Security Basics mailing list archives
RE: I've passed the CISSP exam, few months back...Now what???
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 9 Sep 2005 15:38:11 -0600
Honestly, this is the most difficult requirement. I posed the question that if I am a network engineer or IT generalist who works in security on a regular but not "full time" basis, if I would qualify and I was given a "most defiantly NO WAY" answer from ISC2. Of course, I can pass the CISSP practice exams blindfolded and I already passed their SSCP exam without much outside studying, but according to the person I spoke with at ISC2, I shouldn't even have an SSCP because my official title is "IT Specialist" and half of my day is spent rebooting computers and installing MSOffice, since that sort of thing is one of those "somebody's gotta do it" jobs. Today, with MOST security positions requiring a CISSP, this demand from the ISC2 seems a bit silly and I know many people who simply "fudge" their work experience and put down their "Helpdesk Technician" job as a security reference... But ISC2 has made it clear they do NOT find that acceptable, at least in the letter their representative sent me. After taking the SSCP, however; I have found that my security experience does not generally qualify for CPE credits. I can pentest my company and any number of job activities all I want, all day long, but if I didn't pay for it and/or it didn't have an instructor to sign off that it was "training", it doesn't count toward the CPE requirements. I could attend one or two week-long classes per year and never do any security on the other 50 weeks of the year and maintain my cert, but doing security 50% of the day, every single day, but not finding time for CPE classes, my cert is going to expire in a few months and I will have to retake the exam or I will have to pay to get some CPEs. Yes, you can get CPEs free, by subscribing to a major security newsletter you get a few and by writing and publishing articles, you get a few, but I have never found someone who was able to maintain their CPEs without paying for at least one training session. My opinion of the SSCP (being one of only uhhm.. like 1000 SSCPs in the country), is that it is a relatively useless cert and the CISSP is a "managerial" cert in that I know people who know VIRTUALLY NOTHING about "real" security who were able to pass the exam by memorizing terms from the book. It is heavily based on correct terminology and theoretical concepts less so on real-world applications of these concepts. This is fine as a basis for more, but it makes a poor end-all-be-all security certification as so many people (and job recruiters) seem to think it is. It's an "administrative" cert, good for middle management... that's the best use for it I see. Of course, this isn't the case with practitioners required to have it, but this is how I feel it SHOULD be. Regardless, that's my opinion of THAT exam. Eric -----Original Message----- From: Christopher Carpenter [mailto:ccarpenter () dswa net] Sent: Friday, September 09, 2005 10:45 AM To: tech.louie () verizon net; security-basics () securityfocus com Subject: RE: I've passed the CISSP exam, few months back...Now what??? Importance: Low The (ISC)2 has a study guide for the CISSP exam that I found more than adequate for preparation. https://www.isc2.org/cgi-bin/content.cgi?category=1328 Keep in mind that you need to have verified professional experience to obtain the certification. From https://www.isc2.org/cgi-bin/content.cgi?category=1187 : "Applicants must have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree. Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement." Christopher Carpenter, CISSP -----Original Message----- From: Louie [mailto:tech.louie () verizon net] Sent: Thursday, September 08, 2005 8:49 PM To: rami9009 () hotmail com; security-basics () securityfocus com Subject: RE: I've passed the CISSP exam, few months back...Now what??? If you don't mind me asking, what books did you study or material. I'm also trying to see if I could go for CISSP... Any kind of help would be great.. --Louie -----Original Message----- From: rami9009 () hotmail com [mailto:rami9009 () hotmail com] Sent: Wednesday, September 07, 2005 9:51 PM To: security-basics () securityfocus com Subject: I've passed the CISSP exam, few months back...Now what??? I have passed the CISSP exam few month back. I have almost 14 years experience in the IT field, support, networking, and routing. I thought that adding security to this profile will be cool. . I prepared for it just like any other exam; I read the right books, studied well and passed. The problem is that now few months later I feel that I have forgot everything. I want to apply for a security consultant position, but I feel that I lack the confidence to fulfill this position. What went wrong???? I am willing to devote time and effort to bridge the gap and rebuild this "Security skill set" but I don't know where to start or what book to read. Please guys advice!
Current thread:
- RE: I've passed the CISSP exam, few months back...Now what???, (continued)
- RE: I've passed the CISSP exam, few months back...Now what??? rami shami (Sep 09)
- RE: I've passed the CISSP exam, few months back...Now what??? Brunner, Mark (Sep 09)
- RE: I've passed the CISSP exam, few months back...Now what??? Christopher Carpenter (Sep 09)
- RE: I've passed the CISSP exam, few months back...Now what??? david . cahill (Sep 12)
- RE: I've passed the CISSP exam, few months back...Now what??? Harry Su (Sep 13)
- RE: I've passed the CISSP exam, few months back...Now what??? david . cahill (Sep 12)
- Re: I've passed the CISSP exam, few months back...Now what??? Dave Aronson (SecBasics) (Sep 09)
- Weird traffic Dissolved (Sep 12)
- RE: I've passed the CISSP exam, few months back...Now what??? Hayes, Ian (Sep 09)
- RE: I've passed the CISSP exam, few months back...Now what??? foxrussell (Sep 09)
- Re: I've passed the CISSP exam, few months back...Now what??? kevinlh (Sep 12)
- RE: I've passed the CISSP exam, few months back...Now what??? Hagen, Eric (Sep 12)
- Re: I've passed the CISSP exam, few months back...Now what??? l8trsk8tr (Sep 12)
- RE: I've passed the CISSP exam, few months back...Now what??? b . hines (Sep 12)
- Re: I've passed the CISSP exam, few months back...Now what??? Pigeon (Sep 15)
- RE: I've passed the CISSP exam, few months back...Now what??? Francis Kaitano (Sep 12)