There And Back Again, an Aussie's journey to CISSP begins!

Okay, so I've finally landed my first security domain role (SOC team lead in a company that specializes in phishing takedowns and malware), and I've decided to make the commitment to study for my CISSP!
I hold a current CCNA: Security, so can waiver one year, bringing it down to four years total (one year left!)
I've currently got (just under) three years' experience working in service desk / help desk, in the financial and telecommunications sector as a level 1 + 2 support engineer. An ancillary function of my previous role in telco was the management of access rights and authorization for physical access to our data centres, which I believe should fall under at least one CISSP domain. Another function of my previous role was incident management for Check Point firewalls, Bluecoat proxies and F5 Load Balancers.
Once my four years' tenure is up, is there a way in which I can get my current employer (who holds a CISSP) to vouch for the security domains in my previous role, or do I have to spend four years with the same employer for their testimony to be valid?
The CISSP's who were at my previous company all moved on before I even considered asking for their assistance in getting CISSP, which is a shame, as now I have nobody in that company that can testify to the validity of my experience there!

I have an extensive home lab, with a few VMWare ESXi hosts and a 42ru rack worth of Cisco switching and routing gear, meaning that I can simulate a small enterprise network and run vulnerability tests on it. Anything that I encounter at work that I'm stumped with, I can fire up in the home lab and spend a few days working on it at home to gain the much-needed experience. I learn best with the "hands on" approach to things, getting my hands dirty in running labs and deploying VMs to get better understanding of how things work (and break!)

I plan on going for the SSCP some time in the next couple of months, and then the CEH a few months thereafter. I currently hold the CCNA: Security and Security+, as well as a few non-security-related certs (CCNA, ITIL, MCP, etc.)

As far as study material goes, I've got a CBT Nuggets subscription and plan on purchasing the 11th hour and Sybex textbooks. Are there many other decently-priced resources out there that help to get a management-level understanding of the domains? Typically, I've studied exams by using 90% of my study time in labs, and pass my exams with flying colours. Given that my domain of authority is limited to phishing and malware takedowns (ie. Legal / Compliance sub-domain), are there any other certifications that would help in the long haul? I'm considering Project+, PMP, and Prince2.

Cheers,
NrKy.

Find more posts tagged with

Comments

Mike7

CISSP is less hands-on technical and more management; ie it tests your understanding of security concepts. Read the "I passed CISSP" posts for more details.

You can either get another CISSP to endorse you, or ISC2 to do it. Check ISC2 site for details. The 4 years requirement can be accumulative and spread across a few companies. Maintain a good relationship with your current and previous managers and HR; ISC2 may contact them to validate your experience.

TheFORCE

Your experience does not have to be with only one company, it can be across different once in different roles that fall within the CISSP domains. With that said, when you got hired for your role you presented your resume to your current employer. That is a form of validation of your passed experience. So when you pass and send in your paperwork you will also send in a copy of your resume. ISC2 will look at your work history who at this point would have been validated by the person endorsing you and they most likely will approve it.