EXPERT RESPONSE
In my opinion, the CISSP is more about a resume then proving one's competence as a security professional. It will show that someone can pass the test, but it doesn't say much about that person's ability to do the job.
I think you are in a great position because you are dealing with risk, and that is by definition a business activity. So focus on learning about the business, interacting with business people and understanding how to relate security to your organization's business imperatives.
I'd rather see you further specialize in your field and gain a greater understanding of how your business operates and some of the critical success factors for your company, as opposed to getting a credential that simply indicates you can attend a boot camp and take a test.
There is no way to fake real industry knowledge in an interview. If I were you, I'd be spending my time focused on gaining that industry knowledge, as opposed to a generic security certification. That is, unless you are passionate about the technology. In that case, being in the risk management group may not be the best fit.
For more information:
Khalid Kark explains how to build an information risk management framework.
In this tip, security practitioners give advice to those embarking on an information security career.
|
