While trying to determine my next certification pursuit, I found a useful (in my opinion) data site. It shows a breakout of a collection of popular certs (Security+, CIPP, GIAC, CISSP, CISA, CISM), the number of certification holders for each, and the number of job openings requesting that particular certification:
http://cyberseek.org/heatmap.html
For instance, at the national level it shows 76,413 CISSP certificate holders and 72,700 job openings requesting that certification. To me, that would indicate that the certification rate is keeping pace with the industry demand.
For CISM however, it shows 12,428 certificate holders and 23,932 job openings requesting that certification. In my mind, that would seem to indicate that if one is pursuing certifications to remain marketable and employable (such as myself), the CISM would be a wise investment as demand seems to outpace supply.
What do you think? Filtering the results to just my state showed a similar pattern.
P.S. For my fellow grizzled and cynical IT veterans, I would like to mention the fact that I have no affiliation, vested interest, or benefit from the site mentioned above. Prior to 9:00 a.m. EST on 2/26/18, I had never heard of the above site.
(Edited: Title changed during editing and I didn't catch it until now).
@mgoblue93wrote:@MDCole9761
> I'm currently seeking work with my
> CISSP out of state
Just curious...some of my colleagues and I have been curious about this for a while...
In your experience, the jobs your applying to, what's the breakdown for CISSPs required for private v. public sector? Are you looking for commercial work or are you looking for gov't work?
In my travels, and I'm arguably in the 2nd hottest IT market in the country, we only see having a CISSP being needed in about 3% of the private sector openings.
The public and private sector buttons on that heat map back our personal observations up.
In the public sector though, darn near everyone wants a CISSP candidate.
Thoughts?
Sorry for the delay in response- my free time is almost non-existent these days!
I would agree with a very small percentage of private sector jobs requiring a CISSP or similar cert- most of the time, it's listed as a "desired" skill/qualification. Granted most of the jobs I'm looking at are security focused (i.e. IT Security Manager) so the occurrence of CISSP in the job description is probably higher than in general IT job postings that may or may not have a security concentration. I've looked at a few public sector jobs, but they all seem to require you to already be employed in the public sector. Maybe I'm looking at them wrong, but I'm not sure how to break into the public sector jobs!
As for what I'm looking for- I'd take either one as I'm looking to grow professionally and feel that both types of opportunities would suit me well. And if anyone has any hints, tips, tricks and/or job leads in the Central Florida region, I'm all ears (hint, hint)...
> Maybe I'm looking at them wrong, but I'm not sure
> how to break into the public sector jobs!
I'd have to see an example req of what you are talking about.
Civil Service, though I have never worked it, can be difficult to get a position from what I have heard.
Contracting, on the other hand, at least where I'm at, is pretty easy to get into.
For example, in Dec 2016, my entire company got laid off. So I became a ski bum for 6 months. When time came to go back to work, a commercial company was courting me (but they never pulled the trigger -- 4 interviews over 6 weeks, including flying out to their corporate HQ, and they were still not ready to extend an offer). I took a look at some defense contracts in the area and I had 3 offers in a week. Including one during the interview; they wanted to hire me on the spot.
Everyone's experiences are different... but it would be interesting to see a job req for something you're interested it but you may consider difficult to break into.
@mgoblue93wrote:
I took a look at some defense contracts in the area and I had 3 offers in a week. Including one during the interview; they wanted to hire me on the spot.
Everyone's experiences are different... but it would be interesting to see a job req for something you're interested it but you may consider difficult to break into.
Impressive! I think one of the issues I have is not being able to sell myself very well...
One example would be a job I applied for with a well known defense contractor where during the application process, the question was asked "do you currently posses top secret security clearance?" to which I have to answer "no" because I don't. The job posting didn't indicate it was required (not to mention that friends of mine that work for another very well known defense contractor indicated that they often hire people that don't already have it, but can obtain it) but the application was very quickly changed to "no longer under consideration". Granted I don't know that the security clearance question was the reason, but it did seem to be too quick of a turn around for a human to have reviewed the app.
