If You Want To Work In The Security Field Do You Really Need A CISSP Certification?

There are two schools of thought when it comes to the computer security field –

1. Some people believe that you can be taught everything that you need to know and that there are no special skills required.

2. Other people believe that everything that you need to be in the computer security field was given to you at birth and you need those skills to ever be good.

Both sides are to the extreme and while they may have a little bit of truth to them, overall they are both wrong.

You can learn how to find security issues in both software and the network but you do need to be born with the patience to do it.

Hacking in real life is not how you see it in the movies – there can be hours and hours of dull searching while you are waiting for the discovery of the bug but if you are born with the desire to learn and to be patient, it will not matter to you.

The fun is in the chase.

You dont need to be a Certified Information Systems Security Professional to be an expert

You don't need to be a Certified Information Systems Security Professional to be an expert

What Is A CISSP?

That seems to be the question of the day.

What is a CISSP?

The letters stand for Certified Information Systems Security Professional.

It is a certificate that is handed out by the ISC that allows potential employers to see that you went through the training to become a professional security consultant.

The CISSP also tells your future employers that you know how to do more than just look for security holes in the information system; it shows them that you know how to handle the professional side as well.

Some people who get into the security field do not know how to interact with the business people that they meet every day.

When you are getting your CISSP you must have either five years of on field experience in one of the tech fields that it specializes in or you must have a four year college degree.

If you have already done either one of those two things then there is a good chance that you already know how to deal with people anyway.

Do You Really Need A CISSP?

While a CISSP is not necessary to work in the security field, it might help you go further than you would without one.

It looks great on the resume and shows people that you already know what you are doing but the thing that trumps having a CISSP is having natural skills.

If you study hard in your field and you enjoy what you do then you will likely have the skills that you need anyway and so having a CISSP might not matter as much.

Getting a CISSP might be a good start for you but if you have natural skills then you might not need it to get ahead.

Work on your skills first and then worry about getting the certificates later if you really want them.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. As a colleague of mine mentioned today, the CISSP certification is the godfather certification for IT security professionals. It is widely recognised certification in the world, with close to 63,000 certified members. Here in the UK, a CISSP certified professional can claim an average salary of £50K

  2. Peter Hillier says:

    I’ve always asserted that life skills are far more important than those learned, but individuals don’t set the benchmarks that we are all forced to work by. Case in point, as the CISSP evolved into what it is today, many areas set it as a benchmark for hiring, procuring contractors, etc. While there is a business case to be made for strong relationships demonstrated by solid results over time for those who do not hold the certifications in question, it is the harder road to travel. If it means I can find work easier by certifying (regardless of the cert), then I would rather be bringing in the revenue, than spending my time convincing potential clients that my skills are equal that of .

    • Hi Peter

      Don’t get me wrong – I totally agree that having a CISSP makes one eminently more employable – I’m just making the case (I hope) that it is just one part of the make-up of a good professional, albeit one that is given a little too much weight in my opinion.


  1. […] consider the Certified Information Systems Security Professional (CISSP) qualification as being essential for prospective security personnel. To maintain such certification members need to continue their […]

  2. […] though it is a good thing that you got your certification, if you want to take it a step further, you must try to learn something new […]

  3. […] that a black hat hacker can attack a system now that it is hard for even the most experienced of security experts to be able to know about all of […]

  4. […] This post was mentioned on Twitter by cubitouch, Lance Miller and christopher ashby, Lee. Lee said: If You Want To Work In The Security Field Do You Really Need A CISSP Certification? http://bit.ly/c3B7W0 […]

Speak Your Mind