Security Basics mailing list archives
RE: Certification Advice
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Sat, 20 Sep 2003 13:33:36 -0600
I'm looking at the SSCP for now. While I've studied graduate level info security at one of the NSA's Centers of Excellence, I don't actually have the degree, so I would be required to have 4 years experience. At this point, 4 years ago, I was only half-done with my BS degree. If i use my Internships as a Network Engineer for two summers, AND my work on campus securing one of their private networks, I can barely justify claiming 3 years. I guess I'll have to wait on that one at least another year. Then again, I can always take the exam as an Associate and then just fill out the paperwork once I can claim the experience. I'll look into the SANS track as well. Thanks for your help. Eric Hagen PS, someone wish me happy birthday. I just turned 23 today :-) -----Original Message----- From: Jimi Thompson [mailto:jimit () myrealbox com] Sent: Friday, September 19, 2003 5:52 PM To: Hagen, Eric; Neil Fryer; Security Basics (E-mail) Subject: RE: Certification Advice The CISSP requirements for "security experience" cover ANY of the 10 common bodies of knowledge (CBK's). This includes physical security. While it may sound odd, working part time as a security guard would count toward your job experience requirement. I would suspect that you use portions of the other CBK's as well without realizing it. With someone, like your self, who is quite close, I suspect that you in fact, may well have enough experience to qualify. My suggestion is that you read the descriptions of all 10 of the CBK's quite closely and see if you aren't using them more than you think. HTH, Ms. Jimi Thompson, CISSP At 1:07 PM -0600 9/19/03, Hagen, Eric wrote:
For you, CISSP is a good cert. My problem is that I have significant training in security, including all
of
the core requisites for a MS in InfoSec from Iowa State University (NSA center of excellence in security). I'm working in General IT, leading our security task force, but that constitutes less than 50% of my job. In addition, I can only rightfully claim about 3 years experience, which basically disqualifies me for the CISSP, even though I've passed a few practice tests with near 100% scores. Anyone have any suggestions for someone in my position, who's been studying computer security for many years and has formal pen-test experience as well as Enterprise backend security engineering experience in several large corporations (including a Fortune 500) but who doesn't have the resume to get a CISSP? I'd like to get a dedicated Security Job but it's almost impossible to be hired WITHOUT a CISSP these days. Can't get a CISSP until I get a new job (because this company has no plans to have a full-time security
specialist).
Catch-22, thinking about starting my own consulting company, but that's a big leap for someone like me. Eric -----Original Message----- From: Neil Fryer [mailto:nfryer () marimba com] Sent: Thursday, September 18, 2003 4:13 AM To: Security Basics (E-mail) Subject: Certification Advice Hi All, I am considering getting some certifications under my belt, now my question to you is, what would you recommend? My background is basically 6 years as
a
*nix & MS Systems Administrator, but I want some papers that will help to get me into the right places one day, and more importantly I want to increase my security knowledge. I guess what I want to know is: a) What are good certifications to get, which will help to get me closer to getting into the security sector b) What certifications have a decent curriculum. Thanks in advance. Kind regards, Neil Fryer Marimba Software UK Ltd 400 Thames Valley Park Drive Thames Valley Park Reading RG6 1PT United Kingdom Support Line: 08000 156155 http://www.marimba.com --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------
-
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------
- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Certification Advice, (continued)
- Re: Certification Advice Meritt James (Sep 19)
- RE: Certification Advice Hagen, Eric (Sep 19)
- RE: Certification Advice Jimi Thompson (Sep 22)
- RE: Certification Advice Eugene Tawiah (Sep 19)
- RE: Certification Advice Preston Newton (Sep 19)
- RE: Certification Advice m0use (Sep 19)
- RE: Certification Advice secureot (Sep 19)
- RE: Certification Advice secureot (Sep 19)
- RE: Certification Advice Preston Newton (Sep 19)
- RE: Certification Advice Brian Austin (Sep 19)
- RE: Certification Advice Martin, James E. (Sep 19)
- RE: Certification Advice Hagen, Eric (Sep 22)
- RE: Certification Advice Berberi,Steve (Sep 22)
- Re: Certification Advice Clateu Borada (Sep 23)