Beginning a path towards CISSP or other security certification

Posted on 2006-05-08
Last Modified: 2006-11-18
I am interested in delving into network/ systems security.   Not only does it interest me, but it has become a function of my job.  I was wondering if anyone could give some advice on what direction to head.  Is CISSP the way to progress or something else?  Also has anyone attended any SANS events, were they worth the time and money?  In particular, SANS Security Essentials Bootcamp Style Course.  Thank you for any guidance.

Question by:fnbgppl
    LVL 5

    Accepted Solution


    The CISSP is more of a management type cert, and to become a full CISSP you need to demonstrate several years experience of security type work.

    I would recommending starting with a certification such as the Security+ which is reasonably well recognised and provides a good foundation for progressing a security related career.

    Following from that you can then look at the SSCP or similar from ISC2 which has less stringent requirements than the CISSP (1 years experience).

    SANS offer a huge range of courses / certifications that can allow you to cover off specific topics - e.g. if your responsibilities require you to secure Windows servers, or set-up and IDS/IPS solution.

    The SANS courses do have a good reputation but tend to be expensive, they are generally more technical than the ISC type exams.

    Another good cert is the CEH (Certified Ethical Hacker) - this concentrates much more on security tools and their application (e.g. nmap, nessus etc).

    Of course there are many others but these are the ones I'd look into first.

    Additionally most vendors have security related certifications for their specific products - which while less transferable and potentially less use to your overall career and understanding of security principals may be very useful if you need to perform in depth management and configuration of a specific product in your role.

    Hope this helps!


    LVL 1

    Assisted Solution

    In addition to starting with the Security+ certification I recommend the TICSA certification ( . Since a lot of large companies are audited by TruSecure/Cybertrust most of these companies management will recognize the certification.

    After that I recommend looking into some of the SANs certifications or custom vendor certification depending on were you want to take your career.

    The CISSP is more of a management certification; however I do recommend pursuing it as it has become the defacto security certification.
    LVL 1

    Author Comment

    Thank you for the information.  I basically am already management in all but title.  I'm just one of those lucky people who gets to run solo, as well as wear other hats.  I take it that any of the suggested course work will help me move towards where I want to go.  Thanks for the help.  Does anyone have any suggestions on literature, blogs, or other material that would help me progress?

    LVL 26

    Assisted Solution

    by:Leon Fester
    Lastly, just bear in mind that the CISSP is NOT a technical course, i.e. you're not going to learn how to defend your network or anything else.

    A common description of the CISSP course from some of the websites I've found is that "CISSP is 1 inch thick and a mile wide".

    Yes it's good for management level as it will open your eyes to all spheres of security.
    LVL 5

    Expert Comment

    Purely for exam prep companies like Sybex and Exam Cram usually get good reviews for their books.

    Most major companies have security blogs and rss feeds - e.g. Microsoft, Cisco etc - check web sites out. has good overviews, forums, etc for quite a few exams.

    The mentioned exams all have comprehensive sites detailing exam content, requirements, helpful pointers and course materials etc for sale.

    Security+ -

    Also remember google (or your favourite search engine) is your friend!


    LVL 2

    Assisted Solution

    The reason I went after CISSP is because it is not vendor specific. I have done alot of consulting work for different companies, EDS, American Airlines, Perot Systems and I have never seen any of them with just all Cisco stuff or just all Dell. It's usually a mixture of a little bit of everything.
    LVL 11

    Assisted Solution

    As its been said CISSP does not provide you with any "technical knowhow". Its the 10,000 ft view of security vs some of the specific SANS offerings which provide the technical know-how on various topics depending on which you pursue. I guess the question to ask yourself is what are you attempting to accomplish by going the route of security certifications?

    The Security Essentials (GSEC) is a good entry level course filled with alot of information and how to on a variety of topics ranging from windows/unixes , encryption etc.

    LVL 1

    Author Comment

    Thanks to all of you for your insight.  I have a self walk through for the Security plus, and have appropriated the funds to attend Security Essentials (If I could just get them to offer it closer to the chicago area).  Any thoughts on material I should refresh on before going to the Security Essentials?  Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now