I recently received my CISSP certification. I am very happy and proud of it!
However, when I apply to jobs, the feedback I have received so far is, CISSP is nice to have but I need additional certifications.
e.g. Cloud certifications OR
CCNA, Network+ OR
Various products and tools certifications
Do I need all those certifications as well? Without these keywords, my resume is not reaching the hiring managers. Has anyone else experienced this? Please advise. Thanks!
I am not looking for a specific role. I am applying to every job where they prefer candidates with CISSP.
I have a Master's degree in engineering and more than 12 years of experience in IT industry.
I am trying to get back into workforce after a career break (raising kids).
I have not talked to any hiring managers yet. This feedback is from a recruiter who is advising me to get more certifications to make my resume competitive.
Congratulations on the CISSP! But I agree with Joe. You need to show which direction you prefer to point. CISSP focuses on security and leadership, so you might study for CySA+ or CEH to add some technical security proficiency to your resume. You could add CISA for accountability or auditing.
Like @joeadu said, each market is going to be a little different. It sounds like you're applying for jobs that are more technical and less managerial. The CISSP isn't going to be very helpful in positions requiring technical knowledge of systems or how to specifically make changes within those systems. Eventually it will be as you move up the career ladder.
So if you're applying for an analyst or engineering position, you'll need to either get the technical certifications or highlight more technical experience on your resume that's more inline to what they're looking for in those roles.
Edit: After looking at your reply, I'd try to improve the resume that highlights your 12 years of experience. Also don't apply for every role that says, 'prefers CISSP'. I've seen SOC or entry level/mid level positions with wording like that and it's silly. They're trying to 'bump' their job advertisement level up by adding CISSP for key word searches from applicants. Steer clear of them if you can.
Well, we get many resumes with the CISSP certification and little if any experience so they get tossed, I am afraid. My shop doesn't put much emphasis on certs themselves and is only used to filter out (one of many) candidates. To be frank, I will say its been years since I even brought up certification during an interview.
What most employers are looking for today are hard, specific skills in security, i.e. Firewall, security appliances, networking and particularly cloud. None of which are covered by the CISSP or any other higher level certificate. This is exactly why you see the words "preferred but not required" near the bottom of many job descriptions.
The CISSP is something most of us take for granted once you have 5 or more years of experience in security but hiring managers have also been largely bitten by the "hiring for certification" mistake as well.
Look for more entry level positions at the SOC or lower level Engineering contributor level and get that experience up to date if you've been out of the workforce for period of time and work your way back up.
I agree completely. It would be ideal to start at the entry level and gradually work your way back up.
The challenge is, findings such entry level opportunities in cybersecurity.
Having the CISSP isn't as relevant if you're applying for hands on cybersecurity roles, as more hands on qualifications would be. The qualifications needed will very much depend on the sorts of positions that you're targeting. Take a look at the site below and select the qualifications from the area most closely related to the career path you're hoping to follow: