cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sky1
Viewer

Will CISSP help me? Please advise.

I need advice regarding CISSP, I'd really appreciate your kind advice on it. Here's my background:

I have a master degree in CS and took a courses in network security and computer security. I've 7 years of full time work experience as a software development and database administrator. My only work experience in the security is to build the user management system (authentication and user access controls), as well as using standard security practices on the server and databases.

Now I would like to change my career from software development to the IT security. I have read some of CISSP related material and I find it very interesting.Therefore I'm seriously considering this certification.

 

Will CISSP certification help me to get my career in the security field? Or will it just look strange at my resume considering my background?

Thank you for any suggestions.

5 Replies
rslade
Influencer II

> sky1 (Viewer) posted a new topic in Member Support on 01-12-2019 12:57 PM in the

>   Will CISSP certification help me to get my career in the
> security field? Or will it just look strange at my resume considering my
> background?

I got my Masters before I got my CISSP. It won't hurt or look weird.

Read "Security Engineering" by Ross Anderson. Also some of the stuff from the
management section at http://victoria.tc.ca/int-grps/books/techrev/mnbksccd.htm
I'd recommend "Effective Security Management", by Charles A. Sennewald
http://victoria.tc.ca/int-grps/books/techrev/bkefscmn.rvw

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Why not go out on a limb? Isn't that where the fruit is?
- Frank Scully
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CyberLead
Contributor I

@sky1,

 

     A few weeks ago I wrote a lengthy post to @ISTREDD concerning his interest in the CISSP accreditation.  Most of that post was an attempt to answer his specific questions, and may not be relevant to you.  With that said, kindly consider this extract of my answer to his question:“What other certs do you recommend in order to secure a high paying job?”

 

"My advice to anyone considering pursuit of this—or any other—certification is to stop for a moment and think.

 

  • Think about yourself, are you the type of person who’d want to lead a cybersecurity program, or follow the leadership of another?

 

  • Think about your career goals, do you want to be in a managerial role, dealing with business strategies, budgets, and organizational politics, or would you be happier working with the technologies, the processes, and applying tactics in the cyberwarfare battlespace, either offensively or defensively?

 

  • Think about your personal life, and perhaps your family. Do you want to work in a Security Operations Center, that’s manned 24/7/365, with the toll that takes on health and families, or would you prefer the stabler worlds of cybersecurity compliance, cybersecurity policy, or testing?

 

  • Think about your strengths and weaknesses, along with your personal interests, the things that light a fire in your soul. Do you want to investigate things, perform forensics, test new or existing technologies, work in a lab, develop new types of encryption, or teach others how to be secure?  Would you prefer to focus on protecting Information Technology (IT), Operational Technology (OT), Cloud technology, or some combination of these?

 

  • Think about your financial goals and requirements. Does the idea of a steady paycheck and benefits appeal to you?  If so, working for a private company or government agency may be the best choice for you.  If you’re willing to risk dry spells without a paycheck (admittedly rare and brief these days) and go without paid vacations, or sponsored insurance, but with high billable rates that are double or triple the typical W-2’s, then consulting may be the way to go.  It takes years to build up a client base, and may involve a lot of travel, but depending upon your personal values, the payoff may be enough to justify it...and you get to meet some really cool people and travel to really neat places Smiley Happy

 

These are some of the many areas of cybersecurity, and your answers will guide you toward the most applicable training and certifications to pursue.

 

@denbesten invited you to look at the Systems Security Certified Practitioner (SSCP), and I agree with him.  According to (ISC)2 this pertains to the realm of “Security administration.”  In comparison the CISSP is a “leadership and operations” certification.  I’ve seen Generals, Admirals and civilian CEOs and COOs take the boot camp to get the CISSP, alongside technicians, engineers, system admins, and some weird people who wander in from the street, lured by the smell of coffee and croissants while looking for a public restroom.  All may benefit from having such a highly regarded certification, but it may not be the best application of a person’s time and money.

