5 pts.
How does CISSP compare for industry acceptance against other certs ? And is the valueo fthe CISSP increasing or decreasing in IT market.

Answer Wiki

Thanks. We'll let you know when a new response is added.

The IT certifications in general and the CISSP in particular are discussed in numerous blogs and articles (ex: This certification became a de-facto standard for the Information Security field, the same way as MCSE became a standard for Microsoft certified professionals.

I don’t want to speculate or repeat the widely expressed statements about the value of the CISSP certification. I just share my experience with it.

The main difference is that the CISSP certified professional is not necessarily the person who can configure the firewall. We are talking about the security standards, policies, risk management, cryptography, etc. It’s not the certification of hands-on expertise but rather general knowledge of entire security industry (2 miles wide and 2 inches in a depth).

While I have about 8 years of hands-on experience in IT security (firewalls, IDS, UNIX, Win2003 security, PKI, secure desktop), I found that with my CISSP I cannot find the appropriate job – my certification is not enough! To be exact, my particular security skills do not match to the most of the job positions where the CISSP is required. In addition to the CISSP, most of the employers are asking for 2-3 years of experience working with policies, NIST and other standards, the same number of years as an Auditor, or risk model investigator/designer.

Yes, this certification is highly respected. Yes, it’s valuable addition to your resume IF and only IF you have been working not as hands-on security professional but rather as a manager or auditor. If you will hear other opinions that negate mine, think again. Since March 2007, I did not find even one position in Baltimore, MD area where this certification would fit taking into account my skills.

I am not hugely upset, however. While preparing myself to the exam, I expanded my horizon, learned many new topics, and became more well-rounded. In addition, I have the same expert knowledge in Web Design and LAN/WAN area, so I have the place to apply my skills. But my 4 months of efforts to become the CISSP do not pay off as I expected and as it is described on the web.

(ISC)2 successfully marketed the CISSP certification to the degree that DoD made this cert as a requirement for those who protect the DoD networks. I’d say that the value is slowly growing (at least in accordance to the marketing efforts), but it does not bring the result you may expect…

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Wrobinson
    Great job, Zbatia! The key take away here is that the CISSP exam shallowly covers a broad CBK. There are a number of other certifications in this space but the CISSP is the de facto standard. Its purposes is to establish a baseline of knowledge and understanding among those certified in computer information systems security in terms of policies, procedures, principles and practices. It is not, however, a good indicator of hands-on experience or capability. In this way, it is kind of like money: it isn't the best measure of success but unfortunately and generally speaking, it is for all intents and purpses, the only one we have.
    5,625 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: