Announcement

Collapse
No announcement yet.

Cissp

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cissp

    Anyone around here got their CISSP?

    I had a plan which was to get my MCDBA and MCSE, and then to move on to "real" certifications..

    Well I got my MCITPBA a while ago (doing the beta for the SQL 2008 MCTS soon as well, but that doesn't cut into available study time for my CISSP) and just finished my MCITP:EA.

    I checked the schedule and the next CISSP exams in my town are at the beginning of August (WAY too fast) and the other one is in December, so that gives me a few months.

    At my current job I do a lot of access control, some encryption, quite a bit of server hardening, some auditing, etc, and at previous jobs I handled a bit of other stuff which is also CBK material.

    I grabbed the official (ISC)˛ Guide to the CISSP CBK book already (from the library at work) and I'm planning on getting the CISSP All-in-One Exam Guide , which is apparently easier to read.

    I'm not sure what to expect from the exam so I am wondering if my goal of doing it by December is realistic at all.

    I was planning on reading about one topic per week (that's 10 weeks, let's make it 3 months) which leads me to October. Then I have two months to read the second book, and to review the areas where I am obviously weaker from less experience.

    Can any CISSPs comment?

    Thanks
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: Cissp

    I'm not a CISSP and I'm even doubt if I ever will do this one unless it's gets more value over here.
    all over the place you will hear that it's a mile wide and one inch deep.
    So they will teach you everything, but just the basics.

    I'm not sure how valueble it is in your country, but you always can check the jobmarket if there is a lot of requests for it

    I think you're better of with either CCSP, CCNP, or CCSE

    Currently I'm a CCNA, CCSA, CCSE, CCSE+ and working towards MCSE +security and W2k8 certification.
    After that I will probably do CCSP
    Last edited by Dumber; 4th July 2008, 15:57.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Cissp

      Yeah I've heard about the "mile wide inch deep" comment...but I feel like that is actually a good and a bad thing.

      There are some things in which I'm pretty good, and others where I don't have much knowledge (CCTV, physical security etc) and I don't think you can expect anyone to be able to pass a single exam that would be a mile wide AND a mile deep.. Though multiple more targetted exams might be nice

      Checking the job market here shows that the CISSP is, while not extremely popular, asked for many nice jobs around here, including some at my current company. Most of the jobs have titles such as "Security Architect" at pretty big companies.

      Searching for CCSP on the same site returns nothing.


      Also, I'd like to have at least one non vendor specific certification on my resumé..which doesn't mean I won't look at a CCSP eventually..
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: Cissp

        So you want at least one vendor neutral cert, eh? Take a look at certs from GIAC such as the GSEC. It should be said that some of the GIAC certs are of uncertain worth in the job market. For instance, have you ever heard of the GIAC Certified Windows Security Administrator (GCWN)? Neither have I. That doesn't mean that the cert is easy or that it's not a good measure of your knowledge, but if no-one has ever heard of it then what's the point? However, my understanding of the GSEC is that it's fairly well respected.

        How about the CEH? I think Dumber was looking into the CEH (right, Dumber?) so he may be able to tell you a bit about that (I'd like to hear more about it myself). The CISM and CISA may be of interest to you. There's the itty-bitty Security+ too.

        You may want to look into some "Offensive Security" training (which counts as as ISC2 CPE Credits).

        Are you only interested in security related certs right now or are you considering other vendor neutral certs, such as the LPIC 1 and 2?
        Wesley David
        LinkedIn | Careers 2.0
        -------------------------------
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

        Comment


        • #5
          Re: Cissp

          I think GIAC is worthless for Windows, because of the lack of recognition. And again, the vendor of the cert might be neutral but the content is Windows specific.

          When I think of GIAC, I think of GCUX.


          Yes, LPI institute is interesting right now however I need to concentrate on security for now.


          CEH looks interesting but most people don't know it here yet..

          I work for a major outsourcing company and some of our major clients are often looking for security architects with good Windows infrastructure skills/CISSP/SOX knowledge.. think banks, insurance companies etc..


