Full Disclosure mailing list archives
Re: Path to IT Security
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Wed, 19 Jan 2011 11:59:00 -0600
In order to get a CISSP you must have five years of direct full time experience in two or more of the ten security domains. So you would have to get hired to work in security *before* you could even test for the CISSP. You can reduce the requirement by one year if you have a college degree or a Masters in Information Security. If you have no experience in IT at all, then you need to get a job in IT and begin to understand TCP/IP and networking. Until you understand those well, you can't begin to understand operational security work. If you have those under your belt already, then work to get hired by your current company's security department as a first level security analyst. Play around with open source tools at home so you're familiar with how they work and what they do. Read security blogs, subscribe to security lists and pay attention. Learn who's blowing smoke and who knows what they're doing. To pass the CISSP test you're going to need to have at least a basic understanding of cryptography, security policies, risk management, business continuity, disaster recovery, physical as well as virtual security and operational controls. But you've got at least five years plus to learn, so hit the books and get as much hands on as you can. --On January 18, 2011 5:26:07 PM -0800 bk <chort0 () gmail com> wrote:
On Jan 18, 2011, at 8:10 AM, Emmanuel Apreko wrote: After researching i found out that the most prestigious security certification is the CISSP and it seems like a very long journey to it since i have no experience in it at all but need to get my foot in. Any certificate that is a based on a multiple-choice test is basically testing your ability to memorize and recall, not your actual competence in a field. Could anyone please advise me on the best path to being a security professional? ie from beginner to pro? All advise will be well appreciated. Go to conferences (small local ones, not the big expensive ones), start following InfoSec people on Twitter, read InfoSec blogs. You'll learn more doing those than from all the certificates combine. Once you have a knowledge, then study for a cert if you think you need it to get a job. It should be pretty easy, since you'll be familiar with most of the ideas already. I got a certificate to get past HR and because it looks pretentious on a business card. It wasn't worth the hassle of submitting paperwork and paying dues to continue having it, so I let it lapse. I haven't had any problem getting a job since then. -- bk
-- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Path to IT Security Emmanuel Apreko (Jan 18)
- Re: Path to IT Security Christian Sciberras (Jan 18)
- Re: Path to IT Security Gary Baribault (Jan 18)
- Re: Path to IT Security bk (Jan 18)
- Re: Path to IT Security Paul Schmehl (Jan 19)
- Re: Path to IT Security Thor (Hammer of God) (Jan 19)
- Re: Path to IT Security Gary Baribault (Jan 19)
- Re: Path to IT Security Paul Schmehl (Jan 19)
- Re: Path to IT Security Christian Sciberras (Jan 18)
- Re: Path to IT Security Georgi Guninski (Jan 20)
- Re: Path to IT Security Cal Leeming [Simplicity Media Ltd] (Jan 20)
- Re: Path to IT Security Robert Święcki (Jan 20)
- Re: Path to IT Security Marsh Ray (Jan 20)
- Re: Path to IT Security Cal Leeming [Simplicity Media Ltd] (Jan 20)
- Re: Path to IT Security coderman (Jan 20)
- Re: Path to IT Security Meadow (Jan 21)
- <Possible follow-ups>
- Re: Path to IT Security Howdy Ho (Jan 23)