New career path - GIAC or Security+ ???

Ok so I've been in an IT administration/load-perf testing position for about the past 2 years and need a new direction. I've got a few leads for new jobs but I'm not sure which to work towards. In my interview yesterday the Ops Manager told me that HR people (in all their mighty wisdom) look for CISSP or Security+, but he'd rather have someone with GIAC from his point of view.

I've read up on the CISSP and that seems a bit off in the distance for now seeing the time in service requirements and other needs to actually be certified.

So my main question is which should I work towards and what are some good resources to study with like books, sites etc, and also what are the average timelines from beginning studying to taking the test? Hopefully I land this position where I can get some good hands-on exp. prior to walking either path. Thanks a ton in advance~

Find more posts tagged with

Comments

TechGromit

MrGood wrote: »

Ok so I've been in an IT administration/load-perf testing position for about the past 2 years and need a new direction. I've got a few leads for new jobs but I'm not sure which to work towards. In my interview yesterday the Ops Manager told me that HR people (in all their mighty wisdom) look for CISSP or Security+, but he'd rather have someone with GIAC from his point of view.

Depends on who is footing the bill for your training. If this is all out of pocket for you, I recommend getting a Security+ first than your CISSP. Both can be earned by buying and studying the books. Security+ will cost you around $50 in books and a couple practice exams, the exam cost $311. The CISSP will be around $300 for books and practice exams, the exam cost $600.

While GIAC training and certs offer far more technical knowledge, the cost is steep if your paying for it yourself. The exam is set up so if you do not have a current set of official books, passing it with other resources is going to be an uphill battle. If your lucky, you could get a current set of books off Ebay from $600 to $800, and the exam cost $1,000. If you sign up for the official training, expect to pay around $5,600 for the training and $650 for the exam. Unlike other certifications, you can't purchase the books for the SANS training separately (officially), they are only issued to you if you pay for the on-demand or live course training.

636-555-3226

Security+ is cheaper & quicker & easier. Best overall starting point for getting your feet wet.

CISSP to follow if you meet the experience requirements. CISSP is the one to get for job postings. Sure you'll get an occasional manager who knows GIAC is better, but for the most part CISSP gives you more ROI for resumes/HR.

GIAC if you don't meet the CISSP experience requirements and can afford GIAC. Recommend you start with GSEC although not as much direct value as the others. GIAC is best for real-world skills, but is the most expensive.

TechGromit

636-555-3226 wrote: »

CISSP to follow if you meet the experience requirements.

Correct me if I'm wrong, but you can find a sponsor, you can take the CISSP exam and be considered an "Associate CISSP" until you acquire the required amount of experience to be a full CISSP.

iBrokeIT

TechGromit wrote: »

Correct me if I'm wrong ... "Associate CISSP" ... a full CISSP.

You are wrong, there is "Associate of ISC2" or CISSP, nothing else. "Associate CISSP" and "full CISSP" are made up terms and do not exist.

You cannot use term CISSP in any way until you've had your experience verified.

ThomasITguy

If you dont have the experience you can consider getting Sec+ then get a CAP, or CASP.... get into the infosec field and gain the experience... THEN get the CISSP. That would be a better way of doing it.

alias454

That was something I was looking at and wondered what the value and acceptance of the CASP is? As far as marketability goes, the CISSP is the most well known IMHO and would do the most to get you a job. SEC+ is probably second. While I have the GSEC, I have not tested its value on the open market so I can't say how worthwhile it actually is. I will attest to its expense and without my employer footing the bill, I don't think I would have gone that route.

ITSpectre

So then is it better to get my CASP or get my CISSP??? what would be the next step after sec+

TechGromit

iBrokeIT wrote: »

You cannot use term CISSP in any way until you've had your experience verified.

Thank you for the clarification. I'll have to rethink my certification plans. I was planning on working on my CISSP after I obtain my GCIH, but since I only have two years direct cyber security experience, I'm not sure how valuable "an associate of ISC" is on a resume. I see that a GSEC qualifies as a 1 year experience year waiver, I'll have to push my plans back a year and work on passing the CISSP in 2018, before June.

cyberguypr

Are you 100% sure you don't have the experience? When I took my CISSP I never had a direct Infosec role but for many years duties touched several of the domains.

MrGood

Thanks for the info.

@ThomasITguy - what are CAS and CASP? Are those CompTIA certs similar to the GSEC but in the other realm basically?

_nessie_

cyberguypr wrote: »

Are you 100% sure you don't have the experience? When I took my CISSP I never had a direct Infosec role but for many years duties touched several of the domains.

Same here.
If you had to deal with any sort of IT before, changes are big that you'll surprise yourself and will be meeting the requirements ...
After all, you are able to explain this in detail when you pass your CV to ISC².

Clm

Personally i would consider this if you have the time to study and pass the CISSP test? Like someone said above look at the domains to see if you have enough experience and if you don't a lot of companies will still hire you for being an associate of ISC2. But security + is an easy exam that you can get with in a couple months studying. Who is paying for the exams?

bhs

I think SEC+ should be the first certification, and then GSEC.

LionelTeo

In order, I recommend
Sec+, CASP (a bit worthless but better than nothing), GSEC (hard to self study, skip if you want), GISP (CISSP equivalent without 4 year requirement, good to hit the GIAC checkmark), CISSP

Optionally, GCIH because I still would think its possible to self study for this.

MrGood

Good info. As my old job's contract was ending I took a position that I thought was good, and 3wks in I'm seeing it's the opposite. Customer has no idea what's in place, how it's done, etc. oh and I'm not a developer which is what they need; somehow they saw GIS on my resume and figured it's all the same. So I need out~

What are the best training materials/books for get going for Sec+/GIAC, Amazon wise?

berto_tester

If you are working in the DOD then work your way up the 8570 list. Sec+, then CEH/CASP then CISSP. Once you are CISSP you are good for all DOD positions. The SANS training is great but I would wait until I had some infosec experience to really get full use of the classes and exam content. I recommend the on-demand from SANS if you can. That gives you 4 months of access to something that you are getting in a week at a conference, but I have not been to the conferences, and I'm sure they are awesome.

Also, one year of the CISSP requirement can be augmented by another cert I think Sec+ is one on the list.
CISSP is not hard, and it is not technical. You simply have to study what they want you to know to pass. It's almost like learning "The CISSP" way. Some background in networking (ports, protocols, etc) and services will help.