How can i expand my CISSP domains experience
I have good exposure to some domains such as Physical Security, Access Management, Software development etc.
But i lack real world hands in experience in other domains such as Network security, penetration tools, cloud deployment, report writing, log analysis etc.
I am willing to learn the missing parts which i think are very important for overall well rounded security professional. Do yo have any suggestions for me to help me acquire the missing skills?
I can think of watching videos etc as a step in the right direction but the ideal scenario would be to learn it hands on prefeably from a fellow cissp.
If i cant find a cissp should i learn from someone on technical side?
I dont mind taking a coupe of days off work to cover the gaps but What do you suggest? How would you do it?
But i lack real world hands in experience in other domains such as Network security, penetration tools, cloud deployment, report writing, log analysis etc.
I am willing to learn the missing parts which i think are very important for overall well rounded security professional. Do yo have any suggestions for me to help me acquire the missing skills?
I can think of watching videos etc as a step in the right direction but the ideal scenario would be to learn it hands on prefeably from a fellow cissp.
If i cant find a cissp should i learn from someone on technical side?
I dont mind taking a coupe of days off work to cover the gaps but What do you suggest? How would you do it?
Comments
-
TLeTourneau Member Posts: 616 ■■■■■■■■□□I would recommend learning the technical items from someone with the technical knowledge. It's the appropriate application of that knowledge that applies to the domains. While learning and applying the knowledge keep the tenants of security in mind. Remember that security transcends technology.Thanks, Tom
M.S. - Cybersecurity and Information Assurance
B.S: IT - Network Design & Management -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Best way to do it is by creating a virtual lab, throw in some different operating systems, some servers, then use different tools to find stuff. For example, you can setup Nessus which is free to scan the virtual lab and provide you reports on vulnerabilities. Then research and see how you can patch them. During this process think about what is involved in each step. There are people that write policies for all these and then there are those who patch, discover and implement etc etc. Basically the way to learn is by labbing. Get virtual box and start working. That will get you experience also that you can use at work too.
-
Offtopic Member Posts: 37 ■■□□□□□□□□Thank you both of you. Some very good pointers there.
I do want to get most of my expreince with a home lab for sure. I wish soneone offered a win machine with pre configured vms and lab exercises etc but anyways I will try to see if some training institute can offer something line it.
How about you tube udemy safaribooks videos etc? Are there any specific videos that relate more to day to day work of a cissp? -
Offtopic Member Posts: 37 ■■□□□□□□□□Well any other sources to eXpand knowledge quickly? Any paticularly helpful video series, any vjttual labs?
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Well any other sources to eXpand knowledge quickly? Any paticularly helpful video series, any vjttual labs?
CISSP is not a job title. Do an advanced search on LinkedIn amd search for CISSP and you will see that those people have different type of jobs, you will find people with the titles of CEO, CIO, security engineer, network engineer, security analyst, auditor, compliance officer, desktop infrastructure etcetera. So how do you expect to get a detailed guide of what they do every day. You just have to do the jobs and get the experience. -
Offtopic Member Posts: 37 ■■□□□□□□□□TheForce
Yes you are right of course. But since cissp exam covers the overall security very well I was wondefing if there is any material available to cover the hands on part of numrrous tools described in 8 domains.
I guess i will have to hack each piece separately -
Offtopic Member Posts: 37 ■■□□□□□□□□Thought i will update this thread. I have managed to find lits of resources to enhance the knowledge on technical side. Mostly youtube Udemy and other videos
Howeve the one area where i need fo beef up is Practical implemdntations of risk management and mitigation. The other one is SIEM confiurstion and teport writing.
Any pointers to where shoukd i head next? Any free SIEM report i can look at? -
mhyrule Member Posts: 21 ■□□□□□□□□□Thought i will update this thread. I have managed to find lits of resources to enhance the knowledge on technical side. Mostly youtube Udemy and other videos
Howeve the one area where i need fo beef up is Practical implemdntations of risk management and mitigation. The other one is SIEM confiurstion and teport writing.
Any pointers to where shoukd i head next? Any free SIEM report i can look at?
If you do not mind sharing the resources, I would like to view the materials you have for the hands-on experience.
I recently passed the CISSP, but as far as prepping for the test it has only been study guides and video courses (Eric Conrad's study guide, CBT nugget and cybrary video librarys, etc.) -
Offtopic Member Posts: 37 ■■□□□□□□□□Here is wat i have done. I am quite weak on vulnerabilty scanning and pen testing so started looking for CEH course training. Everyone asked for astronomical prices. So i broke it down by searching for specific topics, exampke metasploit, kali linux, nessus etc and found tonnes of videos of actual labs on youtube and udemy. Even hours long full courses, free or for just 10-20 bucks. I am spending some money on setting up a virtual lab at home for further hands on practice so fhere you go. Just search for each topic you want to gain more knowledge of and you will find it on youtube.
I wasted lot of time chasing institutes aka money shops and was quoted anything from $50/hour to $2000 for a week. $750/day for Sec+ labs.
Can anyone can point me to good resources to get better idea of the following:
SIEM and actual sample reports
ISO 27000 series
IAM OKTA/netQ or any other well known access management tool.
If you do not mind sharing the resources, I would like to view the materials you have for the hands-on experience.
I recently passed the CISSP, but as far as prepping for the test it has only been study guides and video courses (Eric Conrad's study guide, CBT nugget and cybrary video librarys, etc.) -
mhyrule Member Posts: 21 ■□□□□□□□□□Here is wat i have done. I am quite weak on vulnerabilty scanning and pen testing so started looking for CEH course training. Everyone asked for astronomical prices. So i broke it down by searching for specific topics, exampke metasploit, kali linux, nessus etc and found tonnes of videos of actual labs on youtube and udemy. Even hours long full courses, free or for just 10-20 bucks. I am spending some money on setting up a virtual lab at home for further hands on practice so fhere you go. Just search for each topic you want to gain more knowledge of and you will find it on youtube.
I wasted lot of time chasing institutes aka money shops and was quoted anything from $50/hour to $2000 for a week. $750/day for Sec+ labs.
Can anyone can point me to good resources to get better idea of the following:
SIEM and actual sample reports
ISO 27000 series
IAM OKTA/netQ or any other well known access management tool.
Thanks! I will do some research through Youtube and Udemy when I have the time availability.