The Ugly Truth About CISSP…

The Ugly Truth About CISSP…

Henry Dalziel | CISSP | July 6, 2015

One of the best resources we have to see how popular something is (anything really), is Google AdWords.

All you have to do is plug a keyword into their “Keyword Planner” and out come the average amount of monthly searches performed for that keyword.

So, this weekend I thought it would be interesting to find out which cyber security certificate is the most searched for. And here are the top three results:

  • CISSP 33,100 searches/ month
  • Security+ 8,100 searches/ month
  • CEH 5,400 searches/ month

Now keep those number in mind while I summarize a short list of (negative) comments aimed at the CISSP certification:

  • It doesn’t measure necessary or practical skills
  • The people who are certified can’t fill the security position I really need to fill
  • It’s a tax I have to pay to compete in the job market
  • It’s trivial to pass even for people who’ve never held a job in security

And here is the only conclusion I can reach:

No matter what the anti-CISSP community have to say, the ugly truth about CISSP is that cyber security professionals are still interested in it (at least searching for it online).

In fact, arguably, professionals still perceive CISSP to be the only “must have” certificate in the market.

And if we believe that perception is often more important than reality, then perception is something we have to constantly manage. Whose perception? Everyone’s — your (prospective) employers, C-level executives, your customers etc.

Here’s some good news. No matter where you stand on this discussion, you can evaluate our CISSP course, for free, for 30 days. Simply enroll here.

So here a question for you (and one I would welcome comments about below):

With demand for cyber security professionals far outstripping supply, is there any upside in NOT having your CISSP?

PS. As of May 2014, (ISC)² reports 93,391 members hold the CISSP certification worldwide, in 149 countries.

  • Fran

    Hello Henry, Thanks for sharing this information. I have a question regarding the CISSP, as it’s not a practice certification and I think the majority of people who wants to take it is more concerned about the money that they’ll receive after passing it, what’s your opinion about having a CCIE Security instead of CISSP?

    • Hi Fran – thank you for your comment. The main differences between CISSP and CCIE is that one is vendor free (ISC2/ CISSP) whilst CCIE’s awarding body is CISCO. Also, CISSP is a more wide-ranging cybersecurity certification whilst CCIE tends to focus more on routing, switching and other technologies that are more specific to networking. Why not do both? CISSP is more of a C-Level certification, or at least Senior Level in terms of cybersecurity whilst CCIE can be considered more as being a high-level CISCO cert. I hope that helps a bit! Bottom line – go for both!

      We offer a free CISSP trial here (valid for 30 days) so go ahead and see if the certification is for you and let us know how you get on. Thanks

  • Todd L.

    What do you suggest I take for functional security skills?

    • Hi Todd – thank you for your comment. I’d suggest taking a look at the NICE/ NICCS Cyber Skills Framework. The NICCS is the ‘National Initiative for Cybersecurity Education’ – part of the “National Initiative for Cybersecurity Careers and Studies”.

  • ICE

    The only upside from not having the CISSP cert is that my job currently doesn’t require it. The downside is that my position is planned to convert to government in 2 years or less and all government Information Systems Security Officer’s (ISSO) require the CISSP cert. I plan to take the cert this year because my company said they will pay for it. I believe it’s one of the most important certs to have but definitely not the only one you should hold. So if your job requires the CISSP cert, you should add on a network cert like Network+ and/or CISCO cert. I would recommend a Microsoft cert and a Linux/Unix cert as well. Last, it will help to get to know a little about NISPOM and RMF for DoD IT.

  • Sam Fidelis

    We working on establishing a cyber academy in South Africa. Which college can you advice us, to work with? Thank you for info on the 3 certifications.

    • Work with us! We are a Cyber School with a very large community based in the following countries: USA, UK and India. We’ve reached out to you privately. Thanks for your post!

Leave a comment or reply below...thanks!