5 answers
Seth
Student
College Station, Texas
2
Questions
Asked
1934 views
Is CISSP certification for the governance side of cybersecurity and Security+ for the technology aspect?
Is CISSP certification for the governance aspect of cybersecurity certifications and Security+ is for the technology side?
Login to comment
5 answers
Patrick S
Security Specialist
16
Answers
Las Vegas, Nevada
Updated
Patrick’s Answer
Seth,
You are not wrong, and it is a pretty good comparison. I always suggest new up and comers in the field of cybersecurity to get their CompTIA Sec+. it will provide you an entry level break down of what to expect in security such as firewalls, intrusion detection systems (IDS), network architecture, malware identification, incident response procedures, etc.
The CISSP certification is focused on the governance side of the field as you mentioned. It is also a great test to show for your skillset in risk management, compliance requirements (like GDPR and HIPAA), secure system design principles, cryptography implementation, disaster recovery planning, and so on. This is still a certification I recommend to any seasoned cybersecurity worker because it makes you well rounded in knowledge.
Anyways, best of luck!
- Patrick
You are not wrong, and it is a pretty good comparison. I always suggest new up and comers in the field of cybersecurity to get their CompTIA Sec+. it will provide you an entry level break down of what to expect in security such as firewalls, intrusion detection systems (IDS), network architecture, malware identification, incident response procedures, etc.
The CISSP certification is focused on the governance side of the field as you mentioned. It is also a great test to show for your skillset in risk management, compliance requirements (like GDPR and HIPAA), secure system design principles, cryptography implementation, disaster recovery planning, and so on. This is still a certification I recommend to any seasoned cybersecurity worker because it makes you well rounded in knowledge.
Anyways, best of luck!
- Patrick
Edmond Momartin ☁️
Public Cloud Security & Compliance AT&T | MBA InfoSec | OWASP-LA Board
85
Answers
Los Angeles, California
Updated
Edmond’s Answer
CISSP demonstrates the ability to design, implement, and manage a cybersecurity program, i.e., all aspects of cybersecurity - from risk management, to operations, software development, etc. Since it focuses on CIA (Confidentiality, Integrity, and Availability) it does includes aspects that are also included in GRC.
Security+ on the other hand deals primarily with foundational and operational aspects of cybersecurity.
If you're trying to decide which one to pursue, CISSP needs 5 years of experience. If that cert is more appealing to you or inline w/ your goals, you can start w/ CC (Certified in Cybersecurity) from the same org (ISC2).
Security+ on the other hand deals primarily with foundational and operational aspects of cybersecurity.
If you're trying to decide which one to pursue, CISSP needs 5 years of experience. If that cert is more appealing to you or inline w/ your goals, you can start w/ CC (Certified in Cybersecurity) from the same org (ISC2).
I'm excited to put your great advice to good use!
Seth
Sneha Deb
Tech Consultant
189
Answers
Edison, New Jersey
Updated
Sneha’s Answer
Hey Seth! You're on the right track! CISSP is more focused on the governance, policy, and managerial side of cybersecurity. It’s ideal for those aiming for leadership roles like security analyst, consultant, or CISO. Security+, on the other hand, is more foundational and technical, covering core concepts like network security, threats, and tools which are great for someone starting out in hands-on security roles. Think of Security+ as a solid entry point, and CISSP as a step toward strategic and enterprise-level security management once you have more experience. Good luck!
Thank you for sharing your perspective.
Seth
Dr. Rita Stafford
Director Business Resilience & Crisis Management
11
Answers
New York, New York
Updated
Dr. Rita’s Answer
Hi Seth,
They are two different certification groups but I am not sure I would categorize one as being for governance and one for being for technology focus. The CISSP is intended for professionals with experience and covers a broad range of security topics (both for those more on the technical side of security and those on the governance / management side of security). The Security+ certification provides coverage across a broad range of security topics for those interested in a security career and aligns with ISO and DoD standards. So if you are interested in the technology side of Cyber, either certification applies. Same if you are interested in the governance side. Your overall skills and experience is what round out the job opportunities for you.
They are two different certification groups but I am not sure I would categorize one as being for governance and one for being for technology focus. The CISSP is intended for professionals with experience and covers a broad range of security topics (both for those more on the technical side of security and those on the governance / management side of security). The Security+ certification provides coverage across a broad range of security topics for those interested in a security career and aligns with ISO and DoD standards. So if you are interested in the technology side of Cyber, either certification applies. Same if you are interested in the governance side. Your overall skills and experience is what round out the job opportunities for you.
Loved reading this, thanks!
Seth
Hannah Anderson
Cloud Security Engineering Product Manager
6
Answers
Stephenson, Virginia
Updated
Hannah’s Answer
Great question! I personally felt that the Security+ cert study materials were very network focused and required some background knowledge in networking components and how they work together. The CISSP is marketed, I believe, to be more of a management approach to information security, but the in-depth technical knowledge wasn't a prerequisite to understanding their study materials. However, it does get fairly in depth with some technical aspects, like cryptography. So if you don't have a lot of prior technical experience, don't worry, but you might have to re-read some sections more than once and lookup anything that still isn't clear from their explanations.
Thanks, can't wait to put this advice into action!
Seth