CISSP or not?

redmondredmond Member Posts: 18 ■□□□□□□□□□
I am a CISA and a CISM. Does it makes sense to write CISSP exam?

I do both Security Management(40%) and hands-on (60%).

A few of the job postings ask either for a CISM or CISSP. That makes me think a lot of companies think CISSP and CISM to be the same when it comes to see if the person is certified with a credible security certification.

what do you guys think? should i invest time/money on CISSP?

Comments

  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Depends - if you are actively looking, it wouldn't hurt, simply because the CISSP has more name-recognition than CISM. But if you are comfortable where you are, I would think twice before it.

    I thought the CISSP was roughly as difficult as the CISA exam in terms of question difficulty and trickery. (And I haven't sat the CISM, I am still on the fence for it, I don't know how much it will benefit me since I already have the CISSP.)
    Working on: staying alive and staying employed
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    The CISSP/CISA/CISM is really the "hat trick" of Information Security. If you are publishing books and articles and looking for consulting opportunities or speaking engagements, having all three on your CV looks very impressive.

    The potential revenue you get out of having all three certs will more than offset the initial and annual costs of the CISSP. Also, colemic is correct in that the CISSP has more recognition than either the CISA or CISM. Having the CISSP will certainly give you an edge over your non-CISSP-certified CCIE rivals. I really can't see a reason not to get the CISSP to complement your other certs.
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    ...then maybe I will look at CISM in December. Not looking forward to it, though.
    Working on: staying alive and staying employed
  • redmondredmond Member Posts: 18 ■□□□□□□□□□
    Great Replies.

    colemic.. CISA was very tricky and CISM is similar to CISA.

    I like JDMurray's Hat Trick analogy. It makes sense. A lot of CISSP concepts are already covered in CISA/CISM. The next question is to take the exam now or after the new changes?

    I happened to have Eric Conrad's CISSP study guide and shon Harris's videos (both from work). Wil that be sufficient? or is there anything that will complement with these two i should use?
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    redmond wrote: »
    I happened to have Eric Conrad's CISSP study guide and shon Harris's videos (both from work). Wil that be sufficient? or is there anything that will complement with these two i should use?
    Knowing what study resources to use begins with what you already know about the CISSP domains. With the CISA/CISM under your belt, along with your CCIE and InfoSec work experience, you are already at an advantage far beyond most CISSP candidates.

    In addition to what materials you have, I would suggest looking at Harris' AIO5 book and the (ISC)2's CISSP Official Study Guide. You need to identify the CISSP CBK domain topics with which you are the least familiar and get to know that material better. For example, you might find that application security, operations security, and physical security are your weakest areas and you need to spend more time on them than you do risk management, BGP, DRP, and crypto. I would say your CCIE has you well-covered for the networking/telecom domain. :D
  • badrottiebadrottie Member Posts: 116
    You likely have all the necessary knowledge, and only have to learn a few of the CISSP domains that are not covered by the CISA nor CISM.

    Really: CISSP, CISM, CISA, CCIE. That is beyond a Hat Trick--that is a Grand Slam/Tiger Slam. The only thing left to do after that is the CCA. icon_wink.gif
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    badrottie wrote: »
    The only thing left to do after that is the CCA. icon_wink.gif
    Hey, let's not forget the GIAC Security Expert (GSE)! icon_study.gif
  • akhilesh_rbakhilesh_rb Member Posts: 7 ■□□□□□□□□□
    Hello people.. I am a newbie on this website.. So please dont go hard on me if I sound silly..
    I'm a Computer Engineer form the University of Pune, India and am planning for a full time MS in InfoSec at some university overseas maybe US or Canada in Fall 2012. Meanwhile I was planning on getting a CISSP but have no work experience. So please help me out on this... Do I go for CISSP and will it help me to get a good job in InfoSec? And also which university do I prefer for my MSIS?
  • VegasResidentVegasResident Registered Users Posts: 4 ■□□□□□□□□□
    Hello people.. I am a newbie on this website.. So please dont go hard on me if I sound silly..
    I'm a Computer Engineer form the University of Pune, India and am planning for a full time MS in InfoSec at some university overseas maybe US or Canada in Fall 2012. Meanwhile I was planning on getting a CISSP but have no work experience. So please help me out on this... Do I go for CISSP and will it help me to get a good job in InfoSec? And also which university do I prefer for my MSIS?

