Real Life: Earning the CISSP
Greg Schaffer reveals what it takes and what it's worth
Computerworld - Recently, I became an International Information Systems Security Certification Consortium (ISC2) Certified Information Systems Security Professional (CISSP). The pursuit was difficult, but that was to be expected, as the certification is one of the most sought-after information security credentials. Like many certifications, it can add significant bargaining weight when changing positions or jockeying for a raise.
Certifications don't necessarily make or break one's career, but can contribute to one's overall package. Whether you're satisfied in a position or looking to upgrade, it's in your best interest to stay as knowledgeable and marketable as possible. Understanding that certifications may not be a panacea but certainly have value is the first step in determining which certifications (if any) are worth pursuing based on your career goals.
The value of certifications
There has been much debate over the validity and usefulness of certifications, but one thing is clear: knowledge without the ability to apply it is functionally useless. That's one reason why some certifications require significant real-world experience as part of the certification process. IT recruiters are keenly aware of this.
"You may be a whiz at taking certification exams," says John Estes, vice president at IT staffing agency Robert Half Technology, "but if you don't have the benefit of troubleshooting [experience] in a business environment, you won't last long." Justin Keller, an infrastructure recruiter at TEKsystems Inc., agrees. "Certifications are something that will set apart qualified candidates from the rest of the field but they cannot be expected to replace real life experience," Keller says.
However, there has to be some value to a certification besides a fancy certificate for display on the wall. Overall, it's not unreasonable to expect a relevant certification to command roughly a 10% average increase in salary over those performing the same duties without the credentials, according to Brian Hunter, an executive and technical recruiter at Talent Scouts Inc. He suggests that people interested in pursuing a particular certification do a cost-benefit analysis to determine the certifications' return on investment.
Without a doubt, pursuing certifications requires tenacity and a willingness to put in long hours of preparation, not to mention the monetary costs, particularly if a "boot camp"-type preparation course is used. As Keller points out, "the financial and time commitments that are required to get many of these certifications are significant."
Basically, certifications by definition should certify that a professional possesses the qualities necessary to accomplish the duties of a particular position. In information security, that means having a very broad experience, knowledge and skills base.
My pursuit to become a CISSP
Information security is one of the fastest growing areas in IT today. Keller notes that "specialization in this area is going to be a solid differentiator in a market that is already very competitive." Certainly in the information security field, having the paperwork to back up the knowledge can be quite valuable. As my information security duties have increased dramatically over the past several years to the point where the majority of my professional activities are related to information security, I felt it was time to achieve that differentiator.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!