CISSP Certified and the Next Steps

February 1, 2019 · 339 words · 2 minutes read · Personal Thoughts

I finally obtained the Certified Information Systems Security Professional (CISSP) certification. It is definitely the most well-known certification in the information security industry and the one recommended for any professionals in this field.

What is the CISSP?

It is not necessarily the most technical or specialized certification. It would seem that information security is one unique specific area but it’s quite the opposite when there are so many possible domains. The CISSP is the ideal certification that allows someone to know a little bit of everything on all these specializations. It is more oriented toward people who work at the management and/or governance level. It is also a great certification for anyone who does consulting. I published a post back in 2017 when I passed the exam.

Why?

The main advantage for the CISSP holder is to be able to easily attest a minimum of 4-5 years of information security experience. This is a basic requirement by the ISC2 organization before to award the designation. It is not all CISSP holders with the same kind of experience. I am still surprised by many people with the designation who are clueless on many technical aspects of information security. However, CISSP holders often know most of the concepts.

And, let’s be honest… It is also the first thing that someone will validate when it’s time to hire someone for a security position or to grant a new consulting mandate. That’s the real worth of the certification.

To obtain that certification, it was my first objective when I decided to lead my career toward the information security field. It was already back in 2012. To celebrate this important milestone, I decided to release a new website with updated information.

Next Steps

There is always a possibility to… well… publish more. However, I will pursue my master degree throughout 2019. It is finally the year where I should complete the essay. I would also like to do a comeback with a simpler version of my previous GRC application. But, yet, nothing really defined.