CISSP/Career Advice Needed

Viewing 12 reply threads
  • Author
    • #6714

      Hello all:
      I’m considering obtaining the CISSP Cert, and I’m trying to get ‘realistic’ advice concerning the opportunities/options that the CISSP would provide me.
      I’m 48 years old, and I’m asking for any (brutally honest) advice concerning the realistic options that I have for securing a career in I.T. Security. (Probably Entry-Level)
      (I’ve been with Comcast for eight years/Four of those on the Senior-Help Desk)
      I currently have: Associates (IT) /Network +/Security +/Certified Ethical Hacker (CEH) and some experience with the OSCP. I found the OSCP to be very challenging.
      Any thoughts/insight on the difficulty of CISSP compared to the OSCP or CEH?
      I’m experiencing a sense of ‘urgency’ in securing a career, and am open to any/all options.
      I’m willing to relocate/travel 100%/Contract/etc.
      I’m looking into options such as: Incident Handler/Loss Prevention/Management/
      I’m willing to spend a year (self-study) to obtain a CERT that will put me in the 50K to 70k range

      If you have any advice/resources/etc., I would certainly appreciate it.
      Thanks in advance,
              And yes, I really am an Ex-Circus Musician (Bass Guitar)

    • #41733

      CISSP is a totally different animal than CEH or OSCP. CISSP has a management spin and is less technical, however you’re expected to know technical details in some areas.

      I actually just took the CISSP exam 2 days ago. Do NOT underestimate this cert. I always looked at it as a “read a book and pass the exam” type of cert. The reality is that there is a lot of information to remember for that exam. Quite frankly, if you don’t have a decent amount of practical work experience in more than a few of the domains, its going to be even harder. Dedicate serious time to CISSP if you’re going to do it because you really have to understand all the concepts and how they fit together. That test was a bitch. Then again…..our buddy H1t M0nkey cranked out CISSP in 17 days which is pretty amazing.

      CISSP is beloved by HR and hiring people. I just did a quick search on and there were 1361 jobs across the country. This is a valuable cert for your career. In comparison, there were 6 jobs for OSCP and 92 for CEH

      I wont get into the debate on which is more valuable for your brain….we’ll leave that for another thread.

      Look at the 10 common bodies of knowledge for CISSP, do you have at least 5 years experience in at least 2 of them? Another CISSP will have to vouch for that experience. If you don’t have that, you’ll be put into CISSP purgatory until you satisfy the practical work experience. If you do, I would say go for it because as you can see by the job numbers, there are plenty of them.

    • #41734

      Then again…..our buddy H1t M0nkey cranked out CISSP in 17 days which is pretty amazing.

      Yes, but I did GSEC a year before CISSP and they both cover similar material.  I didn’t have any life in this 17 days: Waking up at 4:30am to study before work then studying again on every single evenings until 11:00pm (so about 5 hours a day, more on weekends). It took me a full month to recover from this crazy pace. 

      Oh, I forgot to mention I have 2 daughters…

      So don’t do that! Take 2-3 months to study this beast…

      Good luck cd1zz!!!  😉

    • #41735

      Take 2-3 months

      Yes, at least. The test is a bear. If you don’t have the FULL time experience required, at least you’ll have the ISC2 Associate and that is….well, it’s something.  🙂

    • #41736

      I’m in a similar situation to the OP. Mid 40’s, multiple certs and a good bit of computer experience just not in the domains I want to work in.

      I decided to go for the CISSP now because almost every juicy position I see has that same 5 letter certification either required or recommended. I would MUCH rather work on my OSCP or take Joe McCrays Advanced CAST class but the CISSP looks to open more doors for me than almost anything else right now.

      To give you perspective on my current study habits – I read a domain in both Kurtz/Vines and Conrads newest 11th hour guide to get a general feel for the topics. Then hit the AIOv5 and OSG2 to fill in the gaps, then take a 250 question quiz on just that domain on cccure to see what I didn’t pick up.
      So far so good – been doing this since late June for maybe 10-15 hours a week. Its really opened my eyes to what I didn’t know existed in the security realm.

      I’m going to try and take the test in either October or November depending on how much of my time has to go to projects at work.

      BTW – any advice on tweaks to my study habits from you CISSP’ers would be great!

    • #41737


      The only thing I would recommend is making sure that you don’t rely on the cccure tests. This may seem obvious, but understand the CONCEPTS behind the questions because none of the practice tests you’ll take are like the real exam. Those tests DO help to a certain degree, but by no means the end all be all. The exam requires you to understand concepts for the most part. Of course they sprinkle in some specific/granular stuff just to make you crazy.

      I think you’re being smart by reading multiple sources and being methodical and diligent. That is a recipe for success.

    • #41738

      cd1zz is right, no practice questions is like the real exam and that is a real shame. I bought practices questions from, did the ones that came from Shon Harris book (even bought the extra questions from her), did more on another book and above all, I bought the expensive questions from ISC2! All in all, I did answered about 1600 practice questions from 4 different sources.

      I was pissed to see the exam is different. Most questions (about 70%) are in the type: “Which answer is the BEST”, “What would you do FIRST”, etc. It means more than one answer is correct, you need to find the best one…

      The other difference was that in the exam, they will sometime use different wording that you are use to. I think their goal is to see if you can talk to an executive who knows nothing about security and describe concepts in his own words. So for example, expect to see “pre-shared key” or “secret key” instead of “symmetric key”. This drove my crazy in the exam…

      I’m going to try and take the test in either October or November depending on how much of my time has to go to projects at work.

      @maxpeck: Don’t forget you cannot take the exam when you want like SANS. Where I leave, they only give it 3 times a year. That’s why I did it quickly, I didn’t want to wait an extra 6 months to write it…

    • #41739

      Benefits of becoming a CISSP

    • #41740

      AHAHAHAHAH that is effing awesome.

    • #41741

      @WCNA wrote:

      Benefits of becoming a CISSP


    • #41742

      LOL ++1!  Saw that one the other day!

    • #41743

      LOL – nice video – funny thing is he looks like my lawn guy 🙂

      Thanks for all the pointers guys! The biggest reason I’m not rushing to get this cert it to make bloody sure I get the concepts as well as I can. I know this isn’t a Micro$oft exam…

      I have 3 testing areas relatively close so I’m good on the test dates, the one available in November should work out well.

      I’m using the various practice tests to help me round out the subject matter more than anything else. Taking the end of chapter test from each book is nice but they ask alot of specifics I know I won’t be seeing in the same form on the big 6-hour hell-grind. That’s one thing I’m dreading a lot – the LONG sit and sweat. I was uncomfortable when I took the CCNA for that very reason. After almost 3 hours sitting there and I so stressed I would have punched a nun in the face just to end it!  Poor little nun…

      Anyhow – thanks again for the help! Back to the joys of telcom…


    • #41744

      A little late to the party but I think a couple items are illustrated that sum things up. I have been studying for the CISSP for about a year and the breadth is just unreal. I’d say most people, and this even means full time InfoSec types like us, only deal with 3-4 of the CISSP domains on a monthly basis. Even when you get roped in to random things, you may hit 5 or 6 of the domains. It’s a bit odd to think that one exam contains a section on a question on how an s-box works in an encryption algorithm and then the next question is what type of fire prevention methods should be used in scenario A in a datacenter. The key point though as pointed out by cd1zz, if you want a resume booster, I can’t think of much better than CISSP.

Viewing 12 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?