Infosec advice

jnwdmbjnwdmb Member Posts: 99 ■■□□□□□□□□
I know I sound like a newb, but I have read pages of posts and can't find a answer that fits my situation. For the past several years I have worked for a managed services company, but have an interest in getting into a security based job in the next fifteen months. Given the certs I already have (see signature), and experience, what would you guys recommend for positioning myself to reach my goal? SSCP? Associate of CISSP? The sscp seems like a logical step to me, but I am not sure if it would add much to my resume on top of my current certs. My work is also putting me through training on xenserver and xendesktop, so I will be balancing time with that as well. Maybe i should be considering a different cert path altogether? Any and all opinons welcome.
A+ IT Technician, Network +, Security+
MCSA:M, MCSE:S
(MS 270,290,291,293,294,298,299)
MS Exchange 2003 (70-284)
MCTS: Server 2K8 Virtualization(70-652 & 70-403)

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    The best thing to do is spend some time on monster.com, dice.com, etc. looking for the types of security positions you would in the future and note what kind of education, certification, and experience the hiring managers are looking for. You need to consider all three, as just getting a few certs is no assurance of launching yourself on to a new career path.
  • jnwdmbjnwdmb Member Posts: 99 ■■□□□□□□□□
    Thank you very much for taking the time to field my question.

    I have worked for a managed services company for in excess of 3 years. I work in a department of five techs who are responsible for managing in excess of 190 servers and over 100 domains/networks on a daily basis. We are responsible for implementing group policy, passwords resets, firewall configuration, mobile phones, vpn's, remote applications, backups, ect......you name it, we do it. We are basically the entire IT department for the majority of our customers.

    My question is, when I begin seeking endorsement for my CISSP/SSCP, how much of my current experience can I use towards my certification experience requirement? I was also wondering when (prior to the exam or after passing) should I seek an endorser, and secondly, what is the best manner to obtain an endorsement from someone? I do not know a CISSP directly, but I have some that I have crossed paths with in my professional life. Is it suitable to request an endorsement from someone who you only know on a limited basis? I know you can request endorsement from ISC2 directly, but that it is a more difficult process, so I want to make sure I exercise my best option.
    A+ IT Technician, Network +, Security+
    MCSA:M, MCSE:S
    (MS 270,290,291,293,294,298,299)
    MS Exchange 2003 (70-284)
    MCTS: Server 2K8 Virtualization(70-652 & 70-403)
  • Chris:/*Chris:/* Member Posts: 658
    Technically the person who endorses you is supposed to look at all the same stuff (ISC)2 does. When you get attempt to get (ISC)2's endorsement it says that in the application.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    In the strict sense, you should get an endorsement from someone who is personally familiar with (at least) five years of your InfoSec work history. If there is no such person, you should then be endorsed by the (ISC)2. However, if a person I've seldom or never worked with can convey to me enough information to show me they do have the requisite experience, I have no problem with endorsing them.

    When I endorse someone that I don't personally know, I usually meet them for lunch (Dutch treat) and conduct an informal interview, much like a job interview. I go over their resume and let them talk about their InfoSec experiences. I can tell from this if the work history that have on their resume is genuine or not. It's usually a rather pleasant experience.
Sign In or Register to comment.