I need advice regarding CISSP, I'd really appreciate your kind advice on it. Here's my background:
I have a master degree in CS and took a courses in network security and computer security. I've 7 years of full time work experience as a software development and database administrator. My only work experience in the security is to build the user management system (authentication and user access controls), as well as using standard security practices on the server and databases.
Now I would like to change my career from software development to the IT security. I have read some of CISSP related material and I find it very interesting.Therefore I'm seriously considering this certification.
Will CISSP certification help me to get my career in the security field? Or will it just look strange at my resume considering my background?
Thank you for any suggestions.
A few weeks ago I wrote a lengthy post to @ISTREDD concerning his interest in the CISSP accreditation. Most of that post was an attempt to answer his specific questions, and may not be relevant to you. With that said, kindly consider this extract of my answer to his question:“What other certs do you recommend in order to secure a high paying job?”
"My advice to anyone considering pursuit of this—or any other—certification is to stop for a moment and think.
These are some of the many areas of cybersecurity, and your answers will guide you toward the most applicable training and certifications to pursue.
@denbesten invited you to look at the Systems Security Certified Practitioner (SSCP), and I agree with him. According to (ISC)2 this pertains to the realm of “Security administration.” In comparison the CISSP is a “leadership and operations” certification. I’ve seen Generals, Admirals and civilian CEOs and COOs take the boot camp to get the CISSP, alongside technicians, engineers, system admins, and some weird people who wander in from the street, lured by the smell of coffee and croissants while looking for a public restroom. All may benefit from having such a highly regarded certification, but it may not be the best application of a person’s time and money.
I don’t want to discourage you from pursuing the CISSP, but if you do, kindly consider a piece of advice I share with the folks working for me. “Wear the CEO hat” when studying or taking the exam. Ben Malisow exhorts his students not to “buy a $10 lock for a $5 bike.” A security guy might want the $10 lock because it is the most secure, but the business guy, the CEO, may not consider it a sound investment to protect the bike, which is a $5 asset. Many of the exam questions will ask, “What is the best…?” or “what is the most …?” correct answer, meaning that more than one answer may be technically correct, but it may not be the best choice for the situation described.
The CISSP is the sexy one, the one that folks talk about. The other certs don’t carry quite the cachet but may be more appropriate for the job you’re doing or want to do. It also doesn’t hurt to have other certs to backup or round out the CISSP. Do you prefer working with risk management, such as the Risk Management Framework (RMF), as part of a good cybersecurity compliance program? If so, attaining the credential of a Certified Authorization Professional (CAP) might be a better choice.
Would you like to focus on cloud security? Consider becoming a Certified Cloud Security Professional (CCSP). I passed the exam for this in October 2018 and have been undergoing the endorsement process for the last 10 weeks, I should be getting the confirmation email any day now.
I don’t know what your definition of a “high paying” job is. Many people in the DC area define six-figure salaries as middle class, but it’s all relative. This is an awfully expensive area. The median household income where I live (in a suburb of DC) is $130K and some change. That’s a good income but it’s the median, so it sits right in the middle of the bell curve, neither high nor low. I encourage people to come into this profession for the reason you stated, “…I know this is a Career Field I would love to continue once I retire…” While there can be substantial financial remuneration, if money is your primary motive, there are other professions that pay better.
Regardless, I hope you’ll find a useful nugget or two in here, please feel free to write to me directly with further questions."
If you're really bored, you can read the rest of my post here: Mentor Needed.
Will CISSP help you in cybersecurity field? I think another question need to be addressed is "what job/role do you want in cybersecurity"? You have the experience in software development and database administration which is great. However if you wish to get CISSP and switch into SOC Analyst I would say no...that's not gonna be as helpful. With your combination of proof of solid understanding in cybersecurity and experience in software development and database, you should find something that will put them in good use. Maybe audit? Or security consultant specialize in software development and database?
ya, it's weird and doesn't make much sense but......it's happening now.
Several people already told me "I want to take CISSP exam and get into cybersecurity!" Why? Because it make more money, it's better than the job they have, it's cool/hot field right now......and the best part? The exam is free for them because it will be reimbursed either by company or school. So they ignore my advise about SSCP, their eyes set on CISSP, even though they lack experience and some of them not even in the IT field. One of my friend is an underwriter. Just when I thought he want to take cybersecurity certification in order to get into field such as cybersecurity insurance (which is closer match to his previous experience), he told me he want to take CISSP and do penetration testing.