Everyone in their career often wonders what they’ll need to do to advance or achieve greater responsibility or accountability in their jobs. Within the IT field there are multiple ways to gain experience, knowledge, and skills through hands-on work, college courses, and certifications. While there is a plethora of cybersecurity-related certifications to choose from out there, few of those stand out as remarkably as the Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium (ISC)2. I’m here to tell you how it can advance your cybersecurity career, using my professional growth as an example.
From Air National Guard to Cybersecurity
My professional career in IT started in the Air National Guard nearly 20 years ago (now retired) and began in the “Communications-Computer Systems Planning and Implementation Office”, or IT Project Management, for short (Air Force Specialty Code 3C3X1). This position enabled me to work on technical solutions for my unit, as well as to expand on my self-taught knowledge of computers, servers, network equipment, peripherals, radios, and telephones. Since I was more interested in hands-on-keyboard tasks, I eventually took a position within the help desk at my unit. This is when my career started to take off. Over my seven years with the unit full time, I expanded from desktop support to server maintenance, network equipment, and eventually to the Information Assurance Manager position. This is when I got my first real taste of cybersecurity, which also sparked my passion for the field.
Back then certifications were as important as they are now. However, in my opinion, industry and the U.S. Government were more focused on Microsoft-based certifications (e.g., MSCE), whereas cybersecurity-related ones were just in the dawn of being recognized as a critical need for IT systems (I blame this on the success of ecommerce at the time). That aside, the CISSP was gaining prominence within the Department of Defense especially with the issuance of DoD Directive 8570, Information Assurance Workforce Improvement Program a couple of years prior. Since I knew earning a CISSP would open opportunities for me as an emerging cybersecurity professional, this was now my new short-term career goal.
Cybersecurity Certifications: from Hobby to necessity
Eventually I left the Air National Guard full-time and moved over to contracting. This led to programs at the Pentagon, with the Joint Strike Fighter (JSF) program, and ultimately to cybersecurity engineering business development efforts. During my time at the Pentagon and with JSF, the exceeding need for cybersecurity certifications became more relevant due to DoD regulations (re: DoDD 8570) and contract requirements. In order to perform my job, which required elevated privileges on systems, earning a cybersecurity certification was no longer a question of “should I?” and now became an unquestionable requisite if I were to grow in the field.
Since I was still attached to my unit as a traditional guardsman, the DoD was able to provide boot camp-style courses for the Security+ in order to have more of the workforce become compliant. Because of this, I was able to earn my Security+ certification. This also allowed me to meet the contractual requirements for privileged access on the systems I touched on the contracting side as well. Nonetheless I still had a burning desire to earn my CISSP since it was becoming more prevalent within the DoD as the pinnacle of cybersecurity certifications to hold.
Almost 5 years after knowing I wanted the CISSP, three times through Shon Harris’ CISSP All-In-One Exam Guide cover to cover, and tons of practice tests, my then-employer was able to send me off to a CISSP boot camp where I passed the exam on my first try. My goal was now achieved. From here, my career path was up to me.
CISSP Opens Doors for Your Career
After earning my CISSP, I moved between multiple programs with my employer, with each change enabling me to transition more towards higher-level policy and procedures, while depending on my past experience to create or improve cybersecurity initiatives on those programs. This work enabled me to challenge myself, grow more towards cybersecurity business management, and the ultimate decision to leave contracting for a leadership position with the U.S. government. From this, I believe I have achieved the long-term goals I set for myself around 20 years ago. There are still many short-term goals to achieve, and with my initial long-term goal achieved, it is time to set my next long-term goal and work towards an executive level cybersecurity position.
That’s the short story on how the CISSP has advanced my career, but there are other ways the CISSP has helped me grow, challenge myself, and get to where I’m at now. For starters, holding a CISSP more than likely got me in to more interviews than not having one – especially since I didn’t earn my college degrees until after my CISSP. For example, on the JSF program I was in a senior level technical Information Assurance position when I earned my CISSP. Having my CISSP enabled me to interview for and move up to a staff position within the same program. If I didn’t have the CISSP at that point in my career (when I had no degrees), I probably would have been passed over for an interview in the first place.
Holding a CISSP also allowed me to work on various DoD and federal civilian projects especially since it is a non-vendor specific cybersecurity certification. Vendor-specific certifications, while valuable in their own right, can sometimes lead to restrictions on career growth. For example, if you hold a Microsoft Certification, chances are you will not be considered for positions that are Red Hat majority systems. The CISSP does not have that problem because the certification requires knowledge that is “an inch deep, but a mile wide”.
For instance, I personally am not a database administrator (DBA) by any means, but I have picked up on quite a bit when it comes to database administration over the years as a byproduct of cybersecurity compliance work. This means I can rely on fundamental knowledge of database installations and instances, with plenty of support from database subject matter experts of course, to properly secure the systems under my purview.