? Or can you go and just take the exam?
-
OptionsJDMurray Admin Posts: 13,035 AdminTBLTZ wrote:Are these cissp requirments check by anyone? Or can you go and just take the exam?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsTBLTZ Member Posts: 49 ■■□□□□□□□□What types of security can you perform that makes you eligable to take the test?
If you are in charge of network security will that let you take the test? What about software security? -
OptionsSlowhand Mod Posts: 5,161 ModTBLTZ wrote:What types of security can you perform that makes you eligable to take the test?
If you are in charge of network security will that let you take the test? What about software security?
Again, take a look at the requirments for the CISSP on the (ISC)2 website, and see if your particular experience falls in any of the security domains in the Common Body of Knowledge. It's always a good idea to familiarize yourself with the site of the vendor you're planning on taking a cert with. In this case, read through as much information on the (ISC)2 website, so you'll get a better idea of what you need to pass the test.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
Optionskeatron Member Posts: 1,213 ■■■■■■□□□□JDMurray wrote:TBLTZ wrote:Are these cissp requirments check by anyone? Or can you go and just take the exam?
Exactly. So you'll waste the $500. You won't get the certification, and once you're caught fabricating your app, you will probably never be allowed to take it again. -
Optionssilentc1015 Member Posts: 128TBLTZ wrote:Are these cissp requirments check by anyone? Or can you go and just take the exam?
If you pass there's also a good chance of being audited. I wasn't audited, but it seems like a high number of people are. -
OptionsJDMurray Admin Posts: 13,035 Adminmilliamp wrote:I am a little surprised they list Security+ but not CEH).
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsTBLTZ Member Posts: 49 ■■□□□□□□□□milliamp wrote:Eligible professional experience listed here
And your job title and responsibilities do not have to _only_ involve security, it can also be consultant, engineer, administrator etc.
If your title is "Sr network architect" or something they are not going to come back and complain because it does not have security in the title.
It is basically any role that makes decisions involving security (rather than just acting on someone else's decisions).
Also, along with education, they will sub 1 year for holding one or more of these certifications. (I am a little surprised they list Security+ but not CEH).
I hope that helps.
I think this answered my question. I am an IT manager I do make decisions about security such as firewalls and security strategies. So I do make decisions about security. So this would allow me to take this certification. -
Optionsrbhatia6 Member Posts: 6 ■□□□□□□□□□A question: Over the 9 yrs of myu experience, I have implemented and made decisions on application security like LDAP authentication and database level security like views, etc.
Do these count toward the security requirements of CISSP?
Tx,
Rajesh -
Optionsrbhatia6 Member Posts: 6 ■□□□□□□□□□A question: Over the 9 yrs of myu experience, I have implemented and made decisions on application security like LDAP authentication and database level security like views, etc.
Do these count toward the security requirements of CISSP?
Tx,
Rajesh -
Optionsrbhatia6 Member Posts: 6 ■□□□□□□□□□A question: Over the 9 yrs of myu experience, I have implemented and made decisions on application security like LDAP authentication and database level security like views, etc.
Do these count toward the security requirements of CISSP?
Tx,
Rajesh -
OptionsJDMurray Admin Posts: 13,035 Adminrbhatia6, duplicate postings are not necessary or useful.
I would suggest that you'd be best to email service@isc2.org when needing detailed questions such as these answered.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsWebmaster Admin Posts: 10,292 AdminJDMurray wrote:I would suggest that you'd be best to email service@isc2.org when needing detailed questions such as these answered.
The thing with the CISSP is that if you have the required experience, you'll likely know you do. If you doubt your experience really is entirely as a full time security professional, then it's probably not.rbhatia6 wrote:Over the 9 yrs of myu experience, I have implemented and made decisions on application security like LDAP authentication and database level security like views, etc.
When you find yourself trying to meet the requirement by adding up all sorts of security related 'tasks' you did during your career, you pretty much know you don't meet the requirements.
At that point, you could consider the SSCP, or the Associate exam, but the best thing to do imo is to get that full-time job as a security professional (which certainly isn't impossible 'before' you are a CISSP). At the time your close enough to the required experience, the fact you are currently working as security professional will make the odds of getting certain security experience from the past accepted as relevant experience much better.
