Compare MCSE vs. CISSP
antknee869
Member Posts: 3 ■□□□□□□□□□
in SSCP
Hi. For the people who have taken both certs. Please compare the quality of the test and questions. I don't want to bash the MCSE but I feel it is pretty useless for learning any worthwhile. I am wondering if the CISSP is different or is it just a cert to get you in the door?
Thanks
Thanks
Comments
the first question is what do you want to do? information security or systems administration?
How can you feel that way if you haven't already gone down that road? You never know what you might learn along the way.
As jsketch pointed out they are completely different. It's like asking which tastes better, an apple or orange.
The CISSP certification has requirements besides just passing the 250 questions. You can pass the exam and still not get your CISSP certification. You need an ISC2 sponsor and 5 years of documentable InfoSec work experience too.
Also as you'll see pointed out security is realistically best approached after you have a good understanding of networking/administration, you need to know the lay of the land before you can even think about Policing it. I'm not saying you need the MCSE or any Cert in particular, but at least have a depth of knowledge equivalent in the levels of detail, you need to know where those tiny cracks are.
and FYI, anything you attain in IT weather it be a piece of paper or experience, is not "useless" as stated previously; ESPECIALLY the MCSE or CISSP!
I dont need to be an MCSE or CISSP (yet
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
I feel that the questions/answers are not very useful in a real world context. I also have a CCNA and I felt those tests contained information that was very practical and readily applicable to real world scenarios.
Having said that... for anyone who has taken the CISSP.... how relevant and useful so you feel the information is in real world scenarios?
okay that changes my opinion then. I agree that most exams dont have much "real-world" context in them. So if there is any confusion, my bad.
I was basing my opinion on how useful the actual credential was, not the exam content. there are a few CISSP's on here that could answer your question for you.
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
It is not nearly as technical as many of the other certification exams. The test itself is great to get you thinking like a Manager or Consultant as opposed to a Technician, and is really what the exam is tailored towards.
The preparation for the exam is very helpful since it covers such a wide range of topics. It doesn't get far into the technical side of these topics, but is great for a very broad security understanding. I learned a lot about things I wasn't famliar with such as specifics regarding various encryption algorithms, physical security topics, and Business Continuity Planning/Disaster Recovery Planning.
For example, every study resource I used stated that you should be famliar with WEP/WPA and the differences between them. There is nothing on the technical level about cracking wireless encryption however. It is one thing to know that WEP has substantial security flaws, but it is another to crack it yourself in a short period of time to see the flaws. Another example is that it mentions what a buffer overflow is and how to protect against them, but you aren't going to be looking through source code for flaws in the script that would allow such an attack to take place.
If you want a broad view of the different aspects of information security this is something you will get with the CISSP. No matter how long you have been involved in IT it is likely you don't have a high degree of understanding in all 10 of the Domains, so if you are a Master of 3 of the 10 then it would be good to have a basic understanding of the other 7. This exam will do that for you.
I can't compare it to the MCSE as I haven't gone down the MS track yet, but in my case I found preparing for the CISSP exam to be a worthwhile experience. Now I just need to get more "Direct Full Time Information Security Experience" so that I can hold the certification.
It doesn't change my opinion, and while many test "questions" may not always reflect real world situations, the process of studying and practicing to know the material as opposed to just knowing the answers to test questions is very useful and helpful.
However, I see that you are specifically asking about the exam questions and answers, not the material or certification as a whole. In that case I see little difference in any of the various vendors I have tested with - MS, Cisco, CompTIA, National Electrical Code, or college calculus. The tests are a means to an end - certification, electrical journeyman license or college diploma. Unless the certification process includes task oriented testing results, similar to the CCIE or RHCE then I don't think you'll ever really find an exam that matches anything close to "real world".
