Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer III


If you have CompTia Security+ Certificate and had worked with it for 6 years, do you stand the chance to get the CISSP Certificate? And then again is it necessary to have CompTia Security+ Certificate before embarking on your CISSP CERTIFICATION journey?

34 Replies
Newcomer II

"Certified Information Systems Security Professional (CISSP) is an ..."

You know what, Nancy? Given that we are on the (ICS)2 community board here, I think we might all have known that.

Defender I

@Roger wrote:
Taking the CISSP course straight without any knowledge in security, is it a good start?

Nope, not at all. The purpose of the CISSP is to recognize experienced professionals in the field, not newbies trying to get there.

Learn the basics of security and get experience in carrying them out.


Important: taking a CISSP exam prep course is a waste of time for someone just entering the security field. However, taking courses on security fundamentals that are organized around the domains of the Common Body of Knowledge (CBK) can be a valuable route to learning security.


Once you have both study knowledge of security fundamentals and some experience in working in the security field, gauge when you will be closing in on the experience and consider how to prepare for the CISSP exam.



D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts
Newcomer III

Dr. Shelton is correct. The CISSP is not a level 1 credential. Wait until you get at least 5 years of experience before you go for this industry leading cert.


I suggest you do the Sec+ from CompTia first.

Newcomer III

I would agree starting from Sec+ isnt a bad idea. That's how you get your foot in the door..

Advocate I

After reading several of the other responses, here is mine.


As noted, there is NO pre-requisite for the CISSP cert.  However, the cert is not meant for those getting into infosec, but for experienced folks, ideally in management positions.


I always recommend people getting into the field to take a look at CompTIA's certs, as they ARE aimed at those with little or no experience.  Getting the Sec+, CySA+, and CASP is pretty good for the beginning of your career.


As you advance and get more experience, I recommend folks move on to high-level certs or even specialized certs.  Get the SSCP, the pentest certs from Offensive Security, CEH maybe.


You don't need a degree to get into infosec or even get the CISSP.  My degree was in computer science.  Degrees focused on infosec are fairly recent.


Hopefully its clear that to get the CISSP, you'll need to have 4-5 years of experience (they knock off a year if you have a degree) in 2 of the 8 domains.  You don't need "security" in your title.  You need to be doing the work.  I was a sysadmin, moving to being a security admin, later a security architect and now a security consultant.


Get involved with your local infosec community.  Hopefully there is an ISSA chapter, or an ISC2 chapter you can join and network with folks.  They can help you out, plus you can find someone to endorse your application if none of your co-workers qualifies.  That's how I got my endorsements and I've endorsed others in the local community I know.