CISSP - should I go for the GISP if taking SANS MGT414 ?

Hey all,

Just wanted to put the question out there. It seems like there's some overlap between the CISSP and GISP, and I'm not sure what the ROI is of even having the GISP if going for the CISSP already. In that case, if I wanted to take advantage of the SANS training, is it best just to do that + CISSP? Or should I also go for the GISP just because? If I did Mgt414 + GISP + CISSP, I'd owe a bit more (between $100-200 I'm estimating) even with tuition assistance. Whereas, if I only did Mgt414 + CISSP, I wouldn't owe anything (except for maybe shipping on books) which is preferable. I know a couple hundred bucks doesn't sound like much with whatever the ROI is but I'm still akin to penny pinching either way. Paying nothing is almost always better than paying something, even if whatever raise (this is also not guaranteed) I think I'll get will make up for it...

Anyway, what do you guys think? I'm trying to figure out the best time-frame to do all this *before* our baby comes too, which is pretty crazy I know.

Also, I just realized that there could be an ulterior motive to taking this as well, which would be to potentially have it count towards renewing my GCIH (which is another $399... not sure if that would be covered by tuition assistance though - I did renew under tuition assistance a few years ago but that was based on taking/passing the test as opposed to coming up with the CPEs another way).

Find more posts tagged with

Comments

jplee3

The other thought might be to go ahead with MGT414 + GISP now and just wait and schedule the CISSP in January 2016 or later... not sure if that's the greatest idea though in terms of knowledge retention and what not unless I'm constantly reviewing over the course of the year up until then.

renacido

I only go after a cert if:

- in the process I have I'll gain valuable skills and knowledge
- it will give me a significant advantage in progressing in my career

My two cents.

Last cert: CISSP (passed exam, endorsement review in progress)

Next cert: probably OSCP

cyberguypr

GISP and CISSP are basically the same thing. I'm all for SANS, but given that CISSP is widely know and basically no one knows GISP, I just don't see any value/ROI there. I rather get CISSP and just like renacido said, spend time on something else that will further my knowledge and career.

jplee3

Cool, so I'll consider GISP mostly as out then. Though, I think I read someone mentioning taking the GISP more as "prep" for the CISSP. Especially because you get a few practice exams. But I also hear the tests are pretty different too, no?

Do you guys still think MGT414 is good to take if it's something my company will cover? Or is self-study always gonna be better? My problem with self-study is that I'm a lazy procrastinator. For the past 7-8 years I've told myself I'll get to studying for the CISSP but never do, and I've spent more time studying for and getting other certs instead (via taking SANS courses though). I think I tend to do better if there's an outline of material to go through initially... anyway, seems like the CISSP would probably be a good thing to have at this point in time, since I'm starting to think that management is a potential path I'd like to take. Based on prior experiences, I think in general I have the tendencies of a project/program mgr in the sense that I get the technical stuff (mostly) but don't want to deep dive into it and would rather drive it and solve how it fits in the bigger picture.

!nf0s3cure

Other members have said that some training camps were not very useful. SANS may be a different story by the way the exam is reported to be heading now, as they have lot of real world examples by means of their wider training spread. I too am taking a training review camp soon as I missed out on SANS 414 so time will tell.

fullcrowmoon

I keep seeing the statement that boot camps aren't any good for the CISSP. I feel like I got a lot of value out of the boot camp I took, but then I also have 20+ years experience in systems administration, network planning, security, etc. The boot camp I attended seemed to focus more on how they ask questions as opposed to trying to stuff all that knowledge into your head in just one week. During the day we worked on the domains, but the boot camp portion was all answering 5 point CISSP questions and going over the logic of why the correct answer was the correct answer. Based on that alone, I was positive I was going to fail, but given that the questions are weighted the exam wasn't nearly as horrible as I had worked myself up to think it would be. Not easy by any means, but I passed.

