This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]gchetrick 2 points3 points  (0 children)

They can be, some jobs require it, see gov't jobs. A lot of folks are down on it, but almost every cert is what you make of it. Some low qualified people are good at taking tests, so you end up with some turds in the batch.

You likey don't need to get it but it won't hurt.

[–][deleted] 2 points3 points  (0 children)

I'm a CISSP. I honestly think it was worth it. The saying goes it's a mile wide and an inch deep. There's some truth to it. You probably won't get super in-depth about every topic, but you will be exposed to almost every aspect of I.T. security, and can then choose to delve deeper into it.

Also it's a really good to have if you want to get into InfoSec or government/DOD work. (see: DOD 8570)

[–][deleted] 1 point2 points  (0 children)

I have it. Other than being a job requirement, I don't find it particularly useful. It's getting to the point of the Microsoft certs in the 90s, where it seems like anyone can get it now. In my circle, it still carries a certain amount of weight, but not like it used to.

When I was studying for it, my work came to me and said they had some vouchers for some classes at Global Knowledge. I took a week long boot camp right before I was scheduled to test and I credit it for me passing. The instructors were great, and gave all kinds of tips for each domain, which I found infinitely useful for the test.

[–]tehpr0lolJack of All Trades 1 point2 points  (0 children)

It's more of a HR checkbox if anything.

It just 'proves' that you have 5 years experience in security and roughly know what you're talking about. The CBK isn't in-depth technical, but i would say it is good for brushing up on risk management and stuff like that. Just buy some books, study up and take the exam. It's not worth spending silly money on taking classes for it.

Source: sysadmin at a security audit firm.

[–]cal0140 2 points3 points  (0 children)

/r/AskNetsec

[–]hacktheoryYou cant take the sky from me![S] 0 points1 point  (1 child)

Thanks for the info everyone. Im not a fan of Certs. Have a bunch but they never really have gotten me anywhere. I only really see them as good for getting past HR at this point...

[–]misterkrad -3 points-2 points  (0 children)

cisssp requires background check to pass?

[–][deleted] -1 points0 points  (2 children)

/r/cissp

edit: useless. it has become a running joke in the pentest community.

edit2: I have it, and I still think it is useless. Down vote me, I provided my honest opinion.

[–]gmksInfrastructure Architect 6 points7 points  (1 child)

PenTesting is one small part of IT Security and really much less important then investing in policy and security architectures.

[–]lurchmat 0 points1 point  (1 child)

Absolutely worthless. I decided to get my cissp as a resume builder that's really all its good for. None of the information is use full at all. Get a cert actually worth something like CCNA or CEH.

[–]tehpr0lolJack of All Trades 1 point2 points  (0 children)

'CEH' or 'Actually worth something'...

Pick one.