Real Life: Earning the CISSP
Greg Schaffer reveals what it takes and what it's worth
Computerworld - Recently, I became an International Information Systems Security Certification Consortium (ISC2) Certified Information Systems Security Professional (CISSP). The pursuit was difficult, but that was to be expected, as the certification is one of the most sought-after information security credentials. Like many certifications, it can add significant bargaining weight when changing positions or jockeying for a raise.
Certifications don't necessarily make or break one's career, but can contribute to one's overall package. Whether you're satisfied in a position or looking to upgrade, it's in your best interest to stay as knowledgeable and marketable as possible. Understanding that certifications may not be a panacea but certainly have value is the first step in determining which certifications (if any) are worth pursuing based on your career goals.
The value of certifications
There has been much debate over the validity and usefulness of certifications, but one thing is clear: knowledge without the ability to apply it is functionally useless. That's one reason why some certifications require significant real-world experience as part of the certification process. IT recruiters are keenly aware of this.
"You may be a whiz at taking certification exams," says John Estes, vice president at IT staffing agency Robert Half Technology, "but if you don't have the benefit of troubleshooting [experience] in a business environment, you won't last long." Justin Keller, an infrastructure recruiter at TEKsystems Inc., agrees. "Certifications are something that will set apart qualified candidates from the rest of the field but they cannot be expected to replace real life experience," Keller says.
However, there has to be some value to a certification besides a fancy certificate for display on the wall. Overall, it's not unreasonable to expect a relevant certification to command roughly a 10% average increase in salary over those performing the same duties without the credentials, according to Brian Hunter, an executive and technical recruiter at Talent Scouts Inc. He suggests that people interested in pursuing a particular certification do a cost-benefit analysis to determine the certifications' return on investment.
Without a doubt, pursuing certifications requires tenacity and a willingness to put in long hours of preparation, not to mention the monetary costs, particularly if a "boot camp"-type preparation course is used. As Keller points out, "the financial and time commitments that are required to get many of these certifications are significant."
Basically, certifications by definition should certify that a professional possesses the qualities necessary to accomplish the duties of a particular position. In information security, that means having a very broad experience, knowledge and skills base.
My pursuit to become a CISSP
Information security is one of the fastest growing areas in IT today. Keller notes that "specialization in this area is going to be a solid differentiator in a market that is already very competitive." Certainly in the information security field, having the paperwork to back up the knowledge can be quite valuable. As my information security duties have increased dramatically over the past several years to the point where the majority of my professional activities are related to information security, I felt it was time to achieve that differentiator.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts