Recently got my CISSP but when i look into the job market:
1. first of all I am clueless where to use this degree
2. Many places ask prior experience in specific security areas- like IDS, IPS etc
3. Many places want US citizen only to apply for some positions.
I have 19+ years of hands-on and networking background . I have 4 years of running federal certifications -FIPS,CC,USGv6,JITC for my company but nothing is working. I clearly have 5+ years of experience required in 2 of the domains mentioned.
What is going wrong here? Very minimal % of people are aware of CISSP but if they are aware they know its one of the toughtest but how to convert it into a job position. some asks for prior experience with COBIT, ITIL etc, some wants audit experience
one +ve thing to add, some of the recruiter did call based on CISSP but most of the jobs are in remote part of US and not in bay area. Is that the normal trend for CISSP jobs?
A CISSP is not a degree, but a certification. It certifies that you have a certain level of knowledge, and actually is more intended for senior level people. Most Infosec jobs I know above a certain level expect (sometimes require) a CISSP, but having a CISSP is no guarantee.
You need to after jobs that match your skills and experience. THESE are what companies are looking for. Certs, whether CISSP or any other, are used to weed out candidates, but its skills & experience they are looking for.
I would think the job market in the Bay area was hot. As you say you have hands on & networking experience, so would expect you'd be good for an infosec analyst or engineer role.
Would also recommend you network with local peers. This can help your job hunting. Look for local info meetings and groups like ISSA, ISC2, and some on. They may help you understand the kind of roles that best fit your skill set.
I think @emb021's advice is good. Find the local (ISC)2 and ISSA chapters, talk to folks to see what they have done.
Chapters allow you to network, etc.
There are three chapters in the SF Bay area:
Hopefully one of these is close to you and you can find some assistance.
The CISSP is the gold standard for certifications period. It will open many doors for you. It is up to you to decide which one to go through. If you are not getting the right calls then give your profile and resume a spring tune up. I wish you all the best in your career.
Being in a position to hire people here is what I saw in recruiting efforts.
1) People applying for jobs for which they totally lacked the required experience. Just because you have the CISSP certification DOES NOT mean that you are ready to configure firewalls, IF you have zero hands on experience doing so. It means that you would be able to help guide me in the selection of, define the purpose of, and help guide the use and placement of firewalls, but not necessarily be able to configure a rule set for one.
2) People applying for jobs that were a stretch for them based on their experience. If we said 5 years of experience, they applied with one or two years of experience. I know some candidates that were very eager learners who MIGHT could have performed OK (and it showed in their resumes) but most people who lack the amount of experience would struggle until they had learned through experience.
3) People that were overqualified for the experience. People have reasons for applying for positions that are downgrades from previous positions, but most employers would question the why and if the why was not a strong enough argument, the employer would wonder about the stability of the applicant and worried about them leaving once a better job opportunity presented itself.
Why did you get the CISSP? Did you think it would magically make you qualified for more jobs? A lot of people do, but understand that is not the purpose of the certification. It can help open job doors and I once got a position because I held the CISSP while the desired candidate did not (and didn't want to earn it).; however it is not a magical thing that once you get it people come running at you like paparazzi. Obtaining the CISSP shows that you have an amount of knowledge desired in the field of information security and have been successfully evaluated by a third-party as having obtained that knowledge.
If you only have experience in 2 of the domains, what are you doing to gain experience in the other domains? You need to work on obtaining that other domain experience if you want to expand your job opportunities. EVEN if you have to do it for free. Ask around. I often find plenty of INFOSEC jobs going undone because no one wants to step up and take on the additional tasks because they aren't getting paid OR they have too great of a fear of failure.
What does your home lab look like? I once got a job where I lacked the "official" full-time paid job experience, but had taken the time to set up a lab in my home with 3 servers, multiple computers (13 in all) and switching and routing. They pointed out my lack of paid experience and I told them that I had been obtaining the experience in my home lab and showed them a picture. They said "If you took the time to set that up and learn that on your own, I think you will be a good asset to our team." What else have you done since you passed the CISSP? If you are job hunting seriously, you need to be in continual self-improvement mode. Reading books, listening to podcasts, taking courses, etc. Show your potential employers that you love to learn, this will help overcome the lack of experience and show that you aren't afraid to learn new things.
What are you doing to improve your current position? I would take an applicant who only has a few years experience but is making big positive changes or actions to improve his/her current place of employment over someone who just came in, did what they were told, and then went home for 20 years. What you do at your current job speaks volumes about what you will do when I hire you. Look for opportunities to shine in your current job. I asked many applicants "What makes you different than the other applicants I am interviewing?" I want to hear how they are improving where they are (and hopefully they have improved their jobs at every employer they have been at and have a track record of doing so). I don't want to hear they are leaving because the job is boring or they aren't getting the opportunities they "deserve".
If places want specific experience with IDS/IPS, can you gain that at your current employer? Have you asked about job rotation, mentoring programs, job shadowing, cross-training opportunities, etc? If you can't get it where you work, can you find a way to do it at home? Or take a course at a school for it?
One of the things I did when climbing the job ladder was to look at job postings for jobs I would want someday but were not qualified for yet. I saw what the requirements were and sought out those opportunities to gain experience, again whether I was paid to do it or not. I wanted the experience now to get the pay later so I did a lot of stuff for free, volunteered, etc. and I became the go-to person for each of my bosses. My former bosses always spoke highly of me. Believe me, when I call an applicant's reference and they say "Yeah, they worked here." and that is all I get from them, I understand the hidden, unspoken meaning which is "They weren't the greatest employee. You don't want to hire them." If they were or are a great employee, I usually can't get the boss to shut up about them, and that tells me volumes about the applicant. So become very good at what you do, where you are, so that you become very desirable to the place you want to be. Look at jobs you want in the future in order to prepare yourself for them, then once you have gained the experience, apply for them. Keep looking down your career road and you can make it to the CISO's chair, if that is where you want to be.
Remember, CISSP is only a 'door-knocker' , NOT a pass ...
Congrats and best of luck,
> CISOScott (Community Champion) posted a new reply in Career on 03-29-2019 10:32
> Being in a position to hire people here are what I saw in recruiting efforts.
Saw all of that. Particularly:
> People applying for jobs for which they totally lacked the required experience.
> 2) People applying for jobs that were a
> stretch for them based on their experience.
One interesting observation: it got to the point where I much preferred to call in female candidates. No, no casting couch objectives here: I found that women were *much* more honest in their ressumes than men were. Guys often "padded" their experience: women almost never did. If a woman's resume said she had the experience, she did.