Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Radioteacher
Community Champion

Advice to a young security professional

I have met the person that sent this tweet at BSides San Antonio last year and I give him advice from time to time.  The thread of replies are really well thought out and it is a very nice discussion.  

 

https://twitter.com/the_warboy_nux/status/1104166992783831042

 

Many of us have decades of experience in systems and security.  I know the CISSP is not only for managers because I am not a manager. My work focuses on security engineering and I have no direct reports.  Below is the reply I sent to him via Direct Message.

 

Reply.......

I have reinvented my job about 5 times in 25 years.  During that time I have used certifications in two ways.  1. As validation that I learned a topic well enough to pass the test.  2. To prepare for the jump to the next job.  

I am a VP at a bank but I am not management.  I have no employees that report to me.  I focus on security engineering so it is a technical job, not management.  That being said, I love my job and find it fascinating everyday. 

 

Just because you have a CISSP does not automatically put you in line for management.  The study and passing of the CISSP helped me discuss security using a common vocabulary that anyone can understand.

Many people I have known have had interesting jobs.  I know a person that has a PhD in Nuclear Science and worked at Oak Ridge Labs for 14 years.   They never enjoyed their job and their favorite day was payday.  One would think they would have considered the work an education that like would do before spending almost 2 decades working towards and in an unloved job.  

When I studied and passed the CISSP my coworkers noticed that my mindset and vocabulary on security changed.  I now could present a security topic to executives without talking about configurations and products.  I could put it in terms that they understand.  

In short, if you can take and pass the CISSP, you should.  

You have a degree and I do not.  I continue to get overlooked for positions and by hiring managers because I do not have a degree.

At a minimum a maintained CISSP checks a box for hiring managers and that will make more likely to get the interview and the job you change to in the future.

...................

 

One thing is certain when working with information systems, change.  Make sure you are ready when it happens.  

 

 

Follow up.

In the end, they will be working to pass certifications that they are excited about but it does not include the CISSP.  They do current hold an (ISC)2 SSCP.  

 

Paul

1 Reply
rslade
Influencer II

Re: Advice to a young security professional

> Radioteacher (Contributor I) posted a new topic in Career on 03-10-2019 11:34 AM


> I have reinvented my job about 5
> times in 25 years.

Sounds about right ...

>   One thing is
> certain when working with information systems, change.  Make sure you are
> ready when it happens.

Yeah, taking the CISSP is a pretty good preparation for change. As long as you
keep up ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Fools ignore complexity. Pragmatists suffer it. Some can avoid
it. Geniuses remove it. - Alan Perlis
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468