After Secuirty+ but before CISSP

ajs1976 · October 2012

I passed the Security+ exam a few years ago. thinking about going for the CISSP, but would like to get 2-3 Security Certs first.

1. Citrix Access Gateway EE - completed the training last year and have worked on them for the last 2 years. I have also worked with SEs in the past and did the AE exam a few years ago.

2. Another vendor specific or a specialty cert - McAfee Vul Manager, Trend Micro A-V, and CEH are all possibilities. Not sure if the McAfee and Trend micro training and cert programs are maintained and EC-Council seems to commercial. Any other recommendations? or are options 1 & 3 enough?

3. CASP or SSCP - Both seem to fit between Sec+ and CISSP and cover general topics. Which is better? Which is more recognized? Or are options 1 & 2 enough and I should skip them.

JDMurray · October 2012

Are you going for the intermediate certs more for a learning opportunity or for career goals? For the former, go with your interests; for the latter, go with what's asked for in job postings that interest you. For example, the SSCP and CEH are more recognized than CASP in the job market, but CASP may fit your personal interests better.

Be careful of the very specialized certs for specific vendor products. Those are usually designed to test you on a specific (and expensive) training program provided by the vendor and paid for by your employer. This knowledge is only useful to a business that uses the vendor's hard/software. Spending your own the time and money to get a McAfee cert won't help if you get a job with a Trend customer and vise versa.

You would be better off looking at specialty certs for products than can be found and used in most any IT environment, such as Snort, Wireshark, Linux, Cisco, and Microsoft. I think it would be far better to spend my own money to get a cert in MS Excel than a cert from an end-/mid-point security product vendor.

spicy ahi · October 2012

Second JD's sentiments. To build on it, I would say if you're currently not in a security position at the moment, look at job posts in your local area to get an idea of what compatible skills are desired to marry along with your Sec+ and eventual CISSP. For example, in my local area a lot of the security job postings are for those with linux system administration certifications (linux+, RHCA, Solaris, etc.) or programming skills (C# and Java in particular) The nice thing is that you have a secondary set of skills that you can utilize while looking for that desired security job.

JDMurray · October 2012

Ah, good point Spicy. Those secondary skills can also help you get into a good company doing non-security work (admin, programming, help desk, etc.) and then later you can transition into a proper security role when you've acquired the proper skills, inside contacts, and reputation for productivity and getting things done.

ajs1976 · October 2012

Thanks for the feedback. I will have some additional information in the coming weeks.

Leaning toward SSCP at this time so I get exposure to ISC2 and that process.

as a replacement to number 2 (and possible number 1), I'm looking at an undergrad certificate from my local community college. It requires a Sec Fundamentals course, intro to criminal justice, 2 1/2 Computer forensics courses. Sec Fundamentals, review of Sec+ and prep for SSCP. Criminal Justice, something I have been interested in for a long time. Computer forensics, something else i'm interested in and maybe CPE credit for SSCP.

JDMurray · October 2012

College courses can definitely be submitted as CPEs. I believe 1 CPE = 10 course hours. But only course-hours acquired after the certification is attained can be counted. (There's a thread somewhere here discussing this.)

the_hutch · October 2012

JDMurray wrote: »

College courses can definitely be submitted as CPEs. I believe 1 CPE = 10 course hours. But only course-hours acquired after the certification is attained can be counted. (There's a thread somewhere here discussing this.)

I think you mean 1 course hour = 10 CPEs?

JDMurray · October 2012

the_hutch wrote: »

I think you mean 1 course hour = 10 CPEs?

A typical semester college class is 3hrs/week for 16 weeks, which is 48 hours total. So that would make one college class equal to 480 CPEs? I don't think that's correct. Lemme see if I can find the thread where we went over this calculation.

rob1234 · October 2012

I thought 1 hour equals 1 CPE

JDMurray · October 2012

1hr = 1 CPE for InfoSec-related events. If that's also true for academic classes then taking a single Cisco or programming class at your local community college will satisfy all your CPEs for a year. Somehow that doesn't seem correct.

I know we've discussed this before, but I don't remember what results. Maybe I should just check my own CPE record and see what was awarded.

rob1234 · October 2012

JDMurray wrote: »

1hr = 1 CPE for InfoSec-related events. If that's also true for academic classes then taking a single Cisco or programming class at your local community college will satisfy all your CPEs for a year. Somehow that doesn't seem correct.

I know we've discussed this before, but I don't remember what results. Maybe I should just check my own CPE record and see what was awarded.

This is what ISC2 say

"CPE credits are weighted by activity. Shown below are common categories of activities and the amount of credits you can earn for each. Typically, you will earn one CPE credit for each hour spent engaged in an educational activity. However, some activities are worth more credits due to the depth of study or amount of ongoing commitment involved. In general, CPE credits are not earned for on-the-job activities.

Attending Educational/Training Courses and Seminars
Educational training course and seminars related to the domains of your credential will qualify for one Group A CPE credit for each hour of attendance. Training courses and seminars that are not domain-related to your credential, qualify as one Group B CPE credit for each hour of attendance. "

the_hutch · October 2012

JDMurray wrote: »

A typical semester college class is 3hrs/week for 16 weeks, which is 48 hours total. So that would make one college class equal to 480 CPEs? I don't think that's correct. Lemme see if I can find the thread where we went over this calculation.

I would think they would use the same classification as most schools, that is to say...not literal classroom hours but "semester hours" or "quarter hours". So a 3-semester-hour course would yeild 30 CPEs, not 480. At least that's my understanding...but could be wrong.

JDMurray · October 2012

According to the (ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES:

Completing a Higher Academic Course
One CPE credit is permitted for each hour spent in a class, or for online classes. Credits
will only be given on passing or successfully completing the course. To qualify as a
Group A credit, the course must be related to the credential domains. Otherwise it can be
considered for a Group B credit.

'nuff said.

ajs1976 · November 2012

I have accepted an Admin position at a small bank / financial services firm. Although not specifically an info sec role, any knowledge in that a area will be useful.

CAG, a firewall cert, and the undergrad certificate are all on my to do list, but I need to focus on some non-info sec areas first. Then I may skip SSCP and go straight to CISSP.

rob1234 · November 2012

Thanks!

After Secuirty+ but before CISSP

Comments