CISSP
CISSP, Certifications
How does CISSP compare for industry acceptance against other certs ? And is the valueo fthe CISSP increasing or decreasing in IT market. Question
CISSP, Certifications
How does CISSP compare for industry acceptance against other certs ? And is the valueo fthe CISSP increasing or decreasing in IT market. 
Subscribe to Alerts! Get questions and answers delivered to your Inbox.
Answer Wiki (Improve, edit or add to this answer)
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
The IT certifications in general and the CISSP in particular are discussed in numerous blogs and articles (ex: http://securecyber.blogspot.com). This certification became a de-facto standard for the Information Security field, the same way as MCSE became a standard for Microsoft certified professionals.
I don't want to speculate or repeat the widely expressed statements about the value of the CISSP certification. I just share my experience with it.
The main difference is that the CISSP certified professional is not necessarily the person who can configure the firewall. We are talking about the security standards, policies, risk management, cryptography, etc. It's not the certification of hands-on expertise but rather general knowledge of entire security industry (2 miles wide and 2 inches in a depth).
While I have about 8 years of hands-on experience in IT security (firewalls, IDS, UNIX, Win2003 security, PKI, secure desktop), I found that with my CISSP I cannot find the appropriate job - my certification is not enough! To be exact, my particular security skills do not match to the most of the job positions where the CISSP is required. In addition to the CISSP, most of the employers are asking for 2-3 years of experience working with policies, NIST and other standards, the same number of years as an Auditor, or risk model investigator/designer.
Yes, this certification is highly respected. Yes, it's valuable addition to your resume IF and only IF you have been working not as hands-on security professional but rather as a manager or auditor. If you will hear other opinions that negate mine, think again. Since March 2007, I did not find even one position in Baltimore, MD area where this certification would fit taking into account my skills.
I am not hugely upset, however. While preparing myself to the exam, I expanded my horizon, learned many new topics, and became more well-rounded. In addition, I have the same expert knowledge in Web Design and LAN/WAN area, so I have the place to apply my skills. But my 4 months of efforts to become the CISSP do not pay off as I expected and as it is described on the web.
(ISC)2 successfully marketed the CISSP certification to the degree that DoD made this cert as a requirement for those who protect the DoD networks. I'd say that the value is slowly growing (at least in accordance to the marketing efforts), but it does not bring the result you may expect...
Browse more Questions and Answers on Security and Networking.
Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.
Discuss This Answer
You must be logged-in to discuss a question. Log-in/Register
Wrobinson | Dec 11 2007 10:20PM GMT
Great job, Zbatia!
The key take away here is that the CISSP exam shallowly covers a broad CBK. There are a number of other certifications in this space but the CISSP is the de facto standard. Its purposes is to establish a baseline of knowledge and understanding among those certified in computer information systems security in terms of policies, procedures, principles and practices. It is not, however, a good indicator of hands-on experience or capability. In this way, it is kind of like money: it isn’t the best measure of success but unfortunately and generally speaking, it is for all intents and purpses, the only one we have.
