Options
Cissp
I was debating with myself on going after the CISSP Cert. I have the experiences required in Access Control ,Information Security Governance and Risk Management, Physical Security and Architecture and Design Security required with 5 1/2 years in security management. This is the type of infosec that intrigues me. I also like the OSCA and CEH side of the house but I am not technically proficient in that domain. Should I acquire my CISSP certification and wait in the more technical certification.
As always thanks inadvance
As always thanks inadvance
Comments
-
Options
vasyvasy
Member Posts: 68 ■■■□□□□□□□
It all depends on what you plan to do with your certification... if a manager position is what suits you: take a shot at CISSP
If you are more on the technical side and want to pursue a pentest position... then CISSP is kind of useless, make your way to more hands-on certs, like CEH or OSCP/OSCE -
Optionsjoebanny
Member Posts: 84 ■■■□□□□□□□
As someone else has said, it all depends on what you plan to do, however, the CISSP IMO brings you more value and allows you to operate as a cybersecurity professional as a higher level where you could focus on policy or the technical side. Personally, I think having experience on both sides is better. So if you're motivated enough why not go for both the CISSP which is more managerial and the CEH/OSCP which are more hands on? There is nothing to lose, you just become a better security SME.
Just fyi, there is a specific forum for CISSP/SSCP here where you can gain more insight on that those certs.
All the best to you. -
Options
kalkan999
Member Posts: 269 ■■■■□□□□□□
Which direction do you want to take yourself and your career? What kind of exposure do you want to have personally with Senior Managers and Executive staff?
CISSP is THE cert that the above person/s ask for when they ping HR to find someone. CISSP is losing some of its luster for various reasons. However, CISSP is a tough test, even for the experienced. The more experience you have in each domain, the less difficult the test. Unfortunately, some of the exposure I speak of actually requires you to have a CISSP first.
You rang off, what, 5-6 domains? If you have regular exposure to these domains, then you should be OK. GRC is BIG, as is Software.
Some people have a lot of cryptography questions, others have very few. You may find yourself frustrated when you take the test, having over-prepared for a domain, yet only run across 5-6 questions out of 250.
Make sure your English skills are adequate, as context is key to passing this exam almost as much as your baseline knowledge.
Finally, what's your timeline? While some people can study on nights and weekends a month before the test, most people I know dedicate months of prep time for the test.