    The CISSP is not something you can get with no work experience and your experience has to be signed off on by someone else to ensure people do not fake it. The certification represents a professional who already has a background in InfoSec

    You wil have to meet work experience requirements so if you are not currently working in IT security (Computer Engineer may not have experience that qualifies), it is most likely that you will not qualify to garner the CISSP at this time
  • ITdudeITdude Member Posts: 1,181 ■■■□□□□□□□
    badrottie wrote: »
    You likely have all the necessary knowledge, and only have to learn a few of the CISSP domains that are not covered by the CISA nor CISM.

    Really: CISSP, CISM, CISA, CCIE. That is beyond a Hat Trick--that is a Grand Slam/Tiger Slam. The only thing left to do after that is the CCA. icon_wink.gif

    si, si....Or should I have said C, C? :)icon_wink.gif
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
  • redmondredmond Member Posts: 18 ■□□□□□□□□□
    You should try getting into some of the top schools.

    Here is the list i found on internet..

    Carnegie Mellon University
    http://www.ini.cmu.edu/programs/pitt…stm/index.aspx

    Georgia Tech
    http://www.cc.gatech.edu/student.ser…seofstudy.html

    George Washington Univ
    http://www.seasva.gwu.edu/programs/csia/curriculum.htm

    Purdue University
    http://www.cerias.purdue.edu/educati…am/index.php#1

    George Mason University
    http://ise.gmu.edu/ms-isa/isa-course.html

    Univ. of San Francisco
    University of San Francisco (USF)

    John Hopkins Univ
    Johns Hopkins University Information Security Institute

    Northeastern Univ
    M.S. in Information Assurance | College of Computer and Information Science

    School Offering MS in MIS

    Schools offering Masters program with a specialization in MIS
    U. of Washington Seattle
    U. of Arizona
    U. of Indiana Bloomington

    Texas A&M University–College Station
    http://business.tamu.edu/Departments…epartment=INFO

    Virginia Tech
    Computer Science @ Virginia Tech's Northern Virginia Center

    University of Florida
    University of Florida :: Department of Computer and Information Science and Engineering (CISE)

    Rensselaer Polytechnic Institute
    http://www.rsvp.rpi.edu/academics/co…mgmt/ism.shtml

    New York University
    NYU Computer Science Department > Master of Science in Information Systems

    Carnegie Mellon University
    http://www.mism.cmu.edu/catalog.asp?…ction=&p age=

    Stevens Institute of Technology
    http://howe.stevens-tech.edu/MSIS/Curriculum.html

    Drexel
    http://coreapp1.drexel.edu/webcourse…l=GR&Univ=DREX

    IIT
    http://www.cs.iit.edu/programs/new_m…og.html#MCS_IS

    PURDUE
    University of Michigan-Ann Arbor

    http://www.si.umich.edu/msi/default.htm

    UIC
    http://www.uic.edu/cba/cba-depts/ids/GradProgm2003.htm

    Berkeley
    Master's Program | School of Information
    Hello people.. I am a newbie on this website.. So please dont go hard on me if I sound silly..
    I'm a Computer Engineer form the University of Pune, India and am planning for a full time MS in InfoSec at some university overseas maybe US or Canada in Fall 2012. Meanwhile I was planning on getting a CISSP but have no work experience. So please help me out on this... Do I go for CISSP and will it help me to get a good job in InfoSec? And also which university do I prefer for my MSIS?
  • akhilesh_rbakhilesh_rb Member Posts: 7 ■□□□□□□□□□
    The CISSP is not something you can get with no work experience and your experience has to be signed off on by someone else to ensure people do not fake it. The certification represents a professional who already has a background in InfoSec

