InfoSec Jobs

N2ITN2IT Senior MemberInactive Imported Users Posts: 7,483 ■■■■■■■■■■
I have an interview for an InfoSec position, yet I have no security IT certification. The interviewer during the pre interview kind of eluded that they like their employees to have at least one certification pertaining to security.

I was wondering if the ISO 27002 would work? I purchased the book several weeks back and I haven't had a chance to read it yet. I am still studying for another cert which I sit for tomorrow at 11. I probably should call him and ask if that cert would fit the bill, but I just got done talking to him and I don't want to come across like the Cable Guy AKA Jim Carrey.

Suggestions? I know there is security + but I have the book for 27002 already.

The craziest part about this is I just threw out a resume to this position and now they come calling. I applied for dozens of SAP jobs which I would think I am more qualified for yet an InfoSec position comes knocking. Weird.


Thank you in advance.

Comments

  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    If its InfoSec DoD wise, they may want Sec+ over the ISO because of 8570 compliance; it doesn't hurt to ask though. If worst case scenario, well not really "worst" lol, they end up wanting the Sec+ over the ISO certs, grab Darill's book off Amazon, its an easy read and pretty cheap too ($32 last I checked).
  • N2ITN2IT Senior Member Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    If its InfoSec DoD wise, they may want Sec+ over the ISO because of 8570 compliance; it doesn't hurt to ask though. If worst case scenario, well not really "worst" lol, they end up wanting the Sec+ over the ISO certs, grab Darill's book off Amazon, its an easy read and pretty cheap too ($32 last I checked).


    It is a DoD position. Thanks for your quick response.
  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    N2IT wrote: »
    It is a DoD position. Thanks for your quick response.

    Np homie. Ask them what your position is under the 8570. If you're doing CND you'll probably have to make it known you're going for CEH or the GC* certs during the time you work there. If you're in IA, I think A+ or Net+ or Sec+ or SSCP etc. fit levels 1 and 2 (I could be wrong but I think you only need one cert within the level of the position). Once they give you the title of the job based on the directive you'll have your answer as to what cert to get. :D
  • tpatt100tpatt100 Network Security Member Posts: 2,991 ■■■■■■■■■□
    I would bust out the Security+ if you can. I got my CISSP after that because I wanted more opportunities. But the CompTIA test was required within 6 months of hiring at my last job.
  • N2ITN2IT Senior Member Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    tpatt100 wrote: »
    I would bust out the Security+ if you can. I got my CISSP after that because I wanted more opportunities. But the CompTIA test was required within 6 months of hiring at my last job.


    Yeah with Rogue and your suggestions I think that's the way to go. Might as well play it safe and do the security + cert.

    I was planning on taking off for the rest of the year. Funny how a 25 dollar an hour raise will get you motivated.

    Unless there is something I am missing might as well play it safe and go for the security plus. Of course I might not get the job anyway lol
  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■■■□□□□□□
    N2IT wrote: »
    Yeah with Rogue and your suggestions I think that's the way to go. Might as well play it safe and do the security + cert.

    I was planning on taking off for the rest of the year. Funny how a 25 dollar an hour raise will get you motivated.

    Unless there is something I am missing might as well play it safe and go for the security plus. Of course I might not get the job anyway lol

    The Security+ will provide you with some pretty good info. Not to mention it really isn't all that challenging. Even if you don't get this job it will look good in the future if you apply to DoD positions.
  • tpatt100tpatt100 Network Security Member Posts: 2,991 ■■■■■■■■■□
    I review the stuff in the most current Security+ study guides when I interview. Mainly to refresh basic subjects so I don't brain fart on something simple.
  • N2ITN2IT Senior Member Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    xmalachi wrote: »
    The Security+ will provide you with some pretty good info. Not to mention it really isn't all that challenging. Even if you don't get this job it will look good in the future if you apply to DoD positions.


    You make a very good point. It does seem to be the most respected certification out of the Comptia series, at least the one with the most ROI at the intermediate level. I only say that because if you are a rookie just starting off A+ might be more benefical, but even then I think I would rather spend my time with the security +.


    On a side note: Is the 27002 even worth taking? I plan on reading the book but for a 174 USD is it going to help that much?
  • colemiccolemic EC Council #1 fan Member Posts: 1,568 ■■■■■■■□□□
    N2IT wrote: »
    On a side note: Is the 27002 even worth taking? I plan on reading the book but for a 174 USD is it going to help that much?