Here's an example of a DHS job that, if I'm reading it right, I can't apply for: https://www.linkedin.com/jobs/view/636450604
Here's an example of a defense contractor position (entry level, yet requires experience) that I would apply to but seems to demand existing clearance: https://www.linkedin.com/jobs/view/633418374
FYI- my 15-second bio is:
10+ years Healthcare IT manager (at the same agency), BS Information Technology, CISSP, Security+ and a bunch of other less relevant certs, leadership and management experience, hands-on experience with pretty much everything (small IT department).
Mark,
Looking at the DHS government position that you posted, you definitely need some help applying for jobs. Please message me privately if you'd like some assistance in finding the right job. Some notes on the government job you posed:
First, it’s a GS-13. This is typically a pay grade level for a supervisor or a senior government official with someone that has existing government administrative experience in addition to the technical skills of the career field. You would be hard pressed to be able to successfully compete for this job against applicants that are internal government employees.
Government-entry-level for this career field is typically GS-11 or below. I’ve seen folks that were government contractors in the same type of job, or military veterans go in directly at the GS-12 level. Going into government any higher than this is extraordinarily rare unless you were military at an equivalent rank doing the same job. So you're looking at GS-13 applicants that are experienced GS-12's or are military Majors or Lieutenant Commanders or higher that are going to do nearly the exact same job that they did in the military.
Second, this is an SCI Security Officer - in other words this is "Information Security" not "Information Technology Security". SCI stands for Specially Compartmented Information and is somewhat considered a higher sub-level of Top Secret. It's also a Technical Security Officer which basically means you'll likely have needed prior experience as a Counterintelligence Agent or conducting Technical Surveillance Countermeasures.
The next thing is concerning your security clearance. The security clearance process costs money and a lot of time. You’re more likely to get your security clearance through applying to a government civilian position, or for example joining the military reserves or national guard. Contractors generally hire people leaving military service who have a recently inactive clearance that can be quickly “turned back on” or folks with government experience that are looking to raise their pay cap and already have a clearance.
If this is really the direction you want to go and quickly, go to the USAJOBS.GOV human resources site and browse jobs in the 2210 series at a maximum of GS-11. There are a few open recruiting positions for INFOSEC in the 2210 series… but I doubt you’ll get offered a GS-13 off the bat.
Thanks again @Baechle- My intention was to stay in the private sector (unless a great opportunity in the public sector was available and I was qualified for it) and from what I've seen, there isn't much related to the CISSP in my intended area that is open to the public and is GS-11 or below (in fact, there was only about 3 jobs in the entire country). I'd ideally like to remain in the healthcare sector and there seems to be some good job prospects in that area in Florida. I think the barriers I'm facing so far are applying from a distance (out of state address) and a resume that isn't as security accomplishment focused as it should be (which I'm currently working on).
Again- thank you very much for the assistance and certainly if you have any other advice that might help, I'll gladly accept it!
Mark,
Try using this search instead.
There are quite a few direct-hire authorities and open recruitment positions covering Florida. Some of them are INFOSEC but require a lesser qualification (e.g. SSCP or Security+). It makes sense, because you generally don't start seeing the requirement for CISSP until you reach management (that GS-13 we were talking about).
This at least gets your foot in the door.
> I think one of the issues I have is not being able to sell myself very well...
I don't sell myself at all. I hate sales.
I think one thing which does help with my candidacy is how much work I put into my resume and preparation.
My resume is a collection of small narratives or stories about my accomplishments. I don't have any lengthy bulleted lists in my resume. I have a general resume but I'm sure to tailor one specifically to a req in which I'm interested.
I tell this to people all the time. I've been flamed for it in these forums. But make no mistake, relevant experience counts!
MAKE SURE YOUR resume DIRECTLY communicates relevant experience!!!
I think there's this perception out there (not for you, just speaking in the 2nd person) that folks think they get their CISSP and people should throw rose petals at their feet. It doesn't work that way -- at least in the private sector; again the heat map backs that up I believe.
1. The goal of a business is to make money.
2. Tell the company, through your resume, how you're going to help them make money.
3. Watch the offers roll in.
Yes, having a BS, a MS, a CISSP, yada yada yada helps you pass the audit of getting your foot in the door. But if the company is worth their salt, that alone is NOT why they would extend you an offer.
Perhaps that perspective will help you in your search. 🙂