    You wil have to meet work experience requirements so if you are not currently working in IT security (Computer Engineer may not have experience that qualifies), it is most likely that you will not qualify to garner the CISSP at this time
    Thanks for the help... So considering my situation which certification do I start with. I already have a Diploma in Cyber Laws, Certd. Cyber Crime Investigator and Certd. Cyber Forensics Professional (all 3 Indian Prospective) from Indian Certifying Authorities. But these aren't currently getting me into a InfoSec related job. Although InfoSec is a very general term used, my interests are in the domains of Legal, Regulations, Investigations and Compliance,
    Operations Security, Physical (Environmental) Security & Network Security. I want a certification to start with which would definitely get me into the field of Information Security and take me to the managerial levels.
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    Thanks for the help... So considering my situation which certification do I start with. I already have a Diploma in Cyber Laws, Certd. Cyber Crime Investigator and Certd. Cyber Forensics Professional (all 3 Indian Prospective) from Indian Certifying Authorities. But these aren't currently getting me into a InfoSec related job. Although InfoSec is a very general term used, my interests are in the domains of Legal, Regulations, Investigations and Compliance,
    Operations Security, Physical (Environmental) Security & Network Security. I want a certification to start with which would definitely get me into the field of Information Security and take me to the managerial levels.

    I think your best bet is to try and get a job with one of the massive Indian outsourcing firms. They tend to be much more relaxed about taking people on who are overqualified but have little or no experience as it adds to their certified portfolio. Western companies will hire the outsourcer not the person they send along. That will be an easier way in for you than knocking on the doors of companies without demonstrable experience. You could concentrate on your education at the same time.
  • akhilesh_rbakhilesh_rb Member Posts: 7 ■□□□□□□□□□
    Turgon wrote: »
    I think your best bet is to try and get a job with one of the massive Indian outsourcing firms. They tend to be much more relaxed about taking people on who are overqualified but have little or no experience as it adds to their certified portfolio. Western companies will hire the outsourcer not the person they send along. That will be an easier way in for you than knocking on the doors of companies without demonstrable experience. You could concentrate on your education at the same time.

    My current situation isn't getting me a job. I was planning on a certification which would get me a job firstly in the fields of security and also that experience would allow me to get a CISSP. Please comment.
  • Fugazi1000Fugazi1000 Member Posts: 145
    My current situation isn't getting me a job. I was planning on a certification which would get me a job firstly in the fields of security and also that experience would allow me to get a CISSP. Please comment.

    I would consider pursuing SSCP (see: https://www.isc2.org/sscp/default.aspx) as the 1st rung of the ISC2 ladder. You still need experience, but only 1 years worth. It might be the foot in the door to the 5 years needed for CISSP.

    I would also try to get into the larger Indian IT Service Providers, as Turgon suggests, and not specifically security services - as in my experience, they are desperate for good people.
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    My current situation isn't getting me a job. I was planning on a certification which would get me a job firstly in the fields of security and also that experience would allow me to get a CISSP. Please comment.

    Work for a massive Indian outsourcer. They want qualified people on the books that they can pass off as experts to land more business. Even if you are inexperienced, if you have the right certifications they may take you on. If you go direct to companies your lack of experience may hold you back. With an outsourcer you will be placed as a 'specialist' helping a client. If you get problems there will be backoffice staff who can assist you. If it doesn't work out you will be placed elsewhere but at least have obtained some experience along the way, hopefully not at the expense of a burned client.

    Good luck!
  • redmondredmond Member Posts: 18 ■□□□□□□□□□
    I finally decided to postpone CISSP for a while. I am now finishing(3 more classes to go) my MBA from UMASS and planning for a PhD or a DBA. I am not interested in teaching fulltime but will do adjunct if there are opportunities.
Sign In or Register to comment.