Every forum or blog where you go and they are talking about the CISSP they will mention that it is 1 mile wide and 1 inch deep. Also when you are applying to a Security Analyst position they require CISSP and the functions are not a CISSP position at all. All of this is true.

 

So why "Thanks CISSP, you help me in this job", guess it is because what the CISSP teach you help you to move around in that Security Analyst job, let me explain you.

 

Imagine that you are at your desk and you receive a ticket where you need to grant access to a user to a shared folder, the ticket just said: Allow access to \\server\data. So the ticket doesn't say what kind of access and you are not a mind reader to know what the person was thinking when submitted the ticket. So you think, the user need the right access to develop his job (probably you do not have any exact idea of the user job), so you manage "need to know" and the least privilege. You tried to contact the person who submit the ticket and it is not available. So what access you provided: Read Only until otherwise.

 

Five minutes later somebody call you for a physical incident and need to gab more information, then you access the DVR and begin to pull some videos with the incident time frame and in your mind you begin to think how to prevent that incident in the future.

 

Twenty minutes later your boss call you and mention that a company will do internal pentest to compliance with PCI.

 

Yes, in less that 1 hours you use your "wide" knowledge got it in your CISSP, and I am not mention other subject in the whole day. So "Thanks CISSP, you help me in this job" you will be able to move around and going deep with more experience, certifications and all the CPE you have to full fill.