I am looking to do CISSP associate certification. I have some networking knowledge and have not worked or studied the Cyber Security. But I am more interested into the Governance, Risk, Compliance aspects after doing CISSP.
Is it worth it? to do CISSP with no experience now?
How should I approach it
CISSP is a reasonable option, albeit you will not be awarded as CISSP for lack of experiences
There are various ways to gain security experiences, such as volunteering at local organizations like churches or schools, or at your own workplace.
Another possible way to get credentials on security is to take online college courses to earn a degree. There are many 'low-cost' but fully accredited online programs. With a degree, you can knock open quite a few doors, as companies are constantly looking for security professional, and the demand is growing.
Best of luck,
Without any experience you might want to consider the SSCP. The SSCP is an entry level certification and would get your foot in the door.
You might also want to consider taking some college courses in Security.
I know some colleges/universities allow you to audit a course at little to no cost and this might allow you to determine if the field is of interest.
Thanks for the replies.
In order to go into the Governance, Risk, Compliance do I need the practical knowledge too?
I have done my bachelors in Computer Science and Masters in Software Engineering.
I am looking into cissp for entering in risk, compliance, sort of roles in the organizations.
would it help? if I get associate of ISC2 (with CISSP)
an alternate thing I am considering is to do the CCNA Security and then work as Network Engineer or similar in an organization. I am currently working in IT Support department of a big company in Australia. I do work with routers, switches, etc. to an extent even now. So maybe taking the route of CCNA Security certification and then working in that field is better to gain experience and then probably I can do SSCP and other security certs once I'm in network engineering role.
Please guide what path should I take?
> kanwaldaud (Viewer) posted a new reply in Certifications on 03-01-2019 06:38 PM
> In order to go into the Governance, Risk, Compliance
> do I need the practical knowledge too?
Definitely. Maybe more so than in a strictly technical role. You need to know which policies help and which hinder, and how to craft and tune policies for your particular enterprise. And that, basically, only comes with experience. (I was sitting in a meeting yesterday where the presenter was trying to teach some of the points of risk analysis, and one attendee was basically asking "what book/checklist do I read to cover all situations." I finally had to tell her, look, this is all, still, generally more art than science at this point ... )
I'd advise that you do not waste time and money pursuing the CISSP. You might be a very intelligent individual who has had a lot of success in academia or have gotten high marks on tests. However, the CISSP is awash with very ambiguous scenarios that tests your security experience.You'd need to not only know an answer, but you'd have to know the BEST answer; and with no experience, that's a pretty high mountain to climb. There are a lot of avenues for you to tread to lead up to the CISSP. Enjoy the journey.
Just my opinion.
I come by this latter post after reading your initial post. Having an undergraduate and graduate degrees in computer science are worthy accomplishments. However, you seem to be all over the place in deciding what you want to do. Completing a CCNA is not going to move the needle at all if your interests are GRC. Pursue your career in software engineering, or just simply go right into management. But you seem to be at the cross roads of sorts. You must make a decision.
@kanwaldaud @It’s unusual for someone to rush toward GRC with such single mindedness.
I think if you want to start off you should look to roles around system audit, administration, flaw remdiation( get into an old school operations team) or a new school DevOps/DevSecOps role, Work on a security team - as you get more familiar with the things you need to do, and you work out how quickly parches can be fixed, you will tread the fine line between safety and velocity. Privacy teams are getting traction these days as well - especially privacy engineering.
If you’re still keen on GRC after a few years of this in a company then, assuming it’s not changed beyond recognition, you would likely have an excellent appreciation of risk, threat and impact be a good candidate for a role in GRC - of course by that stage, you may not want to do it...