Value of CISSP?

BobSutan

BobSutan

[H]F Junkie
Joined
Apr 5, 2000
Messages
12,133
I've been working in and around network security a few years now and I'm thinking about sitting the CISSP exam. My biggest question is 'is it worth it'? Its not a cheap test, and the test prep won't be without a degree of cost as well. The key thing here is that I'm not calling out to those that got the cert because they were otherwise barred from a particular position. I'm speaking to those that are already on the job and who went out and got the cert. Bottom line, how much, if any, did your salary increase once you passed the exam?
 
From what I have heard CISSP is a top of the line cert. You need a few years experience and/or a college degree. No newb's are taking this one. It covers 10 domains and is more geared to the management, upper-level guys. Not so much technical as it is more about expected practices and security procedures.

I always thought CISSP would be a cert a company would pay for you to obtain (it's not cheap) and would say upfront that if you got it that they would pay you more and help you move up the company.

Doesn't everything come down to how much more will I be paid?
 
our job is requiring us to get this cert so soon hope to get it paid for and pass it. Yes it is not for n00bs.
 
DragonNOA1 said:
From what I have heard CISSP is a top of the line cert. You need a few years experience and/or a college degree. No newb's are taking this one. It covers 10 domains and is more geared to the management, upper-level guys. Not so much technical as it is more about expected practices and security procedures.

I always thought CISSP would be a cert a company would pay for you to obtain (it's not cheap) and would say upfront that if you got it that they would pay you more and help you move up the company.

Doesn't everything come down to how much more will I be paid?
Click to expand...

I wouldn't say top of the line. A book savvy person (who knows nothing about computers) can easily pass this test. It's the fundamental flaw with certifications that don't require a practical and/or lab to verify you actually know something other than statistical data. But other than that, very well put. It's basically for upper management to speak intelligently instead of spewing crap :p It's a very non-technical exam, but requires you to know a lot of miscellaneous information (i.e. what pounds per square foot can a x size tile with cement reinforcement center hold).

If you're trying to go management, go for the CISSP. If you're going technical, try some of the SANS/GIAC certs (even though the screwed us who actually had to work for them by taking practical). Their value is going down somewhat, but still is as good of a "baseline" for hiring/recruiters that are cert hungry as you can come by.
 
RokleM said:
If you're trying to go management, go for the CISSP. If you're going technical, try some of the SANS/GIAC certs (even though the screwed us who actually had to work for them by taking practical). Their value is going down somewhat, but still is as good of a "baseline" for hiring/recruiters that are cert hungry as you can come by.
Click to expand...

I would agree with you, but unfortunately that's not how it usually pans out. Most employers seem to want the CISSP because of its "status", not because its appropriate for the duties one would perform. If that was teh case, firewall admins would be required to have the SANS/GAIC/vender specific certs instead. From what I've heard in the office, to some degree the former is the case where I now work. Although if you get any cert they equate that to x years experience. If you need say 13 or more year xp for a position, but you've only got 8 years plus 4 certs, well, depending on how many years xp each cert is "valued at" (aka what its worth), you may be "qualified" for that position. Stranges things are an HR person's mind.
 
BobSutan said:
I would agree with you, but unfortunately that's not how it usually pans out. Most employers seem to want the CISSP because of its "status", not because its appropriate for the duties one would perform. If that was teh case, firewall admins would be required to have the SANS/GAIC/vender specific certs instead. From what I've heard in the office, to some degree the former is the case where I now work. Although if you get any cert they equate that to x years experience. If you need say 13 or more year xp for a position, but you've only got 8 years plus 4 certs, well, depending on how many years xp each cert is "valued at" (aka what its worth), you may be "qualified" for that position. Stranges things are an HR person's mind.
Click to expand...

I agree and not at the same time ;) Having just gone through the process again for the first time in four or so years, the present market in my area is using them similar to what you said. They don't necessarily translate X cert to X years of experience. They seem to be using them as initial weed-out for new employees. This makes sense, but none at the same time. I don't have a lot of time to go do certs, nor do many of them actually give you anything in return. I had a number of people contact me for jobs, wanting to know if I had X cert so I could start their interview process. On numerous occasions I told them no I didn't, and if that was what they were basing their hiring process off of, then I didn't want to join them since they didn't know what the heck they were doing anyway. The same goes for "you need X" years of experience. So "Joe Bob" that worked for a dead-end company and basically occupied a cube for 15 years has more knowledge than a 5 year old employee at an incredibly active company that invests frequently in infrastructure? I think not, but this is the simple logic a lot of HR groups in places are using! This got me plenty of confused looks and comments. But I guess that's what happens when you have HR trying to do hiring for technology they don't understand and a job function they certainly can't follow.

Long story short, experience is what will get you a good job, but certs help in getting you past the brain-dead HR people who couldn't figure out what to do with their own lives ;) But hey, that's just my thought heh.
 
yes, it's worth it. CISSP's usually make anywhere between 10k and 20k more per year
 
Stang Man said:
yes, it's worth it. CISSP's usually make anywhere between 10k and 20k more per year
Click to expand...

Terrible generalization in my opinion, and horrible motivation when trying to convince someone to advance their knowledge. Employer's are going to go, "ya know, we were going to offer you 75k, but since you have your CISSP, we're upping it to 95k!". No.

What you're seeing is the natural progression of things. As people get further into their careers, becoming more advanced in their field, so does their training. As you become more advanced, you tend to get paid more. Hence, the jobs and personnel that call for and attract the more specific skill set of that level, get paid more. Again, it gets you highlighted in the dozens (if not hundreds) of résumé's that a given company may get for a job posting. They however will not drastically change their pay grade because you have a couple more letters on your current email signature ;)

A good example, I bet you would be VERY hard pressed to find 2 identical job postings from the same company, one of which requires a CISSP and pays 10-20k more than the exact same job without it.

You just have to take things into consideration. It's like me saying, "QUICK, everyone move to Washington DC because all can get almost 75 to 100% raises over our current jobs!" Yeah, well if you did you would be a moron because the cost of living is almost double a lot of other places in the nation, you follow my drift?
 
You must log in or register to reply here.
Back
Top