Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: CISSP: the new MCSE??

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323

    CISSP: the new MCSE??

    Ok.. as I was preparing my CISSP Notes Tutorial, I was talking to TheHorse13 on IRC about it and whether it would be useful. While only a few would be interested (which is fine), we did get into a discussion that the CISSP may be heading the same direction as MCSE (NT) was/is (I don't know if the MCSE 2000/2003 is the same).

    Basically, everyone and their brother is getting the CISSP. Even with recent changes -- requiring 4 years experience or 3 years and a bachelor degree plus sponsoring by another CISSP or company sponsoring plus audit to prove your experience -- it has become the degree of choice. Looking at the Certification wall of a bookstore that seems evident. The number of books for the CISSP is growing.

    I would definately say that the CCNA is already at the status or near the status that the MCSE NT was about 4 years ago.

    What do the rest of you think??
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Your right, Cissp is becoming a popular cert to get, as it's the only thing to distinguish yourself between a million and one MCSE paper techs running around. I'm even working to get this cert, only because I know I'll be a hell of alot more marketable on the job market and because I know, currently the people holding the cert are an elite few, who have actuall proven skill, not just able to cram for an exam.


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  3. #3
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    It is far more popular than it should be, and I don't think peoples expectations for what a cissp can do are getting set appropriately.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    I would definately say that the CCNA is already at the status or near the status that the MCSE NT was about 4 years ago.
    I think that CCNA is prolly beyond that. With at least 1 high school in every city in Ontario offering it, as well as almost every college having it incorporated into their networking programs. I'm guessing the rest of the world is the same way, considering the quotes they've released on the number of students enrolled in the Cisco Networking Academy. In October 2001, they relased the numbers of 8348 Academy's in 133 countries, with over 225,000 students. It's a two year program in most places, which means even if a quarter of those people get their cert, the first year of the program was 1997 and the first group of grads would have been 1999, they've put out over 200,000 certified people. If highs closer to half the people get their certification then you're looking at over 400,000 certified people. This doesn't include people getting it on their own, or in the boot camps. I guess I never really had any first hand experience with the MCSE NT crazy but I know know of the schools around where I'm from offered it like they are with the CCNA.

  5. #5
    Member
    Join Date
    Aug 2003
    Posts
    98
    I am not as enchanted by the CISSP as everyone else. I am turned off by the $450 exam fee and the mention of "annual maintance fees" for having the certification. Plus, the Endorsement? I need an endorsement for the privledge of spending $450 for a cert I can never pay off? No thanks.
    I see the cert & the program as an attempt to create a "Information Technology Industry Union" of sorts. I doubt it will ever get that far, by that is what it looks like to me the INC. that created this cert is aiming for.
    I hate this place, nothing works here, I\'ve been here for 7 years, the medication does\'nt work...

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    The CISSP cert is what my profs are pushing me towards right now. I am getting the impression that it is simply the trend right now, just like Network+, A+, Security+, and an entire army of certifications has been. The only difference I can see with the CISSP is that it's a lot harder to obtaion, and fortunately, employers know this. My only concern is that it will become too common and will at that point cease to be a selling point, merely a necessity like CCNA. I'm glad I've got a couple more years to figure it out.

    And yes, the price is outrageous. It cannot possibly be worth $450 of anybody's time to grade the paper, although it does take 6 hours. That means I'm paying someone $75 an hour to grade the paper. It seems to me like this certification is intended to generate revenue, and not to actually certify people.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  7. #7
    It is more than just the $450 for the test, but an annual fee of $85 IIRC. Plus, you are required to sit for the test again every three years to maintain your certification. If you take the exam and pass it, but don't make the cut on the audit, you do not get to claim any standing based on the exam.

    Striek: I hope your professors understand that students very likely will not be able to walk out of a technical program and successfully test for the CISSP without considerable experience behind them, support of an employer or other CISSP. From what I've seen of the requirements for the professional audit, an applicant will have to produce a lot of material to demonstrate adequate experience in all ten domains. A one-page resume won't cut it.

    No, the price is not outrageous. Seems fair. We are talking a professional certification that one earns with experience and study. I think the process as it is set up should prevent the "paper MCSE" syndrome and insure the certification maintains a professional level standing and industry respect.

    Combine the $450, plus annual $85, plus annual IEEE membership, and you have some significant pro certification, networking and industry support (online training and journals). I recommend Security & Privacy.

    So far, the material I've covered in texts and references have more to do with higher level IT security roles. This isn't Security+ or SSCP for a network or system security tech, the CISSP is a corporate IT security officer certification.

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    As a side note, the fee goes from $450 to $499 starting Jan 1. And there are new variations to it.

    I think the process as it is set up should prevent the "paper MCSE" syndrome and insure the certification maintains a professional level standing and industry respect.
    Yes and no. Now you just need 3-4 years experience as an administrator, not necessary specifically directed towards security administrator (one would assume that one would have security on the mind as an admin but I think we know that this isn't always the case). I think this is the biggest concern I would have in regards to it becoming the "next MCSE".

    In addition, there has been a mini-explosion of "boot camps" and such. Granted, I've seen more for the likes of MCSE 2000, CCNA, etc.

    Out of curiosity, what would people think the next cert would be worthwhile: GIAC?

    For giggles I will probably do Security+ (mostly so I can tell students what to expect if they decide to do it). But once I get CISSP out of the way, I was thinking of doing something else (just to keep busy.. .. )
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Member
    Join Date
    Aug 2003
    Posts
    98
    corporate IT security officer
    Whoa, I cringed when I read that phrase....
    I hate this place, nothing works here, I\'ve been here for 7 years, the medication does\'nt work...

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    The GIAC certs are worth it in my opinion. You can't really just bootcamp through it since each GIAC cert requires you to write a 20+ page paper on a related subject that demonstrates your understanding and that has NOT been done before. Others also require more interaction such as the firewalling cert where you have to analyze another students plan to look for holes or the intrusion detection cert where you have to analyze some actual logs of traffic.

    I've just finished the GCIH (incident handling training) and have to do a nice 20+ page writeup on an attack (again, one that no one has written up before), what it is, how it works, and the incident handling process from start to finish...then i get to take my two tests.

    And if you want to go after the GIAC GSE god cert...you have to get certified in 5 of their tracks and get honors in at least 1.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •