Planning for CISSP Associate - Need help

myself_hyd

Hi,
I have been reviewing threads in this section for quite a few days now. After reading these many experiences and inputs from test takers, I am a bit confused on what preparation strategy to follow. I have the Shon Harris 6th edition which I just started, but would it be the right path considering the change in the CBK?

I have 2+years of experience in InfoSec industry. I also have a Master's degree (MS) in Computer Security.

One more question I have is, if I pass the CISSP today and get a ' Associate of (ISC)²', will I need to submit the CPE's for the next 2 years until I become a complete CISSP (not an (ISC)² associate)?

NetworkNewb

Someone correct me if I'm wrong, but by passing the exam you just get the "Associate of (ISC)²" title. You don't get use the term CISSP at all, not even with associate, until you get the required experience.

kvponkshe

Mere passing the exam does not means that you are CISSP or Associate of CISSP.Please see below steps that ISC 2 ask you to do.
*************
Step 2
If you currently have the required number of years of experience to be endorsed, you must complete the endorsement process within nine (9) months of your exam date. You may begin the endorsement process by submitting a completed endorsement form to (ISC)². For detailed information about the professional experience requirement for the CISSP certification, please visit www.isc2.org/cissp-professional-experience.aspx.
If you do not have the required number of years of professional experience, you can become an Associate of (ISC)². However, it is your responsibility to contact (ISC)² within nine (9) months of your exam date to tell us your intent.

****************
Also I think you need to get requred CPE per year even for Associate of CISSP

myself_hyd

Apologies.. I meant Associate of (ISC)² and not 'associate of CISSP'.

renacido

Not to discourage you from taking this exam, but keep in mind that there are certs more relevant and valuable at this early stage in your career. Non-security specific training experience and certs are also valuable in security.

jamesleecoleman

Why not go for the SSCP for now?

myself_hyd

renacido wrote: »

Not to discourage you from taking this exam, but keep in mind that there are certs more relevant and valuable at this early stage in your career. Non-security specific training experience and certs are also valuable in security.

I thought going for this prestigious exam would do me good knowledge-wise and career-wise as well. And if I maintain the required CPEs till I get the required experience, I will then become a CISSP. Correct me if I'm wrong?

renacido

You're not "wrong". My point is this: there is a reason why they require no less than 4 years full time experience for CISSP. It's a management cert. And what's the key qualification for a management position in infosec (or any field)? Experience.

Furthermore, CISSP is all knowledge and judgement questions and scenarios where you are making decisions as a Security Manager or CISO. It has technical content but does not test an individual's hands on technical skills and the technical content of the CISSP is more basic than other security certs, therefore if I'm looking for a guy (or gal) who I know can identify intrusions or lead incident response or test for vulnerabilities or identify root cause of an incident or do security engineering work with MCSE/CCIE guys then I'd rather see more technical certs not solely assoc of isc2. Don't get me wrong, I don't see assoc of ISC2 as having no value, just saying that it may not serve you as well in your career as technical certs will because to be honest until you have enough experience to qualify for mid-level management positions it's not very helpful other than demonstrating that you want to be a CISO someday. Just my opinion, good luck with the exam.

myself_hyd

renacido wrote: »

You're not "wrong". My point is this: there is a reason why they require no less than 4 years full time experience for CISSP. It's a management cert. And what's the key qualification for a management position in infosec (or any field)? Experience.

Furthermore, CISSP is all knowledge and judgement questions and scenarios where you are making decisions as a Security Manager or CISO. It has technical content but does not test an individual's hands on technical skills and the technical content of the CISSP is more basic than other security certs, therefore if I'm looking for a guy (or gal) who I know can identify intrusions or lead incident response or test for vulnerabilities or identify root cause of an incident or do security engineering work with MCSE/CCIE guys then I'd rather see more technical certs not solely assoc of isc2. Don't get me wrong, I don't see assoc of ISC2 as having no value, just saying that it may not serve you as well in your career as technical certs will because to be honest until you have enough experience to qualify for mid-level management positions it's not very helpful other than demonstrating that you want to be a CISO someday. Just my opinion, good luck with the exam.

