cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fedoracore123
Newcomer III

How does one decide to take the CISSP exam?

I have been in this dilemma for some time now. If you look at this thread,

 I have not got a firm answer either from ISC2 or Mike Chappel author of the official Study guide, if I can take the exam. My only concern is that after taking the exam if it get only an Associate level certification, it is just a waste of time and money as it is a significant investment of both. My plan is to get certified by December. Appreciate this community's help

 

 

11 Replies
csjohnng
Community Champion

 

@fedoracore123 

I have been in the threads, I have seen answer from Kaity and Mike. They have given you the answers. (it may not be the answers you are looking for.. a simple "Yes" or "No).

I don't know how "firm" you want the answer to be.

 

No one can give you "firm" or "guarantee" answer but I believe they have given you the best answer they can.

 

 

John
fedoracore123
Newcomer III

So it is not a simple yes or no answer? Thanks!

Steve-Wilme
Advocate II

Depending on your likelihood of getting the required experience you could view the CISSP exam as an investment in your future.  If you're not currently working in security then being an associate may help you get into the field, but it'll require some persistence.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
RRoach
Contributor I

Noticed post.  Not knowing your background maybe take some time to reflect.

You almost have to look at the whole perspective to get to your answer.  In looking back it should help you plan your next steps. Some thoughts....

1. School

a. how did you decide to choose a particular college

b. how did you decide to a particular degree

2. Job

a. how did you decide to work for a specific company

b. how did you decide to choose a specific job 

3. Career

a. how did you decide to choose a specific career

b. how did you decide a specific job within your career field

b. how will you decide the next step in the career ladder

 

As for my choice I already had "years of hands on experience" but the certification was a requirement of the position.  I looked at all types of certifications, looked at cost, looked at renewal requirements, looked at renewal testing, I also looked at my career track. What the certification did was not only fill a general job requirement but also backed up my years of experience. You can also look at it as a cost of doing business. My next step will be PMP certification or training course (forensics/pentest/etc.).

 

In addition to certification (which might not need to be a priority), you should also look at training (courses/hands on/etc.) as well as education depending on what will support next job/career progression.

 

No right or wrong answer. Have a plan, have a plan-B, have a plan-C.

 

csjohnng
Community Champion

@RRoach Well said and good illustration

John
fedoracore123
Newcomer III

Thanks. But I think the question of, if a person is eligible to take a certification should be fairly straight forward..Not sure why there is such ambiguity

Steve-Wilme
Advocate II

I think you're misunderstanding the difference between an exam pass, which gets you associate status and a certified CISSP.  To be a certified CISSP you need to meet the experience requirement in addition to having the exam pass.  You are eligible to take the exam without the requisite experience, but you may not use the CISSP designation until you have the 5 years experience endorsed.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
csjohnng
Community Champion

@fedoracore123 

it's straight forward, at least I find it's. But for some reasons, it seem it does not apply for you in some way.

 

In this community, I think most of the people are very professional in answering question (by not over commit things beyond our capacity,  knowledge or authority).

 

When I say authority, it's because none of us are in the position to "grant" you the confirmation of yes, your experience is 100% meeting the work experience required in CISSP because we are not the ISC2 application reviewer, maximum is saying yes yours look good on paper or no, it seem you may need 1 more year on paper.

 

I give you 1 simple example of myself, while we were talking about CISSP in your discussion threads recently.

 

I looked at HCISPP exam outline in July, I look at the experience requirement, I believed I meet the requirement stated (ie able to pass the exam, and meeting the job experience requirement stated on the ISC2 official web site). So I decided to go for the exam and certifcation.

 

I studied for 1-2 week, I took the exam in Aug 21 and provisionally passed.

I filed my application over the weekend, I asked my endorser to review. He nicely completed my endorsement over the weekend. The package is routed to ISC2 for review on Aug 22.

 

Under the current ISC2 certification process, no one can tell me (or I use the word "confirm" me) yes or no until the actual review has been performed. (ie you have provisionally pass the exam, submit the application, walk through the whole certification process).

 

I received email about my application is being audit last night. I sign back my consent to release my information to ISC2 for audit purpose this morning and in the evening (just 1 hour ealier), the audit completed and I am officially certified today.

 

it's alright to ask is this certification for me or not.

You have your every right and you should because you are spending your time, effort and money on this, every penny counts. I think you have the answer for yourself already. When you have spend significant amount of time and effort in researching and asking question, you are definitely interested.

 

the next step is just jumping to the water or not. 

Hope this help and good luck

 

 

 

John
fedoracore123
Newcomer III

 

Thanks for the input. Well I am going to attempt the exam anyway. My only concern is that ISC2 (authors official study) and ISC2 is using a slightly different terminology. I wish they could use the same terminology. I feel this is a considerable deterrent for prospective CISSP test takers. Forgive me if this wrong. But I will there has to be consensus on how the requirements are framed across books, website and other CISSP endorsed materials. 

 

Check out the picture of ISC2 study guide (this is an earlier edition)  the term here used here is "Security Professional" as highlighted. "Full-time" paid work experience is defined as work performed for salary or commission. Does voluntary work count here? 

 

At the end of the day probably its just semantics. 

 

Prequalifications.png