CISSP and security-related jobs
CISSP and security-related jobs
Author
Discussion

john_p

Original Poster:

7,073 posts

277 months

Wednesday 7th October 2009
quotequote all
Posted over at computers & etc but thought may get a better response here..

Been thinking about careers and something like CISSP looks interesting for where I want to go next. I tried the online test and did fine so with studying could get a good grade.

Anyone have this qualification - does it open doors, was it hard to get, did you go via a training co etc.

How easy is it to make the jump into this field based on having 8-10yrs system/network/db admin experience ?

cazzer

8,883 posts

275 months

Wednesday 7th October 2009
quotequote all
Biggest hurdle to getting CISSP is the requirement to have been working as a security consultant for 2 years prior to taking the exam.

john_p

Original Poster:

7,073 posts

277 months

Thursday 8th October 2009
quotequote all
I think the hardest part is getting another CISSP to "sponsor" you - I'm sure with some better interpretation of my CV I could say I've been working on roles that heavily involve some of the CISSP areas.

I've done a 4 year degree too, so my work requirement comes down to 4 years.

fieldl

1,320 posts

258 months

Saturday 10th October 2009
quotequote all
Depends I guess. Some people think it opens doors and gets your CV in front of people.
I have just recruited two near senior people neither of whom have CISSP, I have many years experience and haven't done the CISSP. The exam was on a Saturday so never really appealed to me. In fact I don't think I have ever actually recruited a CISSP although many of my people have later sat it.

So yes it probably helps, personally I don't look for badges just ability.
That said I'm a little harder to please wink

john_p

Original Poster:

7,073 posts

277 months

Saturday 10th October 2009
quotequote all
Hmm ok well the sort of job is what I'm interested in rather than the CISSP itself. What sort of role was it you were recruiting for and what sort of experience was required?

cazzer

8,883 posts

275 months

Saturday 10th October 2009
quotequote all
Part of the problem seems to be recruiters at the moment.
I've sold/pre-sold IT security bespoke/off the shelf and services for 15 years but buggered if I can even get an interview now. The all have CISSP or some other pointless letters as a requirement.

It may not be a requirement from the company itself but it seems impossible to get yer CV past the recruiters without having "qualifications" no matter how much experience you have.

Hey ho, back to Jeremy Kyle and Tricia.

bga

8,134 posts

278 months

Tuesday 13th October 2009
quotequote all
Hi John,

I have a business which is focussed on a particular area of IT security. For what it's worth I don't really look out for people with CISSP, but IMO it certainly wouldn't hold you back. I see it as a reasonable demonstration that the candidate has a broad understanding of security as a topic. I started studying for it but put efforts into gaining more specific quals.

We focus on SAP so I want to see candidates who have experience of working on and consulting in that area. I also want to see candidates articulate what their roles have been and give me comfort that they understand not just what they are doing but why they are doing it. The same applies to any other related area like IT audit or business process controls work which we are involved in.

It's not really my domain, but I would expect that if you can emphasise on your CV the security related bits system/network/dba work you have done, you should be able to get a more junior role specialising in security. If you are working now, is there any opportunity to focus on this within your current company?

DJC

23,563 posts

263 months

Friday 16th October 2009
quotequote all
bga said:
Hi John,

I have a business which is focussed on a particular area of IT security. For what it's worth I don't really look out for people with CISSP, but IMO it certainly wouldn't hold you back. I see it as a reasonable demonstration that the candidate has a broad understanding of security as a topic. I started studying for it but put efforts into gaining more specific quals.

We focus on SAP so I want to see candidates who have experience of working on and consulting in that area. I also want to see candidates articulate what their roles have been and give me comfort that they understand not just what they are doing but why they are doing it. The same applies to any other related area like IT audit or business process controls work which we are involved in.

It's not really my domain, but I would expect that if you can emphasise on your CV the security related bits system/network/dba work you have done, you should be able to get a more junior role specialising in security. If you are working now, is there any opportunity to focus on this within your current company?
You will be damn lucky to find anybody usefull with IT/comp/softwre auditing skills and process control knowledge who knows what they are talking about in the market place at the moment. Unrelated to the OP I know, just saw that bit and thought it interesting. Ive got an oar in that field aswell.

bga

8,134 posts

278 months

Sunday 18th October 2009
quotequote all
DJC said:
You will be damn lucky to find anybody usefull with IT/comp/softwre auditing skills and process control knowledge who knows what they are talking about in the market place at the moment. Unrelated to the OP I know, just saw that bit and thought it interesting. Ive got an oar in that field aswell.
It's difficult at the best of times, though I agree that good ones are particularly dificult to at the moment. Everyone seems to be staying put in the hope of a big payoff or that they get enough chargable work to stay under the radar.



john_p

Original Poster:

7,073 posts

277 months

Sunday 18th October 2009
quotequote all
What's businses process control about then? Software engineering?

bga

8,134 posts

278 months

Monday 19th October 2009
quotequote all
john_p said:
What's businses process control about then? Software engineering?
Processes are the activities which make a business work. Software/hardware/IT etc support those processes. ( some info here: http://en.wikipedia.org/wiki/Business_process )

An example could be a purchasing cycle where you have things like purchase requisition being raised, purchase order being created from the req, goods being received, invoice received, invoice paid etc. Software may be used to support all or some of those activities.

Business Process controls are the controls we exercise over that process. Using the above example, typically you would ensure correctly authorised people perform each of the above functions. You could potentially segregate one or more of the activities (for example you don't really want someone raising an order to be receiving it too). You may also want to limit the value of the order raised before it gets approved by a manager for example.

These controls can be manual or implemented in a system which is being used to support these processes. Generally the controls are a mixture of both. If you are creating software they you need to make sure that the appropriate checks and balances are built into the tool and that where key business processes are supported by that tool, that adequate control mechanisms are built in (easy ones are authentication to the app and authorisation for performing different functions).

DJC

23,563 posts

263 months

Monday 19th October 2009
quotequote all
What he said.

Software and systems orientated process control engineers are always pretty thin on the ground, mostly because they are bloody expensive to employ and you have to have a mature enough systemic organisation of the business/project to make best use of them.

john_p

Original Poster:

7,073 posts

277 months

Monday 19th October 2009
quotequote all
That actually sounds quite interesting, I'm in the development side currently but see from current projects how that sort of role would be needed. A shame I'm mainly in the web side, as I think I could certainly tailor my role toward that. A total departure from CISSP, as you say, but I'm really interested in specialising my career into something which is a) project based and b) a bit more focused than 'web development' (which I've been doing for a long time!)

DJC

23,563 posts

263 months

Wednesday 21st October 2009
quotequote all
john_p said:
That actually sounds quite interesting, I'm in the development side currently but see from current projects how that sort of role would be needed. A shame I'm mainly in the web side, as I think I could certainly tailor my role toward that. A total departure from CISSP, as you say, but I'm really interested in specialising my career into something which is a) project based and b) a bit more focused than 'web development' (which I've been doing for a long time!)
It sounds as if you have absolutely no experience in it though.

And of course you want to get out of "web development" that is for 13yos and pissed up student engineers at 2am after a session on the town in between doing their real work.

Best place to learn process control engineering is in safety critical systems related engineering industries.