SSCP and CISSP Question
I am close to graduating from my university with a Bach in Network Security and i am currently studying for my Security+. The job that i would like is a Security Analyst, but i am curious no what certs to get. I do see CISSP being required by alot of differnt security analyst jobs, so i guess my question is do you think after security+ i should go for my SSCP and then CISSP?
--Matt
Comments
As some of the other folks have stated, CISSP is a lot more then "just security", you have to be a jack of all trades, know a lot about just about everything.
That being said...I would recomend you get a bunch of certs in a lot of different categories. Some recomendations would be:
(in no special order)
A+ - good starter cert, best to do this first
Network+ - should be your next stop after A+
Server+ - not to many people do this one, personally I think it should be required learning
Security+ - Manditory for any IA / INFOSEC position
Linux+ - matter of personal taste, I have not done this one (yet)
MCP - You get this by passing one microsoft exam
MCSA - This is for mid level Microsoft Server Admins
MCSE - This means you are an expert in Microsoft windows server 2003
MCITP - The newer version of MCSE for Windows Server 2008
MCPD - Microsofts programmer certification track
CCNA - Entry level Cisco cert (but a HARD test)
SCJP - Suns Java Programmer Certification
And get a little programming skills under your belt...you would be amazed how many computer experts have never written a line of code in their life.
Recomended languages:
HTML - easy to learn
Python - easy to learn
VBScript - easy to learn
Java - medium difficulty
VB - medium difficulty
C# - medium difficulty
C++ - probably one of the hardest to learn
Now don't get overwhelmed, you need a minimum of five years experience in two security domains just to take the CISSP exam. The easiest way to get that experience is...well you guessed it, get a job
Get the certifications, and start programming, you will be amazed how much you learn and find things you never would have thought you liked. And before you know it, you have five plus years experience and can take the CISSP exam.
You have to remember that CISSP is a very high level certification, and you will need a long term plan to get it...consider CISSP another college education (a five year degree). Once you have the CISSP certification, your knowlege of computers will be frightening to say the least.
But I can tell you from personal experience...once you have the CISSP, life gets much easier.
Good luck, and don't quit!
Actually, I just wanted to complement bcairns on the nice writeup, but I felt I should add something insightful as well.
C#/C++...I have history with these in college..thousand lines of codes...sleepless nights, and endless cups of coffee
C++ pointers..
you should see "C" pointers, that's crazy ****
you didn't mention any certificate or experience regarding SAN storages, tape libraries, disk arrays, NAS
Also some Unix
from you CISSP experience, do you think these are necessary or not ??
I'm not trying to say one should not be well versed in a diverse collection of technologies but rather that you do not have to be an expert in every domain of the CISSP. Personally, I'm strong in certain domains and weaker in others. The good part about this, which is also part of the ISC2 Code of Ethics, is knowing in which areas you are most adept and not perpetuating yourself in the areas you are not.
Anyway, the original question in this thread is SSCP vs. CISSP. undomiel is correct that the first thing you should look at is how much documented work experience you have in at least two domains of the CISSP CBK. With a cert or a college degree, you will need four years of related InfoSec experience to become CISSP-certified. If you don't have that now, consider getting the Security+ followed by the SSCP. That will help you get an InfoSec-related job.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Just my $0.02 worth, anything you learn has value.
That being said I think your time would be better spent focused on the server / network / code side of things.
As for programming, I have written billions of lines in C++ / VB / C#, all programming languages are similar, it is more important to become competient at programming concepts, the language is just a tool. Once you learn one language you can take that knowlege and use it tward your next language (makes things easier).
Also knowing how programs work will be a HUGE help in automating boring parts of your job or figuring out what is going on under the hood of your computer when it freaks out and crashes.
As a CISSP you should (in my opinion) be familiar with programming because sone of the biggest threats is malicious code. By there are plenty of CISSP holders that have never written a line of code...having knowlege and experience in programming will make life as a CISSP that much easier.
And the three major operating systems you would want to be familiar with are:
Windows
Linux
Solaris
I just wanted to second this. I think that studying programming while I was in grade/high school is what has given me the biggest edge in tech support and systems administration. Maybe just because crash **** don't scare me.
Thanks ! actually most of my time is spent on Solaris, Sun servers hardware, and storages! Maybe not the best way to climb the ladder to CISSP, but I like it so far
lool !