Beginning a path towards CISSP or other security certification

I am interested in delving into network/ systems security.   Not only does it interest me, but it has become a function of my job.  I was wondering if anyone could give some advice on what direction to head.  Is CISSP the way to progress or something else?  Also has anyone attended any SANS events, were they worth the time and money?  In particular, SANS Security Essentials Bootcamp Style Course.  Thank you for any guidance.

Who is Participating?

The CISSP is more of a management type cert, and to become a full CISSP you need to demonstrate several years experience of security type work.

I would recommending starting with a certification such as the Security+ which is reasonably well recognised and provides a good foundation for progressing a security related career.

Following from that you can then look at the SSCP or similar from ISC2 which has less stringent requirements than the CISSP (1 years experience).

SANS offer a huge range of courses / certifications that can allow you to cover off specific topics - e.g. if your responsibilities require you to secure Windows servers, or set-up and IDS/IPS solution.

The SANS courses do have a good reputation but tend to be expensive, they are generally more technical than the ISC type exams.

Another good cert is the CEH (Certified Ethical Hacker) - this concentrates much more on security tools and their application (e.g. nmap, nessus etc).

Of course there are many others but these are the ones I'd look into first.

Additionally most vendors have security related certifications for their specific products - which while less transferable and potentially less use to your overall career and understanding of security principals may be very useful if you need to perform in depth management and configuration of a specific product in your role.

Hope this helps!


In addition to starting with the Security+ certification I recommend the TICSA certification ( . Since a lot of large companies are audited by TruSecure/Cybertrust most of these companies management will recognize the certification.

After that I recommend looking into some of the SANs certifications or custom vendor certification depending on were you want to take your career.

The CISSP is more of a management certification; however I do recommend pursuing it as it has become the defacto security certification.
fnbgpplAuthor Commented:
Thank you for the information.  I basically am already management in all but title.  I'm just one of those lucky people who gets to run solo, as well as wear other hats.  I take it that any of the suggested course work will help me move towards where I want to go.  Thanks for the help.  Does anyone have any suggestions on literature, blogs, or other material that would help me progress?

Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Leon FesterSenior Solutions ArchitectCommented:
Lastly, just bear in mind that the CISSP is NOT a technical course, i.e. you're not going to learn how to defend your network or anything else.

A common description of the CISSP course from some of the websites I've found is that "CISSP is 1 inch thick and a mile wide".

Yes it's good for management level as it will open your eyes to all spheres of security.
Purely for exam prep companies like Sybex and Exam Cram usually get good reviews for their books.

Most major companies have security blogs and rss feeds - e.g. Microsoft, Cisco etc - check web sites out. has good overviews, forums, etc for quite a few exams.

The mentioned exams all have comprehensive sites detailing exam content, requirements, helpful pointers and course materials etc for sale.

Security+ -

Also remember google (or your favourite search engine) is your friend!


The reason I went after CISSP is because it is not vendor specific. I have done alot of consulting work for different companies, EDS, American Airlines, Perot Systems and I have never seen any of them with just all Cisco stuff or just all Dell. It's usually a mixture of a little bit of everything.
As its been said CISSP does not provide you with any "technical knowhow". Its the 10,000 ft view of security vs some of the specific SANS offerings which provide the technical know-how on various topics depending on which you pursue. I guess the question to ask yourself is what are you attempting to accomplish by going the route of security certifications?

The Security Essentials (GSEC) is a good entry level course filled with alot of information and how to on a variety of topics ranging from windows/unixes , encryption etc.

fnbgpplAuthor Commented:
Thanks to all of you for your insight.  I have a self walk through for the Security plus, and have appropriated the funds to attend Security Essentials (If I could just get them to offer it closer to the chicago area).  Any thoughts on material I should refresh on before going to the Security Essentials?  Thanks again.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.