    Well, it won't hurt you, but probably won't help you a whole lot, either... in my experience, the knowledge you demonstrate gets you the job, while the cert is used by the company to justify higher billing rates (esp in DoD.) Since it's not an 8570 approved cert, I wouldn't expect that you could leverage it for higher salary, for example. But it could help with showing that you are well-rounded.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • powerfoolpowerfool Senior Member Member Posts: 1,658 ■■■■■■■■□□
    If you are considering IA certs and you have none, Security+ is definitely a good starting point. Additionally, it would be a good idea to do it now rather than later if you are considering it... Security+ is a lifetime certification for anyone that passes by December 31 2010; afterwards it will require continuing education to keep it value. There is nothing wrong with CE... but if you end up in IA, you are going to likely get other certs that require it... no need to have yet another to keep up to date.
    2021 Goals: [X] Terraform Associate [X] AZ-204 [X] AZ-400 [X] AWS Cloud Practitioner [X] Terraform CHiP
  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    powerfool wrote: »
    If you are considering IA certs and you have none, Security+ is definitely a good starting point. Additionally, it would be a good idea to do it now rather than later if you are considering it... Security+ is a lifetime certification for anyone that passes by December 31 2010; afterwards it will require continuing education to keep it value. There is nothing wrong with CE... but if you end up in IA, you are going to likely get other certs that require it... no need to have yet another to keep up to date.

    I agree. Not to threadjack but then my question is if you have certs that fall under IA, and you're CND for example, are you requiredto CE the CompTIA certs that do not apply your sector anyway? I'm hoping not.
  • colemiccolemic EC Council #1 fan Member Posts: 1,568 ■■■■■■■□□□
    powerfool wrote: »
    If you are considering IA certs and you have none, Security+ is definitely a good starting point. Additionally, it would be a good idea to do it now rather than later if you are considering it... Security+ is a lifetime certification for anyone that passes by December 31 2010; afterwards it will require continuing education to keep it value. There is nothing wrong with CE... but if you end up in IA, you are going to likely get other certs that require it... no need to have yet another to keep up to date.


    ...but if he is going the DoD route, that is a moot point as he will be required to participate in the CPE portion, regardless of lifetime certification or not.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • wastedtimewastedtime Senior Member Member Posts: 586 ■■■■□□□□□□
    From my understanding you will not be required to go into the program but you will be required to maintain the certification. If you don't go into the program then it will be on your own dime not the government's.
  • SephStormSephStorm Sith Lord Member Posts: 1,731 ■■■■■■■□□□
    I agree. Not to threadjack but then my question is if you have certs that fall under IA, and you're CND for example, are you requiredto CE the CompTIA certs that do not apply your sector anyway? I'm hoping not.

    I think that under 8570, they want you to fall under as few categories as possible, so if you were a CND analyst, I would suppose they would require say Sec+ to hire you on under IAT lvl2, GCIA to get your CND qual, and they would only really care about the GCIA. That may not be policy, but that is how I would work it. In any case, you could probably use your GCIA renewal towards renewing your Sec+ or whatever.
  • powerfoolpowerfool Senior Member Member Posts: 1,658 ■■■■■■■■□□
    I agree. Not to threadjack but then my question is if you have certs that fall under IA, and you're CND for example, are you requiredto CE the CompTIA certs that do not apply your sector anyway? I'm hoping not.

    Good point. Perhaps they would if that is all he had. I think if you get a higher level cert in that chain that they may waive it for the lower level.

    Someone correct me if I am wrong, but I think that they consider the chain with Security+ to have SSCP as a superseding certification, and then CISSP after that. So, if you start with Security+ and then get SSCP or CISSP down the road, you will be fine with Security+ as you will have to do CPE for the higher level cert.
    2021 Goals: [X] Terraform Associate [X] AZ-204 [X] AZ-400 [X] AWS Cloud Practitioner [X] Terraform CHiP
  • wastedtimewastedtime Senior Member Member Posts: 586 ■■■■□□□□□□
    While this may not make much sense to us here on the forums SSCP is considered IAT level 2 or less. While Security+ is considered IAT level 2 or less and IAM level 1. CISSP is considered IAT and IAM level 3 or less.
  • colemiccolemic EC Council #1 fan Member Posts: 1,568 ■■■■■■■□□□
    I agree. Not to threadjack but then my question is if you have certs that fall under IA, and you're CND for example, are you requiredto CE the CompTIA certs that do not apply your sector anyway? I'm hoping not.


    Whether or not you will be required to update them will depend on if they are registered with the DMDC website that tracks the IA workforce certifications (link below, CAC required). According to the BBP below, it is NOT optional - but if it's not required for your position, don't list it in the DMDC website and they will never see it. That said, I can't see how they would force you to maintain it, especially if it is not required for the position. In a way it is irrelevant for me since the CPE's I accumulate for the CISSP will most likely could be counted as Sec+ CPEs. I am on the hook for CPEs no matter what.

    This is direct from the Army's July 26 IA BBP:
    10. CompTIA Certifications: Personnel certified by 31 December 2010 will be counted as “certified for life” by CompTIA but not by DoD. Certified personnel shall opt into the continuing education process starting 1 Jan 2011 but no later than 31 Dec 2012 in order to stay “current” in your certification and part of the DoD IA workforce. CompTIA is currently working on the continuing professional education process.
    This is the replacement for retesting every 3 years. DoD 8570.01-M paragraph C2.3.7 states that Certification holders must ensure that their certifications stay active. Expired certifications must berenewed.


    h t t p s : / / www.dmdc.osd.mil/appj/ d w c / i n d e x . j s p


    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
Sign In or Register to comment.