Should I pursue CISSP or focus on a risk management track?

[AvaT]

I’m trying to decide if the CISSP is worth the effort for me right now. I have five years in network security, but my role is shifting toward broader risk management, and I’m not sure if the deep dive into all eight domains is the right move or if I should focus on something more specialized first.

[AlexanderG]

I’m five years in network security and my role is shifting toward risk management. I’ve been eyeing the CISSP, but the breadth of those eight domains feels like a wall right now. It’s not that I’m anti cert, but I’m not sure the full deep dive is worth it when I’m trying to show value in governance with real projects, not just exams.

[Riley.L]

I went a different route. I focused on hands-on risk work instead of chasing a big cert. I built a risk register, mapped controls to our top 12 assets, and ran a few vendor risk assessments. The work shipped and leadership could see the friction points; I kicked off a quarterly risk review and it bought me time to figure out what upper mgmt actually cares about.

[PaisleyPC]

I started studying for the certification but life happened. I kept up with reading, watched some videos, then kept hitting walls: way too much memorization for day-to-day work. After two months of weeknights, I slowed down and paused. I still think it could help later, but today the ROI isn’t clear.

[MadisonAA]

Maybe the problem isn’t the cert but the role scope. I keep thinking a chat with my manager about narrowing responsibilities or mapping projects to risk metrics would help more than a test. If I did go for a cert, I’d want it to map to a real project with measurable outcomes, not just a credential.