          Originally posted by Nonapeptide View Post
          So you want at least one vendor neutral cert, eh? Take a look at certs from GIAC such as the GSEC. It should be said that some of the GIAC certs are of uncertain worth in the job market. For instance, have you ever heard of the GIAC Certified Windows Security Administrator (GCWN)? Neither have I. That doesn't mean that the cert is easy or that it's not a good measure of your knowledge, but if no-one has ever heard of it then what's the point? However, my understanding of the GSEC is that it's fairly well respected.

          How about the CEH? I think Dumber was looking into the CEH (right, Dumber?) so he may be able to tell you a bit about that (I'd like to hear more about it myself). The CISM and CISA may be of interest to you. There's the itty-bitty Security+ too.

          You may want to look into some "Offensive Security" training (which counts as as ISC2 CPE Credits).

          Are you only interested in security related certs right now or are you considering other vendor neutral certs, such as the LPIC 1 and 2?
          VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

          Comment


          • #6
            Re: Cissp

            Originally posted by gepeto View Post
            I think GIAC is worthless for Windows, because of the lack of recognition. And again, the vendor of the cert might be neutral but the content is Windows specific.
            Are other GIAC certs (other than GCUX) known in your area? E.g. GIAC Security Essentials Certification (GSEC), GIAC Certified Penetration Tester (GPEN), GIAC Certified Firewall Analyst (GCFW), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), GIAC Assessing Wireless Networks (GAWN), etc.?

            Take a look at their cert listings, especially under the "Security Administration" section.
            Wesley David
            LinkedIn | Careers 2.0
            -------------------------------
            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
            Vendor Neutral Certifications: CWNA
            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

            Comment


            • #7
              Re: Cissp

              CEH is gaining more and more popularity over here.
              However I don't see the use to do a vendor neutral certification.
              So what if you know Microsoft and Cisco???
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Cissp

                I'm not saying vendor specific is bad, I'm saying I need neutral ones. They're sought after for architecture positions, where you might touch a lot of different hardware and software..
                VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                Comment


                • #9
                  Re: Cissp

                  Ok I've found something quite interesting for CISSP.
                  For me it has the couple of years no use to take the exam.
                  I Don't have 5 years of experience within security.
                  http://en.wikipedia.org/wiki/CISSP

                  Candidates for the CISSP must meet several requirements:
                  • Possess a minimum of five years of direct full-time security work experience in two or more of the ten ISC2 information security domains (CBK). One year may be waived for having either a four-year college degree, a Master's degree in Information Security, or for possessing one of a number of other certifications from other organizations.
                  • Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.
                  • Answer four questions regarding criminal history and related background.
                  • Pass the CISSP exam with a scaled score of 700 points or greater. The exam is multiple choice, consisting of 250 questions with four options each, to be answered over a period of six hours.
                  • Have their qualifications endorsed by another CISSP or other qualified professional. The endorser attests that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.

                  The 10 domains can be found in de wiki article
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: Cissp

                    Originally posted by Dumber View Post
                    Ok I've found something quite interesting for CISSP.
                    For me it has the couple of years no use to take the exam.
                    I Don't have 5 years of experience within security.
                    http://en.wikipedia.org/wiki/CISSP




                    The 10 domains can be found in de wiki article
                    How many more years to you have to go? Certainly not too many. Also, do you know a CISSP that you can work with to get endorsed by?
                    Wesley David
                    LinkedIn | Careers 2.0
                    -------------------------------
                    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                    Vendor Neutral Certifications: CWNA
                    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                    Comment


                    • #11
                      Re: Cissp

                      http://www.insidetech.com/benefits/2...fter-it-skills

                      Check page 4-6 for cert info. Haven't heard of CISM before this thread, but according to this article, it's worth some serious cash.

                      http://www.isaca.org/Template.cfm?Se..._Certification

                      The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise's information security (IS). The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential. The CISM job practice also defines a global job description for the information security manager and a method to measure existing staff or compare prospective new hires.
                      Looks like they only do the test twice a year, and to keep the cert, you need to continue your education and have a good amount of experience. CISSP is one of the certs that can substitute for experience.
                      http://www.isaca.org/Template.cfm?Section=Requirements1
                      Last edited by Wired; 2nd August 2008, 01:26.
                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Cissp

                        Originally posted by Nonapeptide View Post
                        How many more years to you have to go? Certainly not too many. Also, do you know a CISSP that you can work with to get endorsed by?
                        3 more years to go
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment

                        Working...
                        X