RE: Certification Advice

["Berberi,Steve" <steve.berberi () surete qc ca>]

So If you had one cert to get among CISSP, CCSP and GSEC, wich on would you choose?

steve

-----Message d'origine-----
De: Hagen, Eric [mailto:ehagen () DenverNewspaperAgency com]
Date: 20 septembre, 2003 15:34
À: Jimi Thompson; Hagen, Eric; Neil Fryer; Security Basics (E-mail)
Objet: RE: Certification Advice


I'm looking at the SSCP for now.  While I've studied graduate level info
security at one of the NSA's Centers of Excellence, I don't actually have
the degree, so I would be required to have 4 years experience.  At this
point, 4 years ago, I was only half-done with my BS degree.  If i use my
Internships as a Network Engineer for two summers, AND my work on campus
securing one of their private networks, I can barely justify claiming 3
years.  I guess I'll have to wait on that one at least another year.  Then
again, I can always take the exam as an Associate and then just fill out the
paperwork once I can claim the experience.

I'll look into the SANS track as well.  Thanks for your help.

Eric Hagen

PS, someone wish me happy birthday.  I just turned 23 today :-)

-----Original Message-----
From: Jimi Thompson [mailto:jimit () myrealbox com]
Sent: Friday, September 19, 2003 5:52 PM
To: Hagen, Eric; Neil Fryer; Security Basics (E-mail)
Subject: RE: Certification Advice


The CISSP requirements for "security experience" cover ANY of the 10 
common bodies of knowledge (CBK's).  This includes physical security. 
While it may sound odd, working part time as a security guard would 
count toward your job experience requirement.  I would suspect that 
you use portions of the other CBK's as well without realizing it. 
With someone, like your self, who is quite close, I suspect that you 
in fact, may well have enough experience to qualify.  My suggestion 
is that you read the descriptions of all 10 of the CBK's quite 
closely and see if you aren't using them more than you think.

HTH,

Ms. Jimi Thompson, CISSP

At 1:07 PM -0600 9/19/03, Hagen, Eric wrote:
> For you, CISSP is a good cert.
>
> My problem is that I have significant training in security, including all
of
> the core requisites for a MS in InfoSec from Iowa State University (NSA
> center of excellence in security).  I'm working in General IT, leading our
> security task force, but that constitutes less than 50% of my job.  In
> addition, I can only rightfully claim about 3 years experience, which
> basically disqualifies me for the CISSP, even though I've passed a few
> practice tests with near 100% scores.
>
> Anyone have any suggestions for someone in my position, who's been studying
> computer security for many years and has formal pen-test experience as well
> as Enterprise backend security engineering experience in several large
> corporations (including a Fortune 500) but who doesn't have the resume to
> get a CISSP?
>
> I'd like to get a dedicated Security Job but it's almost impossible to be
> hired WITHOUT a CISSP these days.  Can't get a CISSP until I get a new job
> (because this company has no plans to have a full-time security
specialist).
> Catch-22, thinking about starting my own consulting company, but that's a
> big leap for someone like me.
>
> Eric
>
>
> -----Original Message-----
> From: Neil Fryer [mailto:nfryer () marimba com]
> Sent: Thursday, September 18, 2003 4:13 AM
> To: Security Basics (E-mail)
> Subject: Certification Advice
>
>
> Hi All,
>
> I am considering getting some certifications under my belt, now my question
> to you is, what would you recommend? My background is basically 6 years as
a
> *nix & MS Systems Administrator, but I want some papers that will help to
> get me into the right places one day, and more importantly I want to
> increase my security knowledge.
> I guess what I want to know is:
>
> a) What are good certifications to get, which will help to get me closer to
> getting into the security sector
> b) What certifications have a decent curriculum.
>
> Thanks in advance.
>
> Kind regards,
>
> Neil Fryer
> Marimba Software UK Ltd
> 400 Thames Valley Park Drive
> Thames Valley Park
> Reading RG6 1PT
> United Kingdom
> Support Line: 08000 156155
> http://www.marimba.com
>
>
>
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ---------------------------------------------------------------------------
-
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ---------------------------------------------------------------------------
-

---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------