Security certification - starting point
araczek
Member Posts: 7 ■□□□□□□□□□
Hi,
Yes, I read the sticky. I have been a System Administrator for the Government for 16+ years. My
job is not exclusively security but we do a LOT of Information Assurance work. We just recently worked
on and achieved network acceditation (which, I know is basically server hardening).
Being as I have been an administrator for so long I want to specialize in some IT area. VMware, Storage
and Cisco along with security were my area's of interest. I just had new requirements for my job and I
had to do Security+, which I just passed. I am also WAY behind in MS certifications (I am MCSE on NT 4!).
So was thinking of security. Just don't think I have the experience according to the 10 domains. Not sure
if I am reading this right but it seems to me I CAN'T pursue this. What then would be my next step in getting
an industry accepted security credential?
Which brings me to the question that I see people here taking the CISSP so I assume they all have the
experience and the CISSP credential or are they associates? CISSP is a great achievement, power to the
people that passed.
But basically what would be a good next step?
Yes, I read the sticky. I have been a System Administrator for the Government for 16+ years. My
job is not exclusively security but we do a LOT of Information Assurance work. We just recently worked
on and achieved network acceditation (which, I know is basically server hardening).
Being as I have been an administrator for so long I want to specialize in some IT area. VMware, Storage
and Cisco along with security were my area's of interest. I just had new requirements for my job and I
had to do Security+, which I just passed. I am also WAY behind in MS certifications (I am MCSE on NT 4!).
So was thinking of security. Just don't think I have the experience according to the 10 domains. Not sure
if I am reading this right but it seems to me I CAN'T pursue this. What then would be my next step in getting
an industry accepted security credential?
Which brings me to the question that I see people here taking the CISSP so I assume they all have the
experience and the CISSP credential or are they associates? CISSP is a great achievement, power to the
people that passed.
But basically what would be a good next step?
Comments
-
demonfurbie Member Posts: 1,819 ■■■■■□□□□□the cissp can be very intimidating
i would suggest looking at a giac or a eccouncil cert before going cisspwgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
onesaint Member Posts: 801I am somewhat in the same situation, moving to refine my focus after being a systems admin for a while (same interests, VM, Sec, SAN, R&S). I'm under the impression you'd do well to go for either the C|EH or the SSCP next. Those are both the next steps in security. The C|EH meets the DOD Directive 8570 for some incident handling classifications, I believe, but is an expensive cert unless your employer picks up the check. The SSCP is the precursor to the CISSP and covers much of the same material as I understand it, but is not quite as intimidating. One of the avenues is to take the SSCP then the CISSP as you will have become familiar with much of the information from your SSCP studies.Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
JDMurray Admin Posts: 13,101 AdminGo for the CISSP and forget the CEH. If you want 8570.01 value, the Security+ with the CISSP are your best bang for the buck. Go straight for the CISSP if you already have the professional work experience. Go the Security+ -> SSCP -> CISSP route if you either: 1) don't yet have the required experience or 2) just want to take your time learning as much as you can about Information Security. Go for the GSEC afterwards if you like very technically-oriented InfoSec certs.
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□If you have been doing C&A work and have 16 years of legit, progressive experience than blowing through CISSP, SSCP and Sec+ should be no problem for you. I would take them in the reverse order I listed and knock them out within 4-6 months.
-
rwmidl Member Posts: 807 ■■■■■■□□□□Realistically CISSP + SSCP is at least 6 months or more of prep + test time (I know here ISC(2) only schedules about twice a year). With 16 years experience I'd do Sec+ then jump to CISSP.CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
-
ptilsen Member Posts: 2,835 ■■■■■■■■■■I think OP's concern is that CISSP experience requirements pretty much state you have to have five years of professional experience within one of those domains. But it sounds to me like his experience would apply and he would be eligible.
-
Darril Member Posts: 1,588I'd encourage you to go to ISC2s website (https://www.isc2.org/cib/default.aspx) and download the current SSCP and CISSP CIBs and review them. For the SSCP, you only need to meet the experience requirements in one of the seven domains, and for the CISSP, you only need to meet the requirements in two of the ten domains. With 16 years of system administrator experience in IT I'm betting you meet the experience requirements, but you need to look at the domains to verify it.
I agree with others that have posted here that Security+, SSCP, and then CISSP is a good progression for learning the concepts and they all build on each other. You can skip the SSCP and go straight for the CISSP. However, you'll find the SSCP material directly applies to the CISSP certification and is easier. If you take and pass the SSCP, you'll get a good understanding of the ISC2 process, get some confidence, and have a lot of knowledge that will directly help you with the CISSP certification.
HTH,
Darril Gibson
Security Blog -
advanex1 Member Posts: 365 ■■■■□□□□□□Realistically CISSP + SSCP is at least 6 months or more of prep + test time (I know here ISC(2) only schedules about twice a year). With 16 years experience I'd do Sec+ then jump to CISSP.
6 months is a lot of time. We've had quite a few come straight out of school, read the book in two weeks and pass the CISSP exam. I'm not saying everyone can do it this way, but we've had a lot of success with our guys.Currently Reading: CISM: All-in-One
New Blog: https://jpinit.com/blog -
JDMurray Admin Posts: 13,101 AdminI think OP's concern is that CISSP experience requirements pretty much state you have to have five years of professional experience within one of those domains. But it sounds to me like his experience would apply and he would be eligible.6 months is a lot of time. We've had quite a few come straight out of school, read the book in two weeks and pass the CISSP exam. I'm not saying everyone can do it this way, but we've had a lot of success with our guys.