InfoSec Jobs
N2IT
Senior MemberInactive Imported Users Posts: 7,483 ■■■■■■■■■■
I have an interview for an InfoSec position, yet I have no security IT certification. The interviewer during the pre interview kind of eluded that they like their employees to have at least one certification pertaining to security.
I was wondering if the ISO 27002 would work? I purchased the book several weeks back and I haven't had a chance to read it yet. I am still studying for another cert which I sit for tomorrow at 11. I probably should call him and ask if that cert would fit the bill, but I just got done talking to him and I don't want to come across like the Cable Guy AKA Jim Carrey.
Suggestions? I know there is security + but I have the book for 27002 already.
The craziest part about this is I just threw out a resume to this position and now they come calling. I applied for dozens of SAP jobs which I would think I am more qualified for yet an InfoSec position comes knocking. Weird.
Thank you in advance.
I was wondering if the ISO 27002 would work? I purchased the book several weeks back and I haven't had a chance to read it yet. I am still studying for another cert which I sit for tomorrow at 11. I probably should call him and ask if that cert would fit the bill, but I just got done talking to him and I don't want to come across like the Cable Guy AKA Jim Carrey.
Suggestions? I know there is security + but I have the book for 27002 already.
The craziest part about this is I just threw out a resume to this position and now they come calling. I applied for dozens of SAP jobs which I would think I am more qualified for yet an InfoSec position comes knocking. Weird.
Thank you in advance.
Comments
It is a DoD position. Thanks for your quick response.
Np homie. Ask them what your position is under the 8570. If you're doing CND you'll probably have to make it known you're going for CEH or the GC* certs during the time you work there. If you're in IA, I think A+ or Net+ or Sec+ or SSCP etc. fit levels 1 and 2 (I could be wrong but I think you only need one cert within the level of the position). Once they give you the title of the job based on the directive you'll have your answer as to what cert to get.
Yeah with Rogue and your suggestions I think that's the way to go. Might as well play it safe and do the security + cert.
I was planning on taking off for the rest of the year. Funny how a 25 dollar an hour raise will get you motivated.
Unless there is something I am missing might as well play it safe and go for the security plus. Of course I might not get the job anyway lol
The Security+ will provide you with some pretty good info. Not to mention it really isn't all that challenging. Even if you don't get this job it will look good in the future if you apply to DoD positions.
You make a very good point. It does seem to be the most respected certification out of the Comptia series, at least the one with the most ROI at the intermediate level. I only say that because if you are a rookie just starting off A+ might be more benefical, but even then I think I would rather spend my time with the security +.
On a side note: Is the 27002 even worth taking? I plan on reading the book but for a 174 USD is it going to help that much?
Well, it won't hurt you, but probably won't help you a whole lot, either... in my experience, the knowledge you demonstrate gets you the job, while the cert is used by the company to justify higher billing rates (esp in DoD.) Since it's not an 8570 approved cert, I wouldn't expect that you could leverage it for higher salary, for example. But it could help with showing that you are well-rounded.
I agree. Not to threadjack but then my question is if you have certs that fall under IA, and you're CND for example, are you requiredto CE the CompTIA certs that do not apply your sector anyway? I'm hoping not.
...but if he is going the DoD route, that is a moot point as he will be required to participate in the CPE portion, regardless of lifetime certification or not.
I think that under 8570, they want you to fall under as few categories as possible, so if you were a CND analyst, I would suppose they would require say Sec+ to hire you on under IAT lvl2, GCIA to get your CND qual, and they would only really care about the GCIA. That may not be policy, but that is how I would work it. In any case, you could probably use your GCIA renewal towards renewing your Sec+ or whatever.
Good point. Perhaps they would if that is all he had. I think if you get a higher level cert in that chain that they may waive it for the lower level.
Someone correct me if I am wrong, but I think that they consider the chain with Security+ to have SSCP as a superseding certification, and then CISSP after that. So, if you start with Security+ and then get SSCP or CISSP down the road, you will be fine with Security+ as you will have to do CPE for the higher level cert.
Whether or not you will be required to update them will depend on if they are registered with the DMDC website that tracks the IA workforce certifications (link below, CAC required). According to the BBP below, it is NOT optional - but if it's not required for your position, don't list it in the DMDC website and they will never see it. That said, I can't see how they would force you to maintain it, especially if it is not required for the position. In a way it is irrelevant for me since the CPE's I accumulate for the CISSP will most likely could be counted as Sec+ CPEs. I am on the hook for CPEs no matter what.
This is direct from the Army's July 26 IA BBP:
This is the replacement for retesting every 3 years. DoD 8570.01-M paragraph C2.3.7 states that Certification holders must ensure that their certifications stay active. Expired certifications must berenewed.