cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Katzlaw
Viewer

Does CC truly open doors?

I'm Chuka Okeke, residing in western Canada. I passed my CC exam last year and received training in the GRC domain of cybersecurity. I possess in-depth expertise in ISMS frameworks and security standards. I played a key role in formulating the information security policy currently implemented in my current job. Despite my passion for the field, the job market is exceptionally competitive, and employers seem reluctant to provide the growth opportunities I seek. It's disheartening, considering the overarching goal of this project was to encourage more individuals to enter the field. Is there any lead as to how I will get a job in the mainstream information security field? I have sought assistance on LinkedIn, but looks like nobody wants to help. I am willing to be adopted by anyone who will guide me to grow in the field. I have a burning passion for it.   @CityofCalgary @SecAnalyst Hackers attack Canada Revenue site @InfoSec

5 Replies
JoePete
Advocate I


@Katzlaw wrote:

Is there any lead as to how I will get a job in the mainstream information security field? 


This a broader question than you might realize. It's not just how do we qualify people for working in information security, but it also raises the question of what is the future of information security.

 

Practical tip: Network, go to meetings of local information security groups, chapters, etc. Be sure you are experienced with specific software/tools. If someone is looking for Okta experience, you need to say that (not I've done identity and access management). Be a good communicator. Again, this is part of networking, but when I was hiring, it always went through my mind "can I send this person to a meeting?" When it comes down to it, a lot of our job is about convincing people - either to change habits, not deploy a system, revise some code, spend money. You have to be a good communicator. Lastly, be patient, job offers are like bananas; they come in bunches, it seems.

 

As to the CC, I recently retired, so I am not sure I have enough experience with the it to say where it lands in terms of opening doors. I would focus more on selling your experience than your certs though.  

Early_Adopter
Community Champion

@JoePete Totally.

“Certs don’t hire people, people do.”*

CC is entry level, but tests in the ISC2 are more often than not for people with a modicum more experience.

Cybersecurity roles pair better with existing IT knowledge experience, and with six months of doing you’ll swiftly move beyond what you learned from ISC2 or other sources in prep fro the CC.

Once you have 1-2 years of experience I don’t think CC has really got much pull beyond perhaps a tiebreaker and certainly can’t beat provable experience, or indeed the dominant predator of entry level certification CompTIA’s Security+. Two additional points here. 1) Google recognises the time in industry with it’s Google Certified Cybersecurity Professional certification offering a discount for Security+, ISC2 would be smart to do so as well as CC lacks simulations , which test skills much better than trying to test them through written questions. 2) Security+ has been around for donkies. Approaching the CISSPs timescale. This precedence effect(who got there first) really matters and we see this reversed in CISSP vs CASP+. Who knows maybe in one universe ISC2 replaces CompTIA as the entry level gold standard just as CISSP is forgotten enough to allow CASP+ to replace it at mid level?

So right now performance of CC is unproven - we’ll need to wait for data - Annecdotally some people are satisfied, some are not.

You seem to already be in a role so I suspect CC’s best use for you is a conversation starter at a chapter and CISSP or similar is more useful Joe covers this well:

I think to the later points:

“Despite my passion for the field, the job market is exceptionally competitive, and employers seem reluctant to provide the growth opportunities I seek. It's disheartening, considering the overarching goal of this project was to encourage more individuals to enter the field. Is there any lead as to how I will get a job in the mainstream information security field? I have sought assistance on LinkedIn, but looks like nobody wants to help. I am willing to be adopted by anyone who will guide me to grow in the field. I have a burning passion for it.“

Yes employment market isn’t easy right now I’ve got a friend who is super experienced and can’t get hired for the right role looking at top tier threat vendors.

To a certain extent if the project you’re speaking of is the Certified in Cybersecurity, well we have it’s publicly stated goals, however for your own situation you’re currently working in the industry so SSCP, CCSP etc may be good next steps, as CC wasn’t really aimed at you. I think that the marketing is confusing, and it’s got a lot of promise it the words it can’t leave up to, but they’re trying to sell AMF subscriptions at 50 USD PUPY and over the long term that’s a fair bit of money so it’s not easy.

Lastly no one will adopt you. There’s probably not enough paid foster parents let enough prospective adopters for all the children out there that need it, and while someone may mentor you, or give you a leg up on something specific you’ll really get a big fat pass from all sane people, and old school ISC2 members are as a group exceptionally rational(we’ll see what all the CCs are like when enough certify). When you network it’s important to be charming, have a plan but also don’t look like a project with no end full of unrealistic expectations about what sort of job/salary/role/progression you’d like. Bit of help/advice OK - you choose to take it or not. If you’re on a low income a Couple of hundred dollars to help you get to a test centre that ISC2 didn’t cater for? Why not seems like something that ends with tangible success failure. Introduce you to someone relevant in the industry? Seems fine as long as you don’t seem like you’re off.
Long term commitment to drive success in your chosen field? Now, that’s a professional career coach and out of scope for anyone.

Good luck!

*Many thanks to The GLC.

JoePete
Advocate I


@Early_Adopter wrote:
When you network it’s important to be charming, have a plan but also don’t look like a project with no end full of unrealistic expectations about what sort of job/salary/role/progression you’d like. 

This is really good advice, and it speaks to a lot of pitfalls that can ensnare young first-time job seekers. Even if you are looking for a mentor, bring something to the table.

 

In a bigger picture, I've often referred to myself as a "data plumber." Our job is to bring potable data from one place to another, ensure, the waste goes somewhere else, with no leaks or infiltration. To a plumber, these are not separate "hydrosecurity" tasks; they are things integral to plumbing.

 

Perhaps things might look different if the plumbers union started hiring marketers to recruit people with no trade experience or apprenticeship. The union, which had, say, 100,000 licensed plumbers, might suddenly swell to 1 million, with 90 percent of them "certified in hydrosecurity" (but no license or experience). At some point that 90 percent might realize that despite their union dues, it's can be hard to get a job with nothing else on their resume. Plus, with 900,000 of them, do they really distinguish themselves from each other anyway?

 

As is, maybe even licensed plumbers are finding themselves in jobs where all they do is stand in a basement 60 hours a week, turning a valve on or off because the automated one was never built right. Others might stand there holding a finger on a pipe to cover a leak. And so a good percent of them quit every year, and it gives the perception of a "plumber gap." The problem isn't the need for more plumbers. It's just the need for better plumbing. But even the plumbers' union misses this point. So the future of plumbing seems to be having enough people who are willing to stand in a basement for 8-12 hours a day, on-call, putting a finger on leaky pipes.

 

For those of who understand the better solution is to use pipe sealant, torque wrenches, and quality control, their voices are shrinking as the union continues to grow, and more people only know the solution of sticking a finger on the pipe. Maybe for those who can afford it, they can purchase DaaS (Ducttape as a Service).

radhika_ajay
Viewer II

As someone who gave CC and CISSP exams and passed, to me, CC was a stepping stone to pass CISSP. I don't think CC by itself will give you a job even an entry level one. Since you are in cybersecurity already, my suggestion would be to search for security jobs within your org first. I have been searching for product manager jobs in cybersecurity domain and so far I have not been successful within or outside my org but I have not lost hope 🙂

Frequency_77
Newcomer I

Hi Chuka,

I've got the Sec+ cert and will finish the Google Cyber cert this spring. I am taking the CC cert this summer and I'm hoping to have enough certs to get in the industry. Even if you have help desk experience, it's hard getting in. Keep grindin', tho!