Do you have five years of experience in IT security? Then you might want to take the CISSP. Otherwise, there are stepping stones you can take to get there. If you want to land your first role focused on IT Security, you’ll want to take the CompTIA Security+.
The Security+ certification qualifies candidates for newer IT security positions, while the CISSP does this for more advanced security roles. This difference is not only advised depending on experience, but it is also a pre-requisite for the CISSP. Where the Security+ doesn’t require experience, the CISSP requires five years to be certified.
Both certifications are internationally recognized and have many benefits. The Security+ is a good stepping stone for IT professionals who want to enter the field of security, while the CISSP allows those with more experience in information security to take on higher-level positions.
From Beginner to Advanced. From Security+ to CISSP.
Being wide eyed about the IT Security world, is a good sign you should take the Security+. You need to be committed and dedicated to move up the ladder and get into a CISSP.
Start from small beginnings with the Security+. Chances are you have other certification experience at this point. The Security+ is still a worthwhile challenge to take. You can expect similar concepts from let’s say the A+ or Network+ exam, with a heavier emphasis on information security.
In large the Security+ gives you a technical understanding of security. It’s a perfect place to start as an analyst before moving towards the path of the CISSP.
You can get your Security+ certification in a few months of studying. The CISSP, on the other hand, will take at least five years to complete with experience and an exam date set up before you start. There is no such thing of taking the CISSP without having a firm understanding of networking or operating systems concepts — this isn’t for beginners!
This added time commitment makes it so that the more experienced IT professional should go towards getting their CISSP first. Once they have completed their exams then they are qualified to move over to pursue another certifications. To remain advanced in the technical space, the OSCP is a good next option. This allows them opportunities for both verticals and horizontal growth within IT security.
Role Differences for the CISSP and Security+
As mentioned before, CISSPs are for more experienced IT professionals. This means they have worked on operating systems and networking concepts over the course of their career or have had years of experience in these fields to be able to take this certification exam.
The Security+ is geared towards those that are newer into IT but want a certifications with some security knowledge behind it. They can get certified within 90 days by passing an exam — no previous experience necessary! The Industry Certificates provide them opportunities for vertical growth where as the CISSP provides horizontal growth along with additional skillsets needed from other sources already mentioned before such as ethical hacking courses like CEH (Certified Ethical Hacker).
Here some example job roles for the CISSP:
• Chief Information Security Officer
• IT Security Consultant
• IT Manager
• Director of IT
• Security Manager
• Senior Security Analyst
• Chief Technology Officer (CTO) etc.
The Security+ can pivot you into job roles like:
• Security Analyst
• Security Engineer
• Jr. Penetration Tester
• Security Administrator
As you can see the CISSP role plays a higher level job. It isn’t as a technical. There are more business and management like concept that the CISSP covers to qualify candidates in these business leaning roles. You can’t be an IT Director without knowing how to manage the budget of a technical department.
Whereas the Security+ role is more technically based. In these roles, what you know about the technology you’re working for, will be more useful. I think this is a good path to set you up for that fork in the road. By fork in the road, I mean do you want to stick to technical operations or move towards management work. If the latter is for you, then the CISSP will be in your future.
The CISSP certification is a goal to reach for those that want to lead in the operations of IT and be able to understand the business benefits. The Security+ role is more about understanding how security works technically, which can also help you on your journey towards getting into management or leadership roles within technical departments.
The Better Certificate: Security+ or CISSP?
What’s better? I think it depends! It really comes down to whether you want an infosec type job with all its glory OR if you would like more hands-on experience as well as being at the forefront of technology changes rather than just following along after implementing them.
The difference between these two certifications will come down to what position they are going for (management vs technician), their current level of experience, and what you’re naturally good at.
The Security+ certification is a great starting point for information security jobs because it’s more about understanding how security works technically, which can also help you on your journey towards getting into management or leadership roles within technical departments.
The CISSP will require experience in the field and an extra five years to be certified but gives much deeper knowledge of infosec with its broad range of topics that span across technologies and industries.
The Path Forward by Listening
Sometimes people say things you should just ignore. Other times they can be used as insights to help you realize what you’re good at. What you’ll find in IT is that people will make comments about your work. You might hear, “You’re very good with people” or “You’re very technical.”
If you hear you’re good with people the stepping stone from the Security+ should be the CISSP. You may still want to take the CISSP if you’re technically sound too.
But if you hear that you’re very good at the technical part of you’re work, or you just have an incredible passion for technical operations, then you might want to consider another path. The CISSP is a great path forward in anyone’s IT Career. But the OSCP is a better path forward to climb up as a technical operator.