 

I don’t want to discourage you from pursuing the CISSP, but if you do, kindly consider a piece of advice I share with the folks working for me.  “Wear the CEO hat” when studying or taking the exam.  Ben Malisow exhorts his students not to “buy a $10 lock for a $5 bike.”  A security guy might want the $10 lock because it is the most secure, but the business guy, the CEO, may not consider it a sound investment to protect the bike, which is a $5 asset.  Many of the exam questions will ask, “What is the best…?” or “what is the most …?”   correct answer, meaning that more than one answer may be technically correct, but it may not be the best choice for the situation described.

 

The CISSP is the sexy one, the one that folks talk about.  The other certs don’t carry quite the cachet but may be more appropriate for the job you’re doing or want to do.  It also doesn’t hurt to have other certs to backup or round out the CISSP.  Do you prefer working with risk management, such as the Risk Management Framework (RMF), as part of a good cybersecurity compliance program?  If so, attaining the credential of a Certified Authorization Professional (CAP) might be a better choice.

 

Would you like to focus on cloud security?  Consider becoming a Certified Cloud Security Professional (CCSP).  I passed the exam for this in October 2018 and have been undergoing the endorsement process for the last 10 weeks, I should be getting the confirmation email any day now.

 

I don’t know what your definition of a “high paying” job is.  Many people in the DC area define six-figure salaries as middle class, but it’s all relative.  This is an awfully expensive area.  The median household income where I live (in a suburb of DC) is $130K and some change.  That’s a good income but it’s the median, so it sits right in the middle of the bell curve, neither high nor low.  I encourage people to come into this profession for the reason you stated, “…I know this is a Career Field I would love to continue once I retire…”  While there can be substantial financial remuneration, if money is your primary motive, there are other professions that pay better. 

 

Regardless, I hope you’ll find a useful nugget or two in here, please feel free to write to me directly with further questions."

 

If you're really bored, you can read the rest of my post here: Mentor Needed.

 

 


Lloyd Diernisse

ISC2 Authorized Instructor and Learning Tree International Certified Instructor
Lean Six Sigma Black Belt | CISSP-ISSMP | CCSP | CGRC | PMP | TBM | CSM | CMMI-A | ITIL-Fv3
sergeling
Contributor I

Will CISSP help you in cybersecurity field? I think another question need to be addressed is "what job/role do you want in cybersecurity"? You have the experience in software development and database administration which is great. However if you wish to get CISSP and switch into SOC Analyst I would say no...that's not gonna be as helpful. With your combination of proof of solid understanding in cybersecurity and experience in software development and database, you should find something that will put them in good use. Maybe audit? Or security consultant specialize in software development and database?

rslade
Influencer II

> sergeling (Newcomer II) posted a new reply in Member Support on 01-13-2019 10:12

> Will CISSP help you in cybersecurity field? I think another question need to be
> addressed is "what job/role do you want in cybersecurity"?

Oh, it gets weirder than that.

The CISSP exam helped me a lot. I came from a really strange background, and I
was doing really strange consulting. My background was pretty unique, and I was
starting to wonder whether I really knew what I was talking about when I was
giving advice. So I took the exam. Passing it proved (to me) that I *did* know
what I was talking about. It was good for self-confidence.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
You read my sigquote.
That's enough social interaction for one day.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
sergeling
Contributor I

ya, it's weird and doesn't make much sense but......it's happening now. 

 

Several people already told me "I want to take CISSP exam and get into cybersecurity!" Why? Because it make more money, it's better than the job they have, it's cool/hot field right now......and the best part? The exam is free for them because it will be reimbursed either by company or school. So they ignore my advise about SSCP, their eyes set on CISSP, even though they lack experience and some of them not even in the IT field. One of my friend is an underwriter. Just when I thought he want to take cybersecurity certification in order to get into field such as cybersecurity insurance (which is closer match to his previous experience), he told me he want to take CISSP and do penetration testing.