u/DevOpsYeah

Hey everyone,

I'm a DevOps engineer with about 1 year of experience looking to pivot into DevSecOps and eventually Security Architect level. I know CISSP is a big deal in the security world, but I'm trying to figure out if it makes sense for me right now.

My situation:

• 1 year as a DevOps engineer (Kubernetes, Helm, Terraform, containers, CI/CD)
• CS degree
• End goal: Senior Security Architect / CISO track (After years of experience)
• Current skills: Platform engineering, infrastructure, some security exposure (mTLS, RBAC, cert management)

My questions:

1. Is CISSP the right move at this stage? I've heard mixed things about whether it's worth pursuing early vs. waiting until I have more security-specific experience. What would you recommend?
2. How valuable is it for DevSecOps/Architect roles? Will it actually help with promotions and senior roles, or is it more of a "nice to have"?
3. What tools and techniques should I be learning alongside the cert? I want to make sure I'm building practical skills, not just studying for an exam. What does the day-to-day look like for DevSecOps engineers?
4. Exam cost and discounts: What's the actual breakdown? (exam fee, training materials, exam attempt costs?) Any discount codes or ISC2 member discounts I should know about?
5. Looking for mentorship: Would anyone with CISSP be open to providing some guidance through this process? I'm not sure what I can offer in return, but I'm genuinely committed to learning. How does the endorsement process work if someone helps mentor me?
6. How do endorsements actually work? Do you need to already have the cert to be endorsed, or can mentors/colleagues endorse your application once you've passed the exam?