Calling all CISSP's.....your feedback is needed!

ITEducationProITEducationPro Member Posts: 6 ■□□□□□□□□□
Friends,

I have been in the business of IT Education for more than 10 years.

In talking with CISSP Certified Pros recently and for purposes of this forum, I wanted to start a brief disucssion on whether or not any of you feel that the CISSP Certification is light on the "Applied or Skills based knowledge" and heavy on the "theoretical and policy".

Not being CISSP certified I don't feel I'm qualified to answer in an unbiased manner. I'd love to hear what the pros are thinking if you feel inclined.

Best, Brad

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    My general impression, and from what I've seen a lot here, is that many consider it to be, "a mile wide and an inch deep."

    Also, welcome to the forums :D
  • LarryDaManLarryDaMan Member Posts: 797
    As someone who is testicles deep into studying for this exam, I would say it is supposed to be high level and mangement oriented to a certain extend. The CISSP is not a tech exam nor does it claim to be one.

    The Security+ and SSCP are two that come to mind that are more technical in nature. The CISSP domains attempt to give you a look at the overall big picture of information security and how all of the aspects tie in together. I think a CISSP candidate is assumed to be knowledgeable about some of the basic technical concepts of security.

    We have some CISSPs on these boards and I am sure you will get a great response, but those are my two cents.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    My experience studying for the CISSP leads me to believe that it is in fact "an inch deep and a mile wide." I've gone through the first four chapters of the Shon Harris book over the last few days and while I feel it's probably enough to prepare me for the exam, it definitely isn't enough to get any projects done at work. It feels much more "management oriented" and I actually like that.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    LarryDaMan wrote:
    The Security+ and SSCP are two that come to mind that are more technical in nature. The CISSP domains attempt to give you a look at the overall big picture of information security and how all of the aspects tie in together. I think a CISSP candidate is assumed to be knowledgeable about some of the basic technical concepts of security.

    I don't know if I'd really consider the Security+ to be too technical. I consider it to be more of an overview than anything. I'd add the CEH and Offensive Security/Wifu to your list.
  • LarryDaManLarryDaMan Member Posts: 797
    dynamik wrote:
    LarryDaMan wrote:
    The Security+ and SSCP are two that come to mind that are more technical in nature. The CISSP domains attempt to give you a look at the overall big picture of information security and how all of the aspects tie in together. I think a CISSP candidate is assumed to be knowledgeable about some of the basic technical concepts of security.

    I don't know if I'd really consider the Security+ to be too technical. I consider it to be more of an overview than anything. I'd add the CEH and Offensive Security/Wifu to your list.

    I guess I meant technical as in Security+ gets down into the weeds at the user level, and the CISSP is higher level stuff. But no, Security+ is not a super technical engineering oriented cert or anything, but we both knew that already.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I've gone through Solaris Security Admin material, and it's technical oriented.

    It's like, you MUST first know solaris, and then it teaches you techniques and features used to secure it.

    I think it's better for technical people, you need techniques and steps to secure things
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.