cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Shilpa
Newcomer II

Do I need additional certifications after getting CISSP?

Hi All,
I recently received my CISSP certification. I am very happy and proud of it!
However, when I apply to jobs, the feedback I have received so far is, CISSP is nice to have but I need additional certifications.

 

e.g. Cloud certifications OR 
CCNA, Network+ OR
Various products and tools certifications

 

Do I need all those certifications as well? Without these keywords, my resume is not reaching the hiring managers. Has anyone else experienced this? Please advise. Thanks!

14 Replies
joeadu
Newcomer I

It’s difficult to answer your question without knowing the specific roles to which you’re applying. For example, if I’m looking for a principal cloud security engineer, having a CISSP alone would likely not be enough; I’d need to see other experience or evidence of knowledge related to cloud technologies and securing resources within the cloud. Out of curiosity, who specifically is giving you that feedback? Are you hearing this directly from hiring managers?
Shilpa
Newcomer II

I am not looking for a specific role. I am applying to every job where they prefer candidates with CISSP.
I have a Master's degree in engineering and more than 12 years of experience in IT industry.

 

I am trying to get back into workforce after a career break (raising kids).

I have not talked to any hiring managers yet. This feedback is from a recruiter who is advising me to get more certifications to make my resume competitive.

ericgeater
Community Champion

Congratulations on the CISSP!  But I agree with Joe.  You need to show which direction you prefer to point. CISSP focuses on security and leadership, so you might study for CySA+ or CEH to add some technical security proficiency to your resume.  You could add CISA for accountability or auditing.

--
"A claim is as good as its veracity."
tmekelburg1
Community Champion

Like @joeadu said, each market is going to be a little different. It sounds like you're applying for jobs that are more technical and less managerial. The CISSP isn't going to be very helpful in positions requiring technical knowledge of systems or how to specifically make changes within those systems. Eventually it will be as you move up the career ladder.

 

So if you're applying for an analyst or engineering position, you'll need to either get the technical certifications or highlight more technical experience on your resume that's more inline to what they're looking for in those roles.

 

Edit: After looking at your reply, I'd try to improve the resume that highlights your 12 years of experience. Also don't apply for every role that says, 'prefers CISSP'. I've seen SOC or entry level/mid level positions with wording like that and it's silly. They're trying to 'bump' their job advertisement level up by adding CISSP for key word searches from applicants. Steer clear of them if you can. 

Shilpa
Newcomer II

I appreciate everyone taking time to write.

 

In your opinion, which roles are more managerial and less technical? That is the path I would like to explore.

Shilpa
Newcomer II

Exactly! So many jobs say 'prefer CISSP' and then you never hear back from them even though they are 'urgently hiring'.
Thank you for this insight. It makes perfect sense. I would steer clear of such postings.
Beads
Advocate I

Well, we get many resumes with the CISSP certification and little if any experience so they get tossed, I am afraid. My shop doesn't put much emphasis on certs themselves and is only used to filter out (one of many) candidates. To be frank, I will say its been years since I even brought up certification during an interview.

 

What most employers are looking for today are hard, specific skills in security, i.e. Firewall, security appliances, networking and particularly cloud. None of which are covered by the CISSP or any other higher level certificate. This is exactly why you see the words "preferred but not required" near the bottom of many job descriptions.

 

The CISSP is something most of us take for granted once you have 5 or more years of experience in security but hiring managers have also been largely bitten by the "hiring for certification" mistake as well.

 

Look for more entry level positions at the SOC or lower level Engineering contributor level and get that experience up to date if you've been out of the workforce for period of time and work your way back up.

Shilpa
Newcomer II

I agree completely. It would be ideal to start at the entry level and gradually work your way back up.
The challenge is, findings such entry level opportunities in cybersecurity.

Steve-Wilme
Advocate II

Having the CISSP isn't as relevant if you're applying for hands on cybersecurity roles, as more hands on qualifications would be.  The qualifications needed will very much depend on the sorts of positions that you're targeting.  Take a look at the site below and select the qualifications from the area most closely related to the career path you're hoping to follow:

 

https://pauljerimy.com/security-certification-roadmap/

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS