Security Basics mailing list archives
RE: CISSP without experience
From: "NetEng" <NetEng () EliteMail Org>
Date: Tue, 15 Feb 2005 16:33:08 -0800
The only issue with taking the certification without experience is that questions asked on the exam rely on your experience as a Security Administrator, with depth (four years). Look at the CCNA and other certifications that are now fairly devalued quite a bit (thankfully they have been revamped), but overall the CISSP stands out for integrity and above all experience in several domains of Information Security. There is a reason why the CISSP is one of the highest respected certifications in the InfoSec arena. How can you call yourself an ISO Information Security Officer and not have the valuable experience required to handle such a position? By doing so, you could easily place your entire organization at risk because of your lack of practical knowledge. The best way to pass this exam is to STUDY. To gain experience in InfoSec means to work in a role such as a Network Engineer, or Systems Administrator with Security as a "second" focus to give you the experience you need until you can get promoted to InfoSec full time. You will find that a majority of the best ISO's have network, systems or even desktop services backgrounds on their resume. It is important as an ISO to understand all functions of Information Technology (business flow) because of the recommendations for security you will recommend and enforce! InfoSec is a long journey and isn't meant for people who don't know or understand even basic concepts of how to handle risk assessments, securing of infrastructures, or incident handling etc. When it comes down to it, knowledge and experience is going to be fully required when there is a security incident - for which you won't be prepared to handle. During an interview with a real ISO, your weaknesses will be discovered and your certification won't be worth the paper it is printed on, such as a paper MCSE was back in the Dot.Com era. During a technical interview (which more and more companies are using to weed out less qualified candidates), you will be tested and grilled on not just concepts - but overall knowledge which could only have come from experience. Therefore, memorization of the ten domains and questions/answers won't help you at all. Do the InfoSec industry a favor and please re-think your career choice. There are many ways to get to InfoSec, but not any real short cuts.
Current thread:
- CISSP without experience Varun Pitale (Feb 14)
- Re: CISSP without experience Gautam R. Singh (Feb 15)
- RE: CISSP without experience Clement Dupuis (Feb 17)
- Re: CISSP without experience Times Enemy (Feb 17)
- Re: CISSP without experience Andre Derek Protas (Feb 17)
- Re: CISSP without experience routerg (Feb 15)
- Re: CISSP without experience dave (Feb 15)
- <Possible follow-ups>
- RE: CISSP without experience Hardeep (Feb 15)
- RE: CISSP without experience NetEng (Feb 17)
- RE: CISSP without experience Andrew Shore (Feb 15)
- Re: CISSP without experience Ivan Coric (Feb 15)
- RE: CISSP without experience GaddyJrB (Feb 15)
- RE: CISSP without experience Fu Wang, Thio (Feb 15)
- RE: CISSP without experience Robert Hines (Feb 17)
- Re: CISSP without experience Kevin Conaway (Feb 17)
- RE: CISSP without experience Robinson, Sonja (Feb 17)
- RE: CISSP without experience James Michael Stewart (Feb 19)
- RE: CISSP without experience Steve Fletcher (Feb 24)
- RE: CISSP without experience Clement Dupuis (Feb 24)
- RE: CISSP without experience James Michael Stewart (Feb 19)
- Re: CISSP without experience Gautam R. Singh (Feb 15)