Associate of CISSP
Dear All,
I currrently working in SOC and have experience of 18 mnths experience .
I am planning to give asscoiate exam for cissp i wanted to know if i am egilible for the exam , also wanted to know am i working in one of the 10 domains of cissp.
Plz provide your suggestion open to all type of suggestion.
thnks in advance
I currrently working in SOC and have experience of 18 mnths experience .
I am planning to give asscoiate exam for cissp i wanted to know if i am egilible for the exam , also wanted to know am i working in one of the 10 domains of cissp.
Plz provide your suggestion open to all type of suggestion.
thnks in advance

Comments
2. What are your job responsibilities?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
I mean I get it. Associate status is supposed to be that weird in between phase between heaven (full cert) and hell (the test) (shivers). But if we are held to the same standards as fully credentialed members (still have to earn CPE, still have to pay AMF, still have to subscribe to canons etc) then we should get something for our troubles. A pencil case or maybe like a hug or something lol.
Sorry to thread jack op I think associate status is good for you because you already have experience and are in an infosec position. Just gotta let that baby vest.
I don't really get the "baby vest" part.
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Just my way of saying that, once you pass the test the hard part is over. It's just a waiting game at that point.
Ya tht is very true .
I am only reading shon harris 5th edition and not referring any other book is that ok or i shall i refer anything more.
Ya emerald it has many concepts and terms to cover can you tell me sites where i can get scenarios based question for Cissp exams
I agree...Shon was just too much in the time I wanted to accomplish the CISSP. I am a firm believer than Eric Conrad Book is sufficient enough to conquer the exam. I didn't have too much experience as well I had a little over a year of Info Sec experience, but I picked up the material quickly. Conrad prepared me to pass the exam, everything else I didn't know I Youtubed it. Some Great video tuts on youtube. Really gave me and understanding of confusing concepts. Sometimes its better to see things than read it.
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
You can also have either one year waiver if you have a certificate as stated from their website, which concludes either 5 year or 4 year with degree or 4 year with a certification as listed on their site.
From what I understand, SOC gives you experience in the networking domain (Security Device), and risk management if you are setting procedures for SOC (because you have to set the monitoring procedure to reduce the risk to an acceptable level). Software if you are an engineer programming for SIEM.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
For example, I was involve in working with my local security team for setting down a procedure to monitor for unauthorised password reset after office for generic accounts, and a proposing a new use case for monitoring for all management account at all times. This is because of the bulk of the password reset that SOC have to monitor daily, but at the same time we acknowledge the huge amount of rights that our user account administration team has to be able to reset anyone password, login and abuses that privileages in that short amount of time, therefore we look at a monitoring solution that is acceptable by the local security team, monitoring team and auditor. Our conclusion from our findings is that during office hour, the risk is minimal, due the the reason that employee is around and can raise suspicion themselves if their account password is reset for malicious purpose, and there is compensating controls in place to monitor for any other login abuse (ie abuse of login to Critical Servers). However, the same situation, the risk is high after office hour as there is no reason for people to reset/forget the password. In addition, we set down the procedure that all management password reset is for monitoring due to the high risk of confidential information from their emails.
That is however, that is an experience and view from my intrinsic self. If you would say from your experience and view or in general Security Operation Center covers the Security Operation Domain, in that aspect I do not disagree with you.