Maybe the boot camp was useful only because I already had the background?

analyst

I haven't been to a boot camp, but I'd argue the self-study route was easier today than it would have been a decade ago because of my experience and background. When being fed facts through a fire hose, it helps if all the facts being fed are facts you already know or once knew. The fire hose approach is not ideal if the material is brand new.

beads

CISSP will make you money. The GISSP will make SANS some money.

-b/eads

cyberguypr

^ best explanation ever.

jplee3

beads wrote: »

CISSP will make you money. The GISSP will make SANS some money.

-b/eads

LOL good one.

Guess I'll pursue the self-study route in that case... I still don't think I could knock this out by August before the baby comes though.

renacido

jplee3 wrote: »

LOL good one.

Guess I'll pursue the self-study route in that case... I still don't think I could knock this out by August before the baby comes though.

I don't think people are saying the SANS course is a bad idea. Paying a ridiculous fee or wasting time studying to challenge the GISSP exam for a cert that no one outside of SANS give a rip about is the bad idea.

JazzPilot56

Took the CISSP on 4/11 and passed first time, after studying ~4 weeks (120hrs - nights and weekends); no bootcamp. Last December (2014) I took the ISACA CISM which, IMHO, helped me to pass the CISSP first time.

As a side note, my study partner also passed both the CISM (in December) and the CISSP in April. The CISM is a tough test with only a 50% pass rate; but we both scored in top 10%. I equate the CISM to a 1/2 Marathon and the CISSP to a full Marathon.

As such I highly recommend that others, who are considering security certifications, consider a similar course of study. Obviously Caveat Emptor and your mileage may vary, so this is not Gospel. Consider your own unique circumstances, capabilities, and your ability to grasp the subject matter. Then proceed accordingly in pursuit of your own path and potential achievement of the results you desire.

Since this thread is discussing certifications 'AFTER' passing the CISSP, here's my two cents:

1. I still think the ISACA CISM is worthwhile, even if you've already passed the CISSP; in fact if you have passed the CISSP you should be able to pass the CISM with relatively minimal effort
2. The other ISACA certifications - CISA, CRISC and CGEIT - are good (and valuable) too (no, I don't work for ISACA – but keep in mind, ISACA has been around for 40 years and is a Global organization)
3. Lastly, do a deep dive in a niche area - I'm thinking CEH (Certified Ethical Hacker), CCNA (Cisco cert), or even PMP certification

Here's the thing, big security jobs frequently start with the requirement that "You must have at least 'ONE' of the following certifications: CISM, CISA or CISSP" (emphasis added)

My thought was, if they say you need at least one, I'm going to get all three; and in fact I just took the CISA last Saturday (6/13). Hopefully I passed, and I’m ‘cautiously’ optimistic. Though that’s another test with a 50% pass rate; several people I talked with at the site said they were attempting it for the second and third time.

Based on my pre-planned course of certifications, the next I’m taking (assuming I passed the CISA) are:

1. PMI’s - PMP: 9/1
2. EC-Council’s - CEH (or C-CISO – note, C-CISO gives credit if you’ve passed the PMP): 11/1
3. ISACA – CGEIT: 12/12
4. Other: Possibly CCNA in Spring 2016, ISACA – CRISC 6/14/2016
5. And if I have any strength after the above: ISC2’s – ISSAP / ISSMP / HCISPP

Hopes that helps. Don’t hesitate to ping me with positive feedback or alternatively the errors of my way.

All the best, and good luck.

Will

jplee3

renacido wrote: »

I don't think people are saying the SANS course is a bad idea. Paying a ridiculous fee or wasting time studying to challenge the GISSP exam for a cert that no one outside of SANS give a rip about is the bad idea.

Oh, I meant doing self-study for the CISSP (not the GISP/GISSP). No way I would ever just take the GISP/GISSP alone for the sake of getting it. The original post was whether or not I should do that *in addition* to taking the SANS Course + CISSP. In another thread, someone recommended just to do it because it's extra 'practice' for the CISSP. But it sounds like it's probably not very useful either way. And as far as taking the SANS Course, I still don't think I could get through that AND get the CISSP done by August.

