Applied knowledge / experience is more critical than a specific degree or certification. A combination of all these items would provide a more compelling candidate for hiring.

If a CISSP certification is required for a position then the prerequisites for the job and the cert would need to match. So if someone doesn’t satisfy the requirements of one, he/she wouldn’t meet the those of the other. You have to consider internal equity issues as well.

Short answer: if the job candidiate needs to be a CISSP then they are expected to have met all its standards — if not then they aren’t qualified for the position. Revise and repost the job if the cert isn’t mandatory to expand your applicant pool and maintain hiring integrity.

Hi,
in my opinion CISSP for InfoSec is like a matriculation exam - obligatory at certain point of life/career but definitely not sufficient. More significant is a hands-on technical knowledge in a few Security Domains, backed up with soft skills (eg. C-level communication). So - I would reply - it depends what are other requirements than having C(whatever) certificate. If other knowledge fits a candidate profile and "CISSP is a must" than I would hire Associate as well. Having only CISSP is meaningless from my perspective.

Yes I would. But, and it’s a big but, the certifications can be what gets you to an interview stage, not an actual hire.

Certifications (and similarly, education) say to me that they have either had good experience or are good test takers. There will be plenty of people who know more who can’t take a test and pass. I’m hiring for practical knowledge, not passing a test.

When I get resumes in, I look for:
Years of experience
Education/Certifications
Construction of the resume

That they took the time to get and pass the CISSP is a great thing, but if they can’t practically apply that knowledge and think that the cert will magically open a six-figure salary, they will be disappointed. I’ve had those applicants very recently.

For those who have their associates or the full CISSP, it’s a great thing, but there are plenty of “soft skills” that are needed.

To the ISC2 people here, it would be fantastic if you would offer a mentoring program, even online, for associates to be paired with CISSPs that are already further along in their field to help them get a leg up and understand the nuances of being mid-late career.

As many have mentioned, it depends on the position. Obviously, if somebody does not have the experience for a full CISSP, then you wouldn’t consider an Associate for a position where you want experience (senior positions, managers, SMEs, etc.). However, an Associate would be a great distinguisher for an entry level position, like a junior analyst, where I wouldn’t expect experience. I would tend to prefer somebody who is an Associate vs. somebody with only an IT background (given similar education and experience). If you are in IT and looking to transition, an Associate shows that you know cybersecurity and not just IT, then you can leverage your experience in IT and show how it relates to a new job in cybersecurity.

I'll take a person's experience in lieu of certification. 

I wouldn't not hire someone with it -- that's not really the same thing, though.

 

If the requirement is for a CISSP, then what it really is is a requirement for someone with 5+ years of experience plus some paper. Having 2-3 years of experience plus some paper isn't the same thing. However, it shows that a junior person is looking ahead in terms of career progression and reflects a good attitude towards learning. Those things are desirable.

It depends - how old is the person?  My organization only hires recent college graduates up to three years experience for entry level positions.  If you've been in IT for a five to seven years, we are going to want to see some certifications obtained.  If you're "in progress" for the CISSP, you probably won't be in information security, but another IT group - working for a large international financial organization ("we are everywhere you want to be" says Morgan Freeman our spokesperson); we have no trouble attracting super qualified people with advanced degrees and gold-standard certifications for about any job we post.

It will depend on the job requirement,  and if you are a company providing security services some customers might want someone with CISSP cert, then we hire accordingly.  

 

However, if there is no need for such requirement, hire as per your job requirements.