Makes sense. Thanks. I think I'm being over-aggressive when it comes to my career. As said, I need to concentrate on more technical certifications that might provide more value to my career right now.

Badly need to find a mentor!

renacido

A good mentor can really smooth your path to success for sure. Networking is important, use the people in the industry who you know, use forums, use Linkedin, ask lots of questions, share your own opinions and experience and you're bound to find one or a few mentors.

I'd like to offer you my advice just based on the very little that I've learned about you in this thread. Maybe some food for thought that might be helpful.

You have an MS in Computer Security, that alone shows you are committed to the field and that's all the *formal education* you'd need and then some to be the CIO/CISO of a major corporation, so that's awesome you've already knocked that out.

You're already working in infosec, though you didn't mention what specifically you're doing. But whatever you decide, the foundation of any career in security should be a solid understanding of networking and servers (datacenter, cloud, virtual, mobile, all of it).

You do learn some of this in computer security books and classes but the experience of working on technical problems, understanding how the stuff works in a real environment, this is extremely useful knowledge that we call upon all the time to do our security jobs. Learn as much of this stuff as you can by whatever resources you have at your disposal: on the job, home lab, video courses, books, classroom training, etc.

Beyond that, the development paths fork off in somewhat different directions depending on what roles you have or are heading toward. Security Ops, Audit, Assessment and Testing, Forensics, Engineering, or a combination of those.

This is where the Assoc of ISC2 is *not as* valuable as something more technical and concentrated. Each of the areas above has focused, highly-technical and/or hands-on exams and certifications for those specific skill sets, whereas the CISSP exam is broad in scope and more about applying knowledge along with professional judgement to shape and manage a security program and processes.

Hopefully this helps somewhat, but you seem to be well on your way toward a successful career.

mjsinhsv

Having the associate cert will certainly help.
How much depends on what you do now and what your goals are.
Not sure about the CPE's but I'm thinking it would be a requirement, as well as the yearly $85 fee to ISC2.

bpenn

I have the Associate designation due to only 3 years of experience. It is $35 a year until you get endorsed and 15 CPEs a year. What I find interesting is on my certification status it says: "Associate of (ISC)² working towards CISSP" and I know you cant even use that designation even though it says it. You can only use "Associate of (ISC)²"

beads

renacido wrote: »

A good mentor can really smooth your path to success for sure. Networking is important, use the people in the industry who you know, use forums, use Linkedin, ask lots of questions, share your own opinions and experience and you're bound to find one or a few mentors.

I'd like to offer you my advice just based on the very little that I've learned about you in this thread. Maybe some food for thought that might be helpful.

You have an MS in Computer Security, that alone shows you are committed to the field and that's all the *formal education* you'd need and then some to be the CIO/CISO of a major corporation, so that's awesome you've already knocked that out.

You're already working in infosec, though you didn't mention what specifically you're doing. But whatever you decide, the foundation of any career in security should be a solid understanding of networking and servers (datacenter, cloud, virtual, mobile, all of it).

You do learn some of this in computer security books and classes but the experience of working on technical problems, understanding how the stuff works in a real environment, this is extremely useful knowledge that we call upon all the time to do our security jobs. Learn as much of this stuff as you can by whatever resources you have at your disposal: on the job, home lab, video courses, books, classroom training, etc.

Beyond that, the development paths fork off in somewhat different directions depending on what roles you have or are heading toward. Security Ops, Audit, Assessment and Testing, Forensics, Engineering, or a combination of those.

This is where the Assoc of ISC2 is *not as* valuable as something more technical and concentrated. Each of the areas above has focused, highly-technical and/or hands-on exams and certifications for those specific skill sets, whereas the CISSP exam is broad in scope and more about applying knowledge along with professional judgement to shape and manage a security program and processes.

Hopefully this helps somewhat, but you seem to be well on your way toward a successful career.

Thats actually solid advice. This board in particular has been too focused on the means to an end than the ethical or moral right or wrong of passing an exam - no matter the cost. People see the CISSP and dollar signs as interchangeable values for one another. Just makes a mess out of the career field and has lead lots of eager examinees to complete an exam they should have never sat for in the first place.

For those of you who doubt me you really should be reading some of the recent resume's that have crossed my desk.

Stunningly bad.

