cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kanwaldaud
Viewer

CISSP associate with no experience

hi guys,

 

I am looking to do CISSP associate certification. I have some networking knowledge and have not worked or studied the Cyber Security. But I am more interested into the Governance, Risk, Compliance aspects after doing CISSP.


Is it worth it? to do CISSP with no experience now?

 

How should I approach it

8 Replies
Chuxing
Community Champion

@kanwaldaud 

 

CISSP is a reasonable option, albeit you will not be awarded as CISSP for lack of experiences

 

There are various ways to gain security experiences, such as volunteering at local organizations like churches or schools, or at your own workplace.

 

Another possible way to get credentials on security is to take online college courses to earn a degree. There are many 'low-cost' but fully accredited online programs. With a degree, you can knock open quite a few doors, as companies are constantly looking for security professional, and the demand is growing.

 

 

Best of luck,

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
dcontesti
Community Champion

Without any experience you might want to consider the SSCP.  The SSCP is an entry level certification and would get your foot in the door.

 

You might also want to consider taking some college courses in Security.

 

I know some colleges/universities allow you to audit a course at little to no cost and this might allow you to determine if the field is of interest.

 

Regards

 

Diana

 

rslade
Influencer II

> kanwaldaud (Viewer) posted a new topic in Member Support on 03-01-2019 08:46 AM

>   I am looking to do CISSP associate certification.

OKaaaayyyy, I think you have some misapprehensions.

To get a CISSP certification, you need experience.

If you can pass the CISSP exam, but don't yet have the necessary experience, then
you get the "Associate of ISC2" designation until you can get the experience.

> I have some
> networking knowledge and have not worked or studied the Cyber Security.

If you hven't done or studied any information security stuff, then it is extremely
unlikely you can pass the exam.

> But I am
> more interested into the Governance, Risk, Compliance aspects after doing CISSP.
> Is it worth it? to do CISSP with no experience now?   How should I approach it

Right.

Read "Security Engineering," by Ross Anderson.

Search for the word "study" on this site, and read those topics.

(Maybe search for the word "Anderson," too.)

Then come back and we can give you more tips ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Puritanism: The haunting fear that someone, somewhere may be
happy. - H. L. Mencken
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
kanwaldaud
Viewer

Thanks for the replies.

 

In order to go into the Governance, Risk, Compliance do I need the practical knowledge too?

 

I have done my bachelors in Computer Science and Masters in Software Engineering.

 

I am looking into cissp for entering in risk, compliance, sort of roles in the organizations.

 

would it help? if I get associate of ISC2 (with CISSP)

 

an alternate thing I am considering is to do the CCNA Security and then work as Network Engineer or similar in an organization. I am currently working in IT Support department of a big company in Australia. I do work with routers, switches, etc. to an extent even now. So maybe taking the route of CCNA Security certification and then working in that field is better to gain experience and then probably I can do SSCP and other security certs once I'm in network engineering role.

 

Please guide what path should I take?

 

Regards,

rslade
Influencer II

> kanwaldaud (Viewer) posted a new reply in Certifications on 03-01-2019 06:38 PM

 

>   In order to go into the Governance, Risk, Compliance
> do I need the practical knowledge too?

 

Definitely. Maybe more so than in a strictly technical role. You need to know which policies help and which hinder, and how to craft and tune policies for your particular enterprise. And that, basically, only comes with experience.  (I was sitting in a meeting yesterday where the presenter was trying to teach some of the points of risk analysis, and one attendee was basically asking "what book/checklist do I read to cover all situations." I finally had to tell her, look, this is all, still, generally more art than science at this point ... )


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Lamont29
Community Champion

I'd advise that you do not waste time and money pursuing the CISSP. You might be a very intelligent individual who has had a lot of success in academia or have gotten high marks on tests. However, the CISSP is awash with very ambiguous scenarios that tests your security experience.You'd need to not only know an answer, but you'd have to know the BEST answer; and with no experience, that's a pretty high mountain to climb. There are a lot of avenues for you to tread to lead up to the CISSP. Enjoy the journey.

 

Just my opinion.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Lamont29
Community Champion

I come by this latter post after reading your initial post. Having an undergraduate and graduate degrees in computer science are worthy accomplishments. However, you seem to be all over the place in deciding what you want to do. Completing a CCNA is not going to move the needle at all if your interests are GRC. Pursue your career in software engineering, or just simply go right into management. But you seem to be at the cross roads of sorts. You must make a decision.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Early_Adopter
Community Champion

@kanwaldaud @It’s unusual for someone to rush toward GRC with such single mindedness.

 

I think if you want to start off you should look to roles around system audit, administration, flaw remdiation( get into an old school operations team) or a new school DevOps/DevSecOps role, Work on a security team - as you get more familiar with the things you need to do, and you work out how quickly parches can be fixed, you will tread the fine line between safety and velocity. Privacy teams are getting traction these days as well - especially privacy engineering.

 

If you’re still keen on GRC after a few years of this in a company then, assuming it’s not changed beyond recognition, you would likely have an excellent appreciation of risk, threat and impact be a good candidate for a role in GRC - of course by that stage, you may not want to do it...