cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
medeng
Newcomer II

Evaluating CC Certification Value and Renewal Dilemma

Dear CC Community,

 

I'm reevaluating the value of the Certified in Cybersecurity (CC) certification by ISC2 and facing a renewal dilemma due to concerns about its relevance and the yearly certification fee.

 

One of my primary concerns is the diminishing recognition and relevance of the CC certification in today's competitive job market. Despite my efforts to leverage this certification to advance my career, I've encountered challenges in gaining the acknowledgment and opportunities I had anticipated.

 

Have you found the CC certification beneficial in your career? How do you weigh the value against the renewal cost? Your insights are invaluable.

 

Thank you.

15 Replies
tldutton
ISC2 Team

What have you done since passing the CC in reference to education, additional certifications, and finding ways to gain experience?  Experience can be gained through volunteering or internships when entry-level positions are not available.

Early_Adopter
Community Champion

So there’s some assumptions I think that are not necessarily fair/accurate. The CC certainly isn’t diminishing in recognition, it’s about eighteen months old and it’s been marketed on heavy rotation with paid for YouTube influencer slots and others giving their thoughts. It is however starting from a very low base vs Security+ as the ‘dominant predator’ in the IT security entry level ecosystem. Now that will set you back more time and money, however there are many more job opportunities with it as a requirement - if you look at https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/ you'll see it aligns more closely to SSCP in IAT Level 1&2 and ISC2 no longer has a viable offering in IAM Level 1. Could CC slot in there? Maybe, though I’d think it needs more baking and a couple of mores iterations to go. Singapore Cybersecurity Agency (CSA) just picked it up, so it will certainly have value in Singapore.

I think for entry level training and testing ISC2’s format probably isn’t so good. Simulations and tests of practical skills tend to help more for students starting out, especially as junior staff tend to be the doers that need hands on to succeed, and testing skills through questions is not so great. I do think however if you turn up to an interview with CC, GCCP and Security+ you’re making a compelling point about dedication.

ISC2 has certainly pushed the marketing hyperbole beyond what the CC could deliver. “You don’t need experience…” Well, not for the CC… but it does help for the job. But they’re no alone in this kind of approach snd regretfully it creeps in evermore over time. Reality is no certification will get you a job, especially not if the completion have others.

One thing that could help the CCs case is if ISC2 started posting its member counts again. It’s a truism in Cybersecurity that you must have metrics to evaluate performance, and taking this to heart again in how it presents its membership would be a welcome return to previous transparency and help engender more trust in members new and old.

Access to chapters, people etc can help with your career, and people here will take time to ask you where you are and what you want to do.

I can’t say too much directly on personal CC cost benefit as I haven’t taken it, however I don’t think it would be that useful in gaining an employment beyond a foot in the door if HR specify it or you need an interesting anecdote about studying for and taking CISSP Jr(now nearly free till it runs out)(interestingly enough as a second aside from personal experience CISSP has never got me a job either though it’s a good talking shop, and always nice to see old friends and colleagues). It is likely that there would be a good case to make for CC as a certificate that is a one and done, has a limited duration or a version, personally I don’t think there’s a huge case for a certification for real entry level things because once you’re doing the job… well you’re doing the job. But then a certificate wouldn’t bring in a 50 USD PUPY…

My advice - I don’t think the AMF is terribly high if you just keep it up until it’s done its job(limited though it’s contribution may be), and perhaps you can find a member here can take some time to discuss your aspirations and current circumstances and help you work on a strategy/approach that can get you to where you want to go.
medeng
Newcomer II

Thank you for sharing your perspective and trying to address my concerns. I completely understand and resonate with your points about the challenges faced by newcomers breaking into the cybersecurity industry, particularly concerning the ISC2 program. While ISC2's program does spark enthusiasm and interest in the field, it's crucial to acknowledge the hurdles individuals encounter upon reaching the door, only to find it closed.

As someone new to the field, I wish that ISC2 waives the annual fee for CC certification until it gains wider recognition. Hands-on skills are vital for entry-level roles, and additional costs like joining ISC2 communities can be burdensome. Instead of solely focusing on revenue, ISC2 should prioritize offering free training and free professional guidance. I believe tailored programs for CC holders and newcomers can attract more individuals and empower them to succeed.

I appreciate the opportunity to voice my concerns and hope ISC2 will seriously consider implementing changes that better support newcomers like myself.

Thank you and I'm open to correction from those with more experience.

ggorg
Reader II

Hi to all of you,

 

Last year when I decided to get myself ICS2 Certified (CISSP), I was not aware that an entry level certification (CC) existed from ISC2.

 

Though my primary goal was the CISSP, I decided to take the CC just to have a taste of what ISC2 Courses and Certifications Exams are about as I am more acquainted with Microsoft Certifications.

 

I do not regret this decision as it helped me to prepare for the CISSP Certification Exam that I passed last year. Right after I also took CCSP Certification Exam as in my sense it's a good extension to the CISSP.

 

Did the ICS2 Certifications help me professionally? Well yes, as the knowledge I gained has no price and helps me daily in my work and opened me the door for the CISO Job in my company.

 

Did I get any job offers after I passed my certifications? Yes, plenty but in Infrastructure Engineering or System Engineering and/or Cloud Engineering, where of course the knowledge you gained by passing ISC2 Certifications such as CISSP or CCSP is of great value.

 

It's all about expectations. Passing CC will not get a CISO Job but passing CC will give the kick to go further with ICS2 Certifications and also prepare you for them.

 

The same reasoning is valid for the CISSP. Passing the CISSP will not give you a CISO Job but an excellent knowledge base for your daily work whether you are in Engineering or Networking or other.

