Related Posts
More Posts
3/29 Thread (General):
Best ways to plan exit - any suggestions?
Additional Posts in Tech
You know what? Hybrid is great but remote is better

New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.




CISSP was excellent for me in the sense that it taught me about domains I wasn’t working in daily, it gave me better ways of looking at risk from both a literal and business perspective, it also opened up my career when I was in small boutique consultancy.
For a lot of folks it’s just the fact it opens up opportunities so they pump and dump that info after a 3-6 month study and pass session and don’t take any value from actually learning the material.
Bottom line certifications are the epitome of “its the journey not the destination”. It’s what you learn, not the letters you get to put after your name.
When thinking about ROI don't forget to account for the yearly fee. I decided to not maintain my CISSP active since moved to lead an in-house team in the product company.
If you’re early in career or trying to break into a specific domain, yes, its helpful. Otherwise your experiences should speak to it better than showing you have a certification. You can always pick up the book and learn the concepts if you want learn specifics, I’d skip getting the certification part.
It is the minimum cert you should have in the industry. It shows you are serious. It also helps a lot with structuring what you know about cyber.
Once I got it I was getting way more recruiter interest. If you want to apply to other jobs you see it is often asked for in a majority of job descriptions. Even the job descriptions asking for less than 5 years of experience in the field which has become a running joke and also facepalm.