RE: Certification Advice

[Jimi Thompson <jimit () myrealbox com>]

The CISSP requirements for "security experience" cover ANY of the 10 
common bodies of knowledge (CBK's).  This includes physical security. 
While it may sound odd, working part time as a security guard would 
count toward your job experience requirement.  I would suspect that 
you use portions of the other CBK's as well without realizing it. 
With someone, like your self, who is quite close, I suspect that you 
in fact, may well have enough experience to qualify.  My suggestion 
is that you read the descriptions of all 10 of the CBK's quite 
closely and see if you aren't using them more than you think.

HTH,

Ms. Jimi Thompson, CISSP

At 1:07 PM -0600 9/19/03, Hagen, Eric wrote:
> For you, CISSP is a good cert.
>
> My problem is that I have significant training in security, including all of
> the core requisites for a MS in InfoSec from Iowa State University (NSA
> center of excellence in security).  I'm working in General IT, leading our
> security task force, but that constitutes less than 50% of my job.  In
> addition, I can only rightfully claim about 3 years experience, which
> basically disqualifies me for the CISSP, even though I've passed a few
> practice tests with near 100% scores.
>
> Anyone have any suggestions for someone in my position, who's been studying
> computer security for many years and has formal pen-test experience as well
> as Enterprise backend security engineering experience in several large
> corporations (including a Fortune 500) but who doesn't have the resume to
> get a CISSP?
>
> I'd like to get a dedicated Security Job but it's almost impossible to be
> hired WITHOUT a CISSP these days.  Can't get a CISSP until I get a new job
> (because this company has no plans to have a full-time security specialist).
>
> Catch-22, thinking about starting my own consulting company, but that's a
> big leap for someone like me.
>
> Eric
>
>
> -----Original Message-----
> From: Neil Fryer [mailto:nfryer () marimba com]
> Sent: Thursday, September 18, 2003 4:13 AM
> To: Security Basics (E-mail)
> Subject: Certification Advice
>
>
> Hi All,
>
> I am considering getting some certifications under my belt, now my question
> to you is, what would you recommend? My background is basically 6 years as a
> *nix & MS Systems Administrator, but I want some papers that will help to
> get me into the right places one day, and more importantly I want to
> increase my security knowledge.
> I guess what I want to know is:
>
> a) What are good certifications to get, which will help to get me closer to
> getting into the security sector
> b) What certifications have a decent curriculum.
>
> Thanks in advance.
>
> Kind regards,
>
> Neil Fryer
> Marimba Software UK Ltd
> 400 Thames Valley Park Drive
> Thames Valley Park
> Reading RG6 1PT
> United Kingdom
> Support Line: 08000 156155
> http://www.marimba.com
>
>
>
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------