Beginning a path towards CISSP or other security certification

Posted on 2006-05-08
Medium Priority
Last Modified: 2006-11-18
I am interested in delving into network/ systems security.   Not only does it interest me, but it has become a function of my job.  I was wondering if anyone could give some advice on what direction to head.  Is CISSP the way to progress or something else?  Also has anyone attended any SANS events, were they worth the time and money?  In particular, SANS Security Essentials Bootcamp Style Course.  Thank you for any guidance.

Question by:fnbgppl

Accepted Solution

kevinf40 earned 800 total points
ID: 16631500

The CISSP is more of a management type cert, and to become a full CISSP you need to demonstrate several years experience of security type work.

I would recommending starting with a certification such as the Security+ which is reasonably well recognised and provides a good foundation for progressing a security related career.

Following from that you can then look at the SSCP or similar from ISC2 which has less stringent requirements than the CISSP (1 years experience).

SANS offer a huge range of courses / certifications that can allow you to cover off specific topics - e.g. if your responsibilities require you to secure Windows servers, or set-up and IDS/IPS solution.

The SANS courses do have a good reputation but tend to be expensive, they are generally more technical than the ISC type exams.

Another good cert is the CEH (Certified Ethical Hacker) - this concentrates much more on security tools and their application (e.g. nmap, nessus etc).

Of course there are many others but these are the ones I'd look into first.

Additionally most vendors have security related certifications for their specific products - which while less transferable and potentially less use to your overall career and understanding of security principals may be very useful if you need to perform in depth management and configuration of a specific product in your role.

Hope this helps!



Assisted Solution

JexPam earned 400 total points
ID: 16633091
In addition to starting with the Security+ certification I recommend the TICSA certification (https://ticsa.trusecure.com/) . Since a lot of large companies are audited by TruSecure/Cybertrust most of these companies management will recognize the certification.

After that I recommend looking into some of the SANs certifications or custom vendor certification depending on were you want to take your career.

The CISSP is more of a management certification; however I do recommend pursuing it as it has become the defacto security certification.

Author Comment

ID: 16633380
Thank you for the information.  I basically am already management in all but title.  I'm just one of those lucky people who gets to run solo, as well as wear other hats.  I take it that any of the suggested course work will help me move towards where I want to go.  Thanks for the help.  Does anyone have any suggestions on literature, blogs, or other material that would help me progress?

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 400 total points
ID: 16637156
Lastly, just bear in mind that the CISSP is NOT a technical course, i.e. you're not going to learn how to defend your network or anything else.

A common description of the CISSP course from some of the websites I've found is that "CISSP is 1 inch thick and a mile wide".

Yes it's good for management level as it will open your eyes to all spheres of security.

Expert Comment

ID: 16637385
Purely for exam prep companies like Sybex and Exam Cram usually get good reviews for their books.

Most major companies have security blogs and rss feeds - e.g. Microsoft, Cisco etc - check web sites out.

www.techexams.net has good overviews, forums, etc for quite a few exams.

The mentioned exams all have comprehensive sites detailing exam content, requirements, helpful pointers and course materials etc for sale.
CISSP/SSCP - https://www.isc2.org

Security+ - www.comptia.org/certification/security/


Also remember google (or your favourite search engine) is your friend!



Assisted Solution

apostle12 earned 200 total points
ID: 16637668
The reason I went after CISSP is because it is not vendor specific. I have done alot of consulting work for different companies, EDS, American Airlines, Perot Systems and I have never seen any of them with just all Cisco stuff or just all Dell. It's usually a mixture of a little bit of everything.
LVL 11

Assisted Solution

prueconsulting earned 200 total points
ID: 16710543
As its been said CISSP does not provide you with any "technical knowhow". Its the 10,000 ft view of security vs some of the specific SANS offerings which provide the technical know-how on various topics depending on which you pursue. I guess the question to ask yourself is what are you attempting to accomplish by going the route of security certifications?

The Security Essentials (GSEC) is a good entry level course filled with alot of information and how to on a variety of topics ranging from windows/unixes , encryption etc.


Author Comment

ID: 16710699
Thanks to all of you for your insight.  I have a self walk through for the Security plus, and have appropriated the funds to attend Security Essentials (If I could just get them to offer it closer to the chicago area).  Any thoughts on material I should refresh on before going to the Security Essentials?  Thanks again.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Experts Exchange expands question security options for members.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question