RE: I've passed the CISSP exam, few months back...Now what???

["Brunner, Mark" <MBrunner () tor fasken com>]

These feelings that you are having actually aren't all that unusual.  Exams serve as a benchmark, and can only test for 
a level of knowledge, and not for the ability to apply or use that knowledge in a real world situation.

As an SSCP certified former teacher pursuing CISSP certification, I would offer the following for anyone that has just 
gained ANY certification and is now uncertain of their readiness to use that knowledge.  I am currently lacking the 
means or the time to write the CISSP.  I usually have the time, but not the cash, or the cash but no time.  I'm doing 
or have done everything that I _imagine_ a Security Consultant would do, have read the right and some of the wrong 
books, can spot the differences, and have gotten my hands very dirty, applying what I have gained over the past 8 years 
on a daily basis...

First, attaining CISSP status should only be one of many objectives that lead to a larger goal.  What is it that you 
REALLY want to do or become?  Define it clearly.  Write yourself a job description, not just a title.

Next, and hopefully supporting the above, there are 10 domains defined in the CISSP BOK.  Which area(s) do you wish to 
explore further, interest you the most, and offer the most opportunity?

Continue to learn and explore.  Buy some old hardware and beat it to death.  Configure the hell out of it.  Plan each 
configuration as a different topology or scenario and see what you can do.  The experience is found in the doing.

Finally, here is an opportunity to give a little back.  Why not volunteer your services? Conduct Security Awareness 
Training to the less fortunate, do some security work for not for profit organizations, or others?  I enjoyed working 
with the Special Olympics a few years back, and got back as much as I gave.

Good to luck to you,
Mark

-----Original Message-----
From: rami9009 () hotmail com [mailto:rami9009 () hotmail com]
Sent: Thursday, September 08, 2005 12:51 AM
To: security-basics () securityfocus com
Subject: I've passed the CISSP exam, few months back...Now what???


I have passed the CISSP exam few month back. I have almost 14 years experience in the IT field, support, networking, 
and routing.  I thought that adding security to this profile will be cool. . I prepared for it just like any other 
exam; I read the right books, studied well and passed. The problem is that now few months later I feel that I have 
forgot everything. I want to apply for a security consultant position, but I feel that I lack the confidence to fulfill 
this position. What went wrong????
I am willing to devote time and effort to bridge the gap and rebuild this "Security skill set" but I don't know where 
to start or what book to read. Please guys advice!