-b/eads

kshahin

@ myself_hyd
I am planing for the CISSP exam and I am looking for study partner to go through the chapter by chapter. I do have CBK ( 4th Edition ), Shon Harris ( AIO -6th ) and MP3 for the Shon Harris Lecture. I am studying CBK now and I will study Shon Harris (AIO - 6 the Edition ) later just to make sure I am not missing any topics. Listening MP3 in the car....

I believe discussing the chapter by chapter will help the catch the topics faster.

Thanks
Shahin

Khaos1911

Just curious. I have a co-worker who asked me the other day if he would be eligible if he had 2 years of full time inofsec experience (he has Sec + as well) and another 2 years of internship experience in infosec where he was paid and worked 40 hours a week.

I have no clue if they will accept his internship experience, but I told him to just shoot an email ISC2.I personally think he should be ok, it was a paid internship position and he average 40 hours a week, but I'm not sure how ISC2 would approach that. Your thoughts?

myself_hyd

renacido wrote: »

A good mentor can really smooth your path to success for sure. Networking is important, use the people in the industry who you know, use forums, use Linkedin, ask lots of questions, share your own opinions and experience and you're bound to find one or a few mentors.

I'd like to offer you my advice just based on the very little that I've learned about you in this thread. Maybe some food for thought that might be helpful.

You have an MS in Computer Security, that alone shows you are committed to the field and that's all the *formal education* you'd need and then some to be the CIO/CISO of a major corporation, so that's awesome you've already knocked that out.

You're already working in infosec, though you didn't mention what specifically you're doing. But whatever you decide, the foundation of any career in security should be a solid understanding of networking and servers (datacenter, cloud, virtual, mobile, all of it).

You do learn some of this in computer security books and classes but the experience of working on technical problems, understanding how the stuff works in a real environment, this is extremely useful knowledge that we call upon all the time to do our security jobs. Learn as much of this stuff as you can by whatever resources you have at your disposal: on the job, home lab, video courses, books, classroom training, etc.

Beyond that, the development paths fork off in somewhat different directions depending on what roles you have or are heading toward. Security Ops, Audit, Assessment and Testing, Forensics, Engineering, or a combination of those.

This is where the Assoc of ISC2 is *not as* valuable as something more technical and concentrated. Each of the areas above has focused, highly-technical and/or hands-on exams and certifications for those specific skill sets, whereas the CISSP exam is broad in scope and more about applying knowledge along with professional judgement to shape and manage a security program and processes.

Hopefully this helps somewhat, but you seem to be well on your way toward a successful career.

Really appreciate the advice - priceless at this stage of career. Feels good when experienced professionals approve of my career plan I am presently working in an enterprise security team (sec engineering plus operations) for the past one year. Prior to my MS I have worked for a year in Application and network pentesting. I am not very sure of where I would like my career to go, but as of now I am looking to shift my work to more technical VAPT for a few years and then back to enterprise security, eventually heading towards a CISO. I already have the CEH certification

kshahin wrote: »

@ myself_hyd
I am planing for the CISSP exam and I am looking for study partner to go through the chapter by chapter. I do have CBK ( 4th Edition ), Shon Harris ( AIO -6th ) and MP3 for the Shon Harris Lecture. I am studying CBK now and I will study Shon Harris (AIO - 6 the Edition ) later just to make sure I am not missing any topics. Listening MP3 in the car....

I believe discussing the chapter by chapter will help the catch the topics faster.

Thanks
Shahin

Hey Shahin, yes I would love to have a chat. P.m. me.

Hamalp60452

Check out CISSP in 3 Weeks. It's available on Amazon Kindle.

barhate.rahul

Yes, you will require to submit 15 CPEs/yr till you are an Associate.After that normal CISSP cycle would follow.

beads

Hamalp60452 wrote: »

Check out CISSP in 3 Weeks. It's available on Amazon Kindle.

Amazon.com: CISSP In 3 Weeks: The Only Step-by-Step CISSP - DIY Instruction Manual eBook: Nichel James: Kindle Store

Can't make the exam any easier than that! As an added bonus the author indicates you only need 2 years experience. Wooohooo!

Personally, I believe additional investigation may be in some order.

-b/eads