Last but not least, the CISSP is not meant for those who want to 'get into security' but for those who already are (or have been) and want to advance. -
OptionsJDMurray Admin Posts: 13,035 AdminWebmaster wrote:Is that a new email address specifically for the purpose of getting detailed questions answered? Because when I had contact with ISC2 about year ago, they where very helpful, but getting you experience reviewed 'before' you take the exam is not an option.
Contact (ISC)2 Page
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsWebmaster Admin Posts: 10,292 AdminI'm pretty sure they'll only answer basic question, basically what you can find online already. Unless perhaps when the experience is obviously relevant. I think this has to do with not giving any hopes nor promises in case the candidate gets reviewed. ("I called up front and they told me it did apply as relevant experience!")
Also considering the Sticky just posted by Keatron (about the CISSP requirement changes), I think the best way to figure out whether your experience applies is to ask that CISSP in good standing you now need to know anyway. -
Optionskeatron Member Posts: 1,213 ■■■■■■□□□□Webmaster wrote:I'm pretty sure they'll only answer basic question, basically what you can find online already. Unless perhaps when the experience is obviously relevant. I think this has to do with not giving any hopes nor promises in case the candidate gets reviewed. ("I called up front and they told me it did apply as relevant experience!")
Also considering the Sticky just posted by Keatron (about the CISSP requirement changes), I think the best way to figure out whether your experience applies is to ask that CISSP in good standing you now need to know anyway.
To be quiet honest, if you read the requirements posted on the ISC2 web site, and you have to ask yourself"am I qualified", then the first action should be to ask them directly. And Johan has an even better solution, ask the CISSP (which now is your only option for endorsement), who's going to be endorsing you. Also as an aside, it'll probably be harder now to get a CISSP to endorse you if they're not sure of your experience. Because there will soon be an announcement to all existing CISSP's warning that if you endorse a candidate and they fail the audit, then you will most likely lose your certification as well. This will help with the inevitable trickle of people beginning to offerring to pay existing CISSP's for endorsements. I've already been approached several times by people who I don't know from Opie. It might sound harsh, but the code of ethics are quiet clear. Also, it should be pointed out that your endorsement has to come from a CISSP "in good standing".
Him/Her: "I know you're a CISSP, since I took your CISSP class, will you endorse me"
Me, in the voice of Bill Lumbergh from office space: "Ahhhh yeahh, I'm going to go ahead and ask you to ask another CISSP, someone who actually knows you and can vouch for all that security experience you have on your resume. If you could go ahead and do that for me that'd be great.....yeahh."
A few things have been key in leading to this.
1. People have been failing the audits at an alarming rate over the last 2 years.
2. People who are obviously not qualified have been trying to push through on "security experience" that's in nice terms "questionable". Imagine an office knowledge worker trying to sit the CISSP to move from office manager role to a role in the IT security department (because all of us here know that IT is where the money is right???), so they apply for the CISSP citing their security experience as "making sure people have their name badges on when they come into the office" and "making sure all of our word documents are password protected".
3. The buddy system. "Hey we're buds, I'm a CISSP, you wanna be one too? I know you don't have any security experience, but I'll endorse you dude. Yeah. Cause we're buds" (in the voice of Napoleon Dynamite).
4. Clueless HR people (most are not, but some are). I think I've already mentioned in previous posts where HR posts job ads for a position like help desk technician and have CISSP listed as a requirement. Just because they heard from someone they know in IT that CISSP is the best "computer" certification to have.
I know it seems a little extreme and might be even a little unfair to the people just approaching their 4 year date, but I seriously believe it is a sincere move by ISC2 to maintain the integrity of the CISSP.
Keatron. -
Optionsdrakhan2002 Member Posts: 111keatron wrote:(because all of us here know that IT is where the money is right???)
I almost laughed out loud when I read that! Good one.It's not the moments of pleasure, it's the hours of pursuit... -
OptionsWebmaster Admin Posts: 10,292 Adminkeatron wrote:I know it seems a little extreme and might be even a little unfair to the people just approaching their 4 year date...
www.techexams.net/forums/viewtopic.php?p=144438#144438