 

So to resume: is CC beneficial for the career: yes it is as it's a like a starter in a dinner.

 

Have all a great weekend.

 

BR,

Gregory

 

 

Binary_Burn
Viewer III

My story follows a similar path.

 

  • I targeted CISSP initially.
  • Then, I came to know about the CC certification's existence.
  • Decided to work on CC first and achieved it a couple of months earlier.
  • Now have decided to take a couple of more certifications from the EC Council before moving back to CISSP.
  • This is after I realized that these certifications will not only provide more value to my targetted career path but also will eventually help in CISSP preparation.

    Hoping to finish all 3, one by one, within 2024.
Syed Khurram (SK) | Cybersecurity Professional & AppSec Enthusiast
 Credentials: CC, Security+, CDPO, CBSA, CSSLP (in progress), CISSP (soon)
 Passionate about Secure Software Development & Data Privacy
 Badminton Lover | Lifelong Learner
Pragatiswaran
Viewer

I am supporting this.
Pragatiswaran
Viewer

I am supporting medeng on amf waiver for CC as this is marketed as free examination and as this is entry level

Early_Adopter
Community Champion

@Pragatiswaran

I think there are a few nuances on this conversation to consider, and this will take some time so please bear with me. It would be nice if it really was free as in beer(at least we’ve got free as in speech), however don’t hold your breath. 😉

The first comes down to whether you have experience in IT or even cybersecurity.

If you do and it’s relatively easy to get a job the cost isn’t so great and in any case you eve a better chance of passing due to existing knowledge - this isn’t really where ISC2 is focused but folks in thread are finding benifit in a pre-CISSP workout.

The second group are folk without experience. As CC gets more people take it there will be more pickup use in market / it’s going to take a while but eventually it might look like a natural first step before Security+(most people looking for a first job are considering that or executing on it, two really strong things CompTIA has a lot of recognition and hands on. So bigger than the fifty bucks is the opportunity for cost CC or Google then CompTIA(the discount I think is helpful), finding test centers etc. Personally I’d like to see less fragmentation and organisations working together on a first step - ISC2, CompTIA, ISACA with MS, Google, Amazon and others would be really compelling and complement each other.

Waiving the AMF might sound nice…:) however I’m not sure it’s sustainable let’s say a free exam costs say 30 USD to ISC2 and that needs funding - as a non-profit ISC2 has to have transparency on its accounts and it has a lot of mouths to feed on its wage bill and other expenses:

https://www.isc2.org/-/media/Project/ISC2/Main/Media/documents/annual-report/ISC2-Annual-Report-2022...

It’s a shiny PDF but like all of these things the important stuff is at the back with not that many colours so it doesn’t look too interesting.

Now it’s got a lot of assets, however I’m pretty sure it needs the 50 USD per user per year(PUPY) to stay on an even keel and there is a lag of 1-2 years on the audited financial reports. One million CCs would be a nice little earner 50M USD, however getting there probably isn’t easy and there are costs for every new candidate. Non- CC members, the legacy are mostly CISSPs and there are not that many compared to the number of free exams, also got a +10 USD PUPY bump to AMFs that wasn’t communicated much if at all apart from when we paid AMF and OSC2 has been reminding us via lots of email 4-5 months in advance last time AMFs went up(if you had more than one certification you got a discount - kerching in the bank!:D) there was much wailing and gnashing of teeth in the membership), so leaning on legacy members who are already mid-career to fund CC candidates. It will be interesting to look at the 2023 and 2024 financial statements(especially if ISC2 starts publishing proper member counts again - at least to the membership) to see what the costs of CC exams, marketing administration etc are.

Let’s go to the denouement. Just as a 50 USD PUPY from 1M peeps would a lovely income stream let’s imagine a world in which lots of people take it, fail and then say that was a great workout for Security+ or even CISSP in five years time.ISC2 is paying for those exams, cost of marketing, more staff etc - maybe it needs to fork out 40 USD per client it wouldn’t look good. Now imagine it waived the AMF fee for the whole 1M(not going to happen I’d say but if you did it for one, you’d probably have to do it for everyone). At the very least It wouldn’t look good in the accounts, and for this reason even though all those numbers I use are fictional, I think it’s very likely a non-starter.

Personally I used to pay much more for ISC2 certs and the IAAP manage to shake me down for 250 USD per year for membership, so fifty bucks really isn’t too bad for starters and if it doesn’t bear fruit, I.e. no job just don’t renew after the initial or subsequent year) or it serves its purpose and your are straight at lucrative industry/infinite possibilities land and then you might even choose to not renew as it did what you wanted.

In any case best of luck, and in the end it’s always about the journey.
Nkululeko
Viewer

Hi Medeng, I understand your concerns completely. It's frustrating when you invest time, effort, and money into a certification, and it doesn't seem to yield the expected returns. Here are a few thoughts to consider:

  • Regional Differences: You're right; the value of certifications can vary depending on location. In some markets, the CC might not be as widely recognized as other cybersecurity certifications.
  • Specialization: The CC provides a broad foundation in cybersecurity. If you're aiming for specific roles, consider supplementing the CC with more niche certifications to demonstrate your expertise in a particular area.
  • Stepping Stone: In my case, the CC actually inspired me to pursue further opportunities like the SANS scholarships (https://www.sans.org/cyber-academy/) . Through those, I've earned GIAC certifications that have been more beneficial to my career advancement.
  • Continuing Education: Regardless of whether you renew, consider alternative ways to stay up-to-date. Free or lower-cost online courses and industry events could help you stay current in specific aspects of cybersecurity.

Good luck!