Since I didn't capitalize on all the time I've had up until now to get the CISSP done, it'll just have to wait a while until I figure out my work-life balance after the baby is here. Oh well...

jplee3

JazzPilot56 wrote: »

Took the CISSP on 4/11 and passed first time, after studying ~4 weeks (120hrs - nights and weekends); no bootcamp. Last December (2014) I took the ISACA CISM which, IMHO, helped me to pass the CISSP first time.

As a side note, my study partner also passed both the CISM (in December) and the CISSP in April. The CISM is a tough test with only a 50% pass rate; but we both scored in top 10%. I equate the CISM to a 1/2 Marathon and the CISSP to a full Marathon.

As such I highly recommend that others, who are considering security certifications, consider a similar course of study. Obviously Caveat Emptor and your mileage may vary, so this is not Gospel. Consider your own unique circumstances, capabilities, and your ability to grasp the subject matter. Then proceed accordingly in pursuit of your own path and potential achievement of the results you desire.

Since this thread is discussing certifications 'AFTER' passing the CISSP, here's my two cents:

1. I still think the ISACA CISM is worthwhile, even if you've already passed the CISSP; in fact if you have passed the CISSP you should be able to pass the CISM with relatively minimal effort
2. The other ISACA certifications - CISA, CRISC and CGEIT - are good (and valuable) too (no, I don't work for ISACA – but keep in mind, ISACA has been around for 40 years and is a Global organization)
3. Lastly, do a deep dive in a niche area - I'm thinking CEH (Certified Ethical Hacker), CCNA (Cisco cert), or even PMP certification

Here's the thing, big security jobs frequently start with the requirement that "You must have at least 'ONE' of the following certifications: CISM, CISA or CISSP" (emphasis added)

My thought was, if they say you need at least one, I'm going to get all three; and in fact I just took the CISA last Saturday (6/13). Hopefully I passed, and I’m ‘cautiously’ optimistic. Though that’s another test with a 50% pass rate; several people I talked with at the site said they were attempting it for the second and third time.

Based on my pre-planned course of certifications, the next I’m taking (assuming I passed the CISA) are:

1. PMI’s - PMP: 9/1
2. EC-Council’s - CEH (or C-CISO – note, C-CISO gives credit if you’ve passed the PMP): 11/1
3. ISACA – CGEIT: 12/12
4. Other: Possibly CCNA in Spring 2016, ISACA – CRISC 6/14/2016
5. And if I have any strength after the above: ISC2’s – ISSAP / ISSMP / HCISPP

Hopes that helps. Don’t hesitate to ping me with positive feedback or alternatively the errors of my way.

All the best, and good luck.

Will

Impressed that you passed in such a short amount of time! What materials did you use for studying?

JazzPilot56

I read the most important Shon Harris Chapters (the 4 or 5 I was weakest on), the Conrad book (cover to cover), and Conrad's 11th hour (twice). I also took LOTS of test questions from Shon Harris (the enclosed CD), Conrad (free online), CCCure (paid subscription), Allegis / Skillport (company subscription). I did not take a bootcamp (as this was coming out of my own pocket).

This was in addition to the preparation for the ISACA CISM (which I'd taken 3 months earlier). That prep included reading the ISACA materials and taking lots of ISACA test prep questions.

Conrad's book and 11th hour study was the biggest help for me. I frequently referred back to that to make sure I understood the key principles, technologies and processes.

The key to these tests is a concentrated course of study. Putting in one night a week wasn't sufficient for me. I had to become immersed and study every day, nights and weekends. That's why boot camps are successful, because some people can't make the mental commitment to study 2-3 hours every day - instead the boot camp forces them into that mode. BTW, it wasn't easy for me either, but I'm highly motivated to complete these certifications for personal reason. Even then, I had to continuously remind myself that it was all for good and wouldn't go on forever (i.e. that the end was in sight, assuming I studied hard enough to pass the test the first time).

Hope that helps.