Path to CISSP
I was reading a training site earlier and it said that the path to the CISSP is: A+, Net+, Sec+, CISA, CISSP.
Is this the correct way to pursue a CISSP? I will be reading this forum in the meantime to see what others are saying.
Is this the correct way to pursue a CISSP? I will be reading this forum in the meantime to see what others are saying.
Comments
-
Chris:/* Member Posts: 658 ■■■■■■■■□□There is no specific path to achieving the CISSP. You need to have a large breadth of experience or be well versed in the 10 domains of the Common Body of Knowledge. It all depends on your experience level to be honest. Pick up the CBK 2nd Edition and start reading through the Domains of it. If you find yourself unfamiliar with a domain you should probably start doing domain specific studying.
The 10 Domains are
Access Control Systems and Methodology
Telecommunications and Network Security
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Cryptography
Computer Operations Security
Physical Security
For each of these domains there is study material and even certifications that apply to them. You do not need a certification in each domain but you do need knowledge enough to answer analytical questions on the exam. The certifications you earn to complement your CISSP will dictate what type of work you want to do. Remember CISSP really covers more management aspects to IT and IT Security. You do not need to be an expert in each domain but be experienced in two of them and a working knowledge of the rest.
So a better question would be what do you want to do?Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
Mike_30 Member Posts: 20 ■□□□□□□□□□Well I havent picked up any CISSP books or materials yet. What sparked my interest though was looking through the topics you mentioned above. I already have knowledge/work in a few of those. Some of them are new.
While reading the net I was seeing some conflicting info. One showed the path I mentioned above, (well it was a training website so maybe that is a marketing tactic to get you to take all of them) another said you needed another CISSP to vouch for you or nominate you before you sit the exam etc..
Didnt want to dive right into taking a CISSP course or buying materials if there is other pre-req's that should be done first. I am currently doing A+ then planned on doing Net+. Then after that its a matter of what I really want to focus on. -
Chris:/* Member Posts: 658 ■■■■■■■■□□You can sit the exam but you will not be awarded a CISSP till you earn your pre-reqs. The pre-reqs are 5 years of experience in two of the 10 domains. You can reduce that by one year with specific info security certifications and another year by earning an MS in Information Security or Assurance.
You have to submit a proof package to ISC2 or have another CISSP sponsor you. If you cannot complete these things you become an Associate of ISC2 and have 6 years to earn the experience. Each of those 6 years you have to pay a $35 maintenance fee and earn 20 Continuing Professional Education (CPE) credits. Those can be achieved by taking classes, subscribing to magazines and so on.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
powerfool Member Posts: 1,666 ■■■■■■■■□□Actually, you can only reduce it by one year with either a 4-yr degree or a valid cert. There is some misconception, but you only get to reduce it to a 4-yr experience requirement.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
Chris:/* Member Posts: 658 ■■■■■■■■□□Thanks for the info, must have read it wrong.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
JDMurray Admin Posts: 13,092 AdminThe path to the CISSP (or CISA or CISM or ...) is Information Security work experience. Reading, classes, other certifications, and professional networking contacts and associations all help, but working in several diverse areas of InfoSec is the path you should be traveling for several years before attempting CISSP certification.
-
Mike_30 Member Posts: 20 ■□□□□□□□□□Got it. This cleared things up for me. I think by the time I finish the other certs I want to do first I will be eligible to study for CISSP if I decide to go that route. Thanks