Why the concern? If you understand the "real world" technology, why worry about the exam itself? Or being certified for that matter? You don't need either to be great at what you want to do.
sprkymrk, I see what you mean. I think I used the word "opinion" incorrectly. I think "thoughts on your statement" would suit my statement better. My opinion follows the same philosophy as yours in regards to exams. I guess thats what I was trying to say the first time. I fully agree with your first paragraph. You need to learn the material and have the upmost knowledge of the technology. Perhaps I was a bit too vague in my first response. Im having a hard time expressing here...
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
We're all entitled to our own opinions, and by posting them here we are in essence opening a dialogue to discuss the merits and follies of each.
Well sometimes I speak before I think, and express my opinion incorrectly. So it needs a little "modification" every now and then. And I never figured you to be disrespecting anyone, its all good.
WHEW!!! okay, sorry for letting this one get off track!
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
you'll always gain knowledge in some aspect of what your studying for the certification...that there makes it worth it in my mind. Even though I haven't passed my CCNA yet being the youngest guy in my team at work and having a lot of them come to me as escalation of more difficult issues it make it feel even more worth while to put the effort in to learn more.
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
The CISSP was by far the most difficult single exam I've taken although I think that will be beaten by the CCIE R&S Written that I'm sitting in a couple of days. However the CISSP was a single exam, MCSE constitutes half a dozen separate exams.
I found overall that I spent more time studying for MCSE than I did for either CISSP or CCNP. CISSP gives you an excellent high level overview of the whole security arena. But on it's own it does not teach how to secure a router, firewall switch or server.
Microsoft will always recommend a Microsoft solution, Cisco will always recommend a Cisco solution, CISSP helps a bit with perspective.
I recently deployed a wireless group policy to configure multiple laptops to connect to Cisco Access Points and authenticate using certificate authentication via radius. CISSP talks about different wireless security solutions and their relevant strengths, MCSE taught me the group policy deployment stuff and the rest came from Cisco.
You will always gain more knowledge from the studying of most certs. some emplooyers love them some don't but if nothing else it proves you have sufficient interest in an area to spend your own time doing it.
thats my 2 cents
Steve
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Keeping the exam vendor neutral and adding any type of specifics seems like an impossible task to me. To add multiple large vendors would certainly take the test far beyond its designated scope and drastically increase the difficulty. This would cause those who took it earlier to have a much more wortwhile certification for less effort.
I like the idea for the 11th domain focused on the corporate politics. The only reason they may shy away from this one is because a lot of smaller companies (especially private ones) don't have a CSO (or even more than a 1 man security department). They do cover the role of the CSO and other Security positions within a corporate environment in one of the other domains (can't remember which one since they had different names in my various books due to the name changes). Perhaps expanding this domain to include more depth could worK?
From my perspective most of questions in the CISSP where from situations you can face or things you need to know if you work in the security field.
"If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
https://www.isc2.org/cgi-bin/content.cgi?category=1330
You can waive one year with the MCSE: https://www.isc2.org/cgi-bin/content.cgi?page=1016
Concerning the CISSP it's really the same principle. If all you do is trouble shoot router issues and connectivity issues all day, then the level of applicability of the CISSP knowledge won't be as high as a person such as myself who does some form of security consulting on a daily basis. That's just life. The truth be told, most people would gain some benefit from having CISSP knowledge, whether they work in security or not. I guess the best way for you to figure that out is pick up a book and start reading!!!! Good luck. And let us know what you decide on.
Keatron.
That would be very hard to do, and that's why there are vendor specific security certifications and training for vendor specific implementations. And even when you look at Cisco security stuff (for example the CCSP which I just finished), they still touch slightly on concept before you actually start learning how to configure equipment. Also if you look at the CISSP specialization for management (ISSMP), it really adds that 11th domain type focus you're referring too, but in an in depth way. It will be interesting to see what develops though. BTW I've pretty much convinced myself that this year will be the year I start working on writing something. I haven't decided if it's going to be a very specific security area (like penetration testing or forensics), or something more general (like the 11th Domain you referred too). Hmmm.