Reply to: Cissp

Depends what you do. If you want to be techie you can. If you don't then there is always audit, governance, compliance and other roles of that nature...

I have considered doing it, I am a technical architect and am currently doing a PCI: DSS compliance roadmap at my current gig.

I suspect there will be a lot of PCI: DSS gig's over the next few years so this I think might be useful.

Does anyone on here do security stuff? Do you need to be particularly techie to do these roles?

I'm currently doing infrastructure PM roles but am thinking it may be a good idea to expand my repertoire.

Then again, maybe this will confuse the pimps?

Getting it won't turn you into a 'security expert'. What having it will do however is increase your chances of getting through a recruiter's keyword filter.

I do a lot of work in system security and the fact is that lots of PHBs ask for CISSP without having a clue about it. So, it's on my CV and will stay there. If you do a normal amount of study & retraining (which as a professional you do as a matter of course... ) then keeping it is no problem at all.

Doing it soon purely as a foot in the door exercise. Met some right clueless fools with it though so don't personally hold it in high regard.. few friends have let it lapse due to the hassle factor of keeping it too..

But if it gets me my next gig then great..

Yeah true but employers certainly are never that objective. If they ask for it better to have it I suppose. In my opinion there is nothing technical about it, more security management.

Borrowed an older copy of that book, before they rejigged the sections. Spent a week or two after christmas having a read through that. Did a few tests from cccure.org and interestingly failed most of them.

I think the point I wanted to make was that this is not the be all and end all of security. In fact, I'm not sure where to position it these days. There are better certs out there to show technical ability (GIAC for example), there are better certs out there for security management (CISM), so apart from being a differentiator for those who have minimal experience, I'm failing to see the point of it.

As you can tell, I'm very cynical about the CISSP being the 'premier' security certification and only did it because I'm taking some time out and thought it constructive use of my time.

Doing it myself ratewhore, what resources did you use? I have the latest 'CISSP all in one' by Shon Harris.

Hoping for the 17th May in Brussels.

Nearly didn't make it to the exam. Big night out the night before and turned up hungover. Lost interest after 30 minutes and lost the will to live after an hour. Just couldn't be bothered so in and out within 2 hours.

Just got my email telling me I have passed!! I think that is a reflection of the level of the exam rather than my own exceptional skills...

Depends what you are after. A lot of the meatier security related contracts have it as a non-negotiable requirement. I'm planning on doing it myself when I get a break to fit it in.

I don't really rate it but, as I'm in the middle of a sabbatical, I thought I'd knock it our purely to help land gigs (and that's what it's all about in the end). I have the exam booked next month and I'm doing a bit of light reading to prepare - not that I'm bothered if I fail of course, I've managed without it so far...

Got it 5 years ago and to be honest has made no difference. This is one exam that though long was easy to pass with just book reading and test exams.


Keeping it valid is a pain so I've let mine expire.