I am an Oracle Database administrator having more than 14 yrs of experience, worked on Oracle Databases, Oracle E-Business Suite, Business Intelligence, Hyperion. I have extensive experience in High availability, Business Continuity Plan / DRP, Identity Management, SSL, Encryption of data, fully involved in software and Hardware assets / licenses / and everything goes with the planning and procuring the hardware and software. Linux / Unix administrator and security of Databases, Applications, and Linux OS, BUT I AM NOT A NETWORK PROFESSIONAL, i do not manage Exchange, networks, routers and switches of our environment but i do know about the basics of all of these.
I am looking for a role as CISO in future and because of this i have started my cyber security journey from CISSP, and i am quite confident that i will clear it and will get the endorsement plus the certification from ISC2 because i can easily fall in any two domains of the course
My only concern is, the job roles that i can see in the market for security specialist are for those who have extensive networking background, like Firewall(Palo Alto), Network Traffic monitoring, identify rogue packets, patch update, antivirus alerts etc, these jobs are mainly for SOC and security analyst
My question to all the experts here is
Is this a right certification for me? Do i need to go to the network management if i chose this field?
It will be great if i can get some suggestions / answers / advice
No you're good with your background. There is some networking related material in the CISSP but it isn't at the level of detail you'd find in a CCNA for example, so a lack of networking experience isn't an issue. There are many paths into InfoSec. Also a number of the jobs you've seen may actually be network/firewall admins (the IT security end of the spectrum) or SOC positions. It's broader fields than that.
@shahrukhyasin Sharhukh asked 'As a high experience Oracle DBA, do I need a CISSP?'
No you're good with your background. ...
And both noted that most job adverts stating a CISSP requirement seem to be in the network management arena.
I must respectfully but vociferously disagree with Steve's advice on this one (rare; I usually agree with Steve's analysis and advice). The CISSP is high value for anyone with infosec responsibilities, without regard to the type or level of technology they may encounter in their jobs. Specifically for senior DBA's, please note that EVERY MAJOR DATA BREACH has been the breach of databases, not simply network breaches. Also, compliance with privacy laws, whether or not including GDPR, are paramount to setting access control protocols and data classification, encryption, and exfil limitations on databases. DBAs should be very aware of all of these aspects.
As noted in another recent thread, the CISSP is a management certification, not a technical certification . Awareness of the breadth of infosec responsibilities, as shown by familiarity with all of the CISSP CBK domains, enables managers to determine what infosec aspects of their jobs they are already smart in, need to become smart, or need to hire smart. I can think of no specialty this applies to more thn DBAs.
Just because HR weenies have not yet begun using the CISSP as an artificial filter for job applicants does not mean you should not bother learning and earning the CISSP to be est at your job.