Advice on my situation for SSCP / CISSP (exp. + endorsement)

agustinchernitsky

Hello Everyone!

Well, I am really interested in the SSCP / CISSP certs... I think they are quite a Challenge. After reading all the requirements on ISC2 site, I have some doubts... Maybe someone here can help me or maybe give me some advise.

Regarding the work experience, I work as an independent security consultant since 2002. Before that (1997) I started a small web hosting company, in which I worked as a CTO (I was really young then ).

By the end off 2005 and the beggining of this year, I earned the following certifications:
- Comptia Security+
- Comptia Network+
- Comptia Linux+
- MCP
- MCSA 2003
- MCSA 2003: Messaging
- MCSA 2003: Security (I take the 350 June the 29th)

And planning to earn MSCE, CCNA and CCDA before I take the SSCP & CISSP.

Will this work experience & certs qualify for ISC2? The only way to prove my work experience, ofcourse, is by contacting my customers, since I don't have a boss (lucky me )

Regarding endorsement, since I am an independent consultant as I said before, I know no CISSP or SSCP cert professionals personally to endorse me. What would you guys recommend me on this?

Ah, and one last question: What books do you suggest for taking SSCP and CISSP exams?

Well, thanks a lot!

Cheers!!

keatron

Well one thing I can tell you for certain is this. Your particular deal is not unheard of. However you will have to walk the ISC2 tight rope going in as an independant in addition to not having a CISSP endorsement. The most obvious and most popular sources of study are Shon Harris All in One, ISC2 official study guide, Vines and Krutz, and one of my favorites now (after taking the exam and teaching official seminars), is the Information Security Management Handbook by Harold Tipton and Micki Krause. It's not that well known amongst newcomers preparing for the CISSP but it maps quite nicely to the CBK and it is a very good and very informative read.

One thing that needs to be cleared up concerning the experience requirements is the fact that the experience does not have to be consecutive years of experience; It can be broken up. For example, if you worked full time doing security consulting on a particular contract for 6 months, then count that as credit. If a year later you worked 2 months doing security consulting on another project, add 2 more months. Go back over your work experience and consulting experience with a fine tooth comb and nail down all of the FULL TIME security consulting. You might have more experience than you think. However, be certain you can prove it all.

Your better option might be to start with SSCP. Good luck and let us know what you eventually decide.

JDMurray

keatron wrote:

Information Security Management Handbook by Harold Tipton and Micki Krause. It's not that well known amongst newcomers preparing for the CISSP but it maps quite nicely to the CBK and it is a very good and very informative read.

This book is out-of-print, listed for $170US, and best price I've been able to find for it is $100US at http://www.rothstein.com/data/dr380.htm and http://www.amazon.com/gp/product/0849399475/ref=nosim/102-8049375-0409719?n=283155.

At twice the price of Harris's CISSP All-in-One book, is it really worth getting?

agustinchernitsky

Hi keatron,

Thanks for your reply! Well, I will try and make my way as an independent consultant (not much of a choice actually!). I will post everything as I go...

Regarding the experience, in my case, I have a set of customers with whom I work with. Some implementations take me a week, others months. And ofcourse they are not consecutive, for example, for one customer I had a request three months ago and now I have another one.

But as you said, if I add them all up, I have the requiered experience.

Now my question is, how do I prove this? Does ISC2 check this info from my resume? How do you suggest I present my experience for them? In my "normal" resume, I just put the companies I work with and thats all... . Maybe I have to be really detailed? Like: Company A "6 months doing this & that". I would really appreciate any suggestions you could give me on how to present this to ISC2.

Thanks a millon for your book recomendations. I will look for them right now!

Cheers & thanks again for your reply!

PS: Regarding the endorsement, ISC2 answered today a mail that said something like "I suggest you look for an ISC2 Member in your area and contact him to see if they endorse you".

keatron

jdmurray wrote:

At twice the price of Harris's CISSP All-in-One book, is it really worth getting?

Yes.

The one your amazon link points to is obviously out of print because it's the first edition published in 1998. You should be looking for the 4th edition now.

JDMurray

keatron wrote:

The one your amazon link points to is obviously out of print because it's the first edition published in 1998. You should be looking for the 4th edition now.

I just discovered that the 5th edition was published in 2003: http://www.amazon.com/gp/product/0849319978/103-1312169-0250208?v=glance&n=283155

Some booksellers on half.com have it for just under $110US. I'm checking if a 6th edition is due out anytime soon. The publisher's web site has some nice InfoSec titles (http://www.auerbach-publications.com/home.asp).

garv221

I was in Schulers books yesterday, I picked up a CCNA & Cisco PIX book. I was pretty tempted to buy a CISSP book as well. I think this is going to be my next cert after the one of I am doing now. I have always been a fan of Exam Cram2 books, however it looked a little thin for CISSP. After I pass, I just have to prove my 4 years experience working in the security field?

agustinchernitsky

Hi garv221,

Yes, you do require to prove your 4 years experience... If you have one of the approved certifications (ie: MCSA, CompTIA Sec+, etc) you have 1 year waiver.

Are you getting prepared for the CCSP cert???

garv221

Thanks for the info. I plan on studying for CISSP, not CCSP. I have to finish my CCNA first. I have 4 years experience that I can prove. I just need to get in gear and get the CCNA out of the way.

HHHTheGame

I just got my "audit finished" e-mail and they only went back 18 months for some reason.

agustinchernitsky

Hi HHHTheGame,

What did do? How do you know that?

HHHTheGame

In the last four years I've had four employers (some overlap) and they didn't call two of them (I'm still friends with them). They also didn't call my endorsement person (still friends with him too).

My guess is it depends on the auditor.

TeKniques

Well that is cool though. At least your audit checked out and you're good to go on obtaining your certificate. Perhaps they checked back 18 months and saw good things so they didn't bother checking the rest.

In any event ... congrats!

agustinchernitsky

Well HHHTheGame, many congrats for you!

Unluckily, ISC2 hasn't scheduled an exam date in my country... I asked them and they said "we are sorry, we suggest you travel to a city nearby were we have scheduled exams"....

I will sit and wait...

JDMurray

I just received word from Auerbach Publications that the 6th edition of Information Security Management Handbook by Tipton and Krause is due out December 2006.

http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=AU1997&parent_id=&pc=

agustinchernitsky

Nice info! bookmarking....