CISSP and security-related jobs
Discussion
Posted over at computers & etc but thought may get a better response here..
Been thinking about careers and something like CISSP looks interesting for where I want to go next. I tried the online test and did fine so with studying could get a good grade.
Anyone have this qualification - does it open doors, was it hard to get, did you go via a training co etc.
How easy is it to make the jump into this field based on having 8-10yrs system/network/db admin experience ?
Been thinking about careers and something like CISSP looks interesting for where I want to go next. I tried the online test and did fine so with studying could get a good grade.
Anyone have this qualification - does it open doors, was it hard to get, did you go via a training co etc.
How easy is it to make the jump into this field based on having 8-10yrs system/network/db admin experience ?
Depends I guess. Some people think it opens doors and gets your CV in front of people.
I have just recruited two near senior people neither of whom have CISSP, I have many years experience and haven't done the CISSP. The exam was on a Saturday so never really appealed to me. In fact I don't think I have ever actually recruited a CISSP although many of my people have later sat it.
So yes it probably helps, personally I don't look for badges just ability.
That said I'm a little harder to please
I have just recruited two near senior people neither of whom have CISSP, I have many years experience and haven't done the CISSP. The exam was on a Saturday so never really appealed to me. In fact I don't think I have ever actually recruited a CISSP although many of my people have later sat it.
So yes it probably helps, personally I don't look for badges just ability.
That said I'm a little harder to please

Part of the problem seems to be recruiters at the moment.
I've sold/pre-sold IT security bespoke/off the shelf and services for 15 years but buggered if I can even get an interview now. The all have CISSP or some other pointless letters as a requirement.
It may not be a requirement from the company itself but it seems impossible to get yer CV past the recruiters without having "qualifications" no matter how much experience you have.
Hey ho, back to Jeremy Kyle and Tricia.
I've sold/pre-sold IT security bespoke/off the shelf and services for 15 years but buggered if I can even get an interview now. The all have CISSP or some other pointless letters as a requirement.
It may not be a requirement from the company itself but it seems impossible to get yer CV past the recruiters without having "qualifications" no matter how much experience you have.
Hey ho, back to Jeremy Kyle and Tricia.
Hi John,
I have a business which is focussed on a particular area of IT security. For what it's worth I don't really look out for people with CISSP, but IMO it certainly wouldn't hold you back. I see it as a reasonable demonstration that the candidate has a broad understanding of security as a topic. I started studying for it but put efforts into gaining more specific quals.
We focus on SAP so I want to see candidates who have experience of working on and consulting in that area. I also want to see candidates articulate what their roles have been and give me comfort that they understand not just what they are doing but why they are doing it. The same applies to any other related area like IT audit or business process controls work which we are involved in.
It's not really my domain, but I would expect that if you can emphasise on your CV the security related bits system/network/dba work you have done, you should be able to get a more junior role specialising in security. If you are working now, is there any opportunity to focus on this within your current company?
I have a business which is focussed on a particular area of IT security. For what it's worth I don't really look out for people with CISSP, but IMO it certainly wouldn't hold you back. I see it as a reasonable demonstration that the candidate has a broad understanding of security as a topic. I started studying for it but put efforts into gaining more specific quals.
We focus on SAP so I want to see candidates who have experience of working on and consulting in that area. I also want to see candidates articulate what their roles have been and give me comfort that they understand not just what they are doing but why they are doing it. The same applies to any other related area like IT audit or business process controls work which we are involved in.
It's not really my domain, but I would expect that if you can emphasise on your CV the security related bits system/network/dba work you have done, you should be able to get a more junior role specialising in security. If you are working now, is there any opportunity to focus on this within your current company?
bga said:
Hi John,
I have a business which is focussed on a particular area of IT security. For what it's worth I don't really look out for people with CISSP, but IMO it certainly wouldn't hold you back. I see it as a reasonable demonstration that the candidate has a broad understanding of security as a topic. I started studying for it but put efforts into gaining more specific quals.
We focus on SAP so I want to see candidates who have experience of working on and consulting in that area. I also want to see candidates articulate what their roles have been and give me comfort that they understand not just what they are doing but why they are doing it. The same applies to any other related area like IT audit or business process controls work which we are involved in.
It's not really my domain, but I would expect that if you can emphasise on your CV the security related bits system/network/dba work you have done, you should be able to get a more junior role specialising in security. If you are working now, is there any opportunity to focus on this within your current company?
You will be damn lucky to find anybody usefull with IT/comp/softwre auditing skills and process control knowledge who knows what they are talking about in the market place at the moment. Unrelated to the OP I know, just saw that bit and thought it interesting. Ive got an oar in that field aswell.I have a business which is focussed on a particular area of IT security. For what it's worth I don't really look out for people with CISSP, but IMO it certainly wouldn't hold you back. I see it as a reasonable demonstration that the candidate has a broad understanding of security as a topic. I started studying for it but put efforts into gaining more specific quals.
We focus on SAP so I want to see candidates who have experience of working on and consulting in that area. I also want to see candidates articulate what their roles have been and give me comfort that they understand not just what they are doing but why they are doing it. The same applies to any other related area like IT audit or business process controls work which we are involved in.
It's not really my domain, but I would expect that if you can emphasise on your CV the security related bits system/network/dba work you have done, you should be able to get a more junior role specialising in security. If you are working now, is there any opportunity to focus on this within your current company?
DJC said:
You will be damn lucky to find anybody usefull with IT/comp/softwre auditing skills and process control knowledge who knows what they are talking about in the market place at the moment. Unrelated to the OP I know, just saw that bit and thought it interesting. Ive got an oar in that field aswell.
It's difficult at the best of times, though I agree that good ones are particularly dificult to at the moment. Everyone seems to be staying put in the hope of a big payoff or that they get enough chargable work to stay under the radar.john_p said:
What's businses process control about then? Software engineering?
Processes are the activities which make a business work. Software/hardware/IT etc support those processes. ( some info here: http://en.wikipedia.org/wiki/Business_process )An example could be a purchasing cycle where you have things like purchase requisition being raised, purchase order being created from the req, goods being received, invoice received, invoice paid etc. Software may be used to support all or some of those activities.
Business Process controls are the controls we exercise over that process. Using the above example, typically you would ensure correctly authorised people perform each of the above functions. You could potentially segregate one or more of the activities (for example you don't really want someone raising an order to be receiving it too). You may also want to limit the value of the order raised before it gets approved by a manager for example.
These controls can be manual or implemented in a system which is being used to support these processes. Generally the controls are a mixture of both. If you are creating software they you need to make sure that the appropriate checks and balances are built into the tool and that where key business processes are supported by that tool, that adequate control mechanisms are built in (easy ones are authentication to the app and authorisation for performing different functions).
That actually sounds quite interesting, I'm in the development side currently but see from current projects how that sort of role would be needed. A shame I'm mainly in the web side, as I think I could certainly tailor my role toward that. A total departure from CISSP, as you say, but I'm really interested in specialising my career into something which is a) project based and b) a bit more focused than 'web development' (which I've been doing for a long time!)
john_p said:
That actually sounds quite interesting, I'm in the development side currently but see from current projects how that sort of role would be needed. A shame I'm mainly in the web side, as I think I could certainly tailor my role toward that. A total departure from CISSP, as you say, but I'm really interested in specialising my career into something which is a) project based and b) a bit more focused than 'web development' (which I've been doing for a long time!)
It sounds as if you have absolutely no experience in it though.And of course you want to get out of "web development" that is for 13yos and pissed up student engineers at 2am after a session on the town in between doing their real work.
Best place to learn process control engineering is in safety critical systems related engineering industries.
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff


