Associate of CISSP

Althmash7Althmash7 Member Posts: 40 ■■□□□□□□□□
Dear All,


I currrently working in SOC and have experience of 18 mnths experience .

I am planning to give asscoiate exam for cissp i wanted to know if i am egilible for the exam , also wanted to know am i working in one of the 10 domains of cissp.


Plz provide your suggestion open to all type of suggestion.

thnks in advance :D

Comments

  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    1. Anyone can take the CISSP exam and become an Associate of ISC2
    2. What are your job responsibilities?
  • emerald_octaneemerald_octane Member Posts: 613
    Associate of (ISC)2 toward CISSP status is great (except they don't give you a plaque or anything. We should get something for passing that damn test).
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    You get nothing? Wow, that's kind of lame on (ISC)2's part.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    You get to put the keyword "CISSP" on your resume. That's what you really want.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Well, of course - But we all enjoy getting that envelope in the mail :D
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    So wait... you get the certificate at the "Associate" level?
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • emerald_octaneemerald_octane Member Posts: 613
    U get nothing but the congratulatory email that you passed the exam.

    I mean I get it. Associate status is supposed to be that weird in between phase between heaven (full cert) and hell (the test) (shivers). But if we are held to the same standards as fully credentialed members (still have to earn CPE, still have to pay AMF, still have to subscribe to canons etc) then we should get something for our troubles. A pencil case or maybe like a hug or something lol.
    Sorry to thread jack op I think associate status is good for you because you already have experience and are in an infosec position. Just gotta let that baby vest.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Thanks for letting us know. I did read that we still have to pay the AMF, sign the code and earn CPE at the Associate level but its just a little less. We should get a hug for passing :P

    I don't really get the "baby vest" part.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • emerald_octaneemerald_octane Member Posts: 613
    I don't really get the "baby vest" part.

    Just my way of saying that, once you pass the test the hard part is over. It's just a waiting game at that point.
  • Althmash7Althmash7 Member Posts: 40 ■■□□□□□□□□
    JDMurray wrote: »
    You get to put the keyword "CISSP" on your resume. That's what you really want.


    Ya tht is very true .

    I am only reading shon harris 5th edition and not referring any other book is that ok or i shall i refer anything more.
  • emerald_octaneemerald_octane Member Posts: 613
    I would throw some videos in there as well, if possible. If you can read shon cover to cover then you might be able to pull it off, but I thought it was a bit too verbose for the amount of time I had to study for the test (~ 4 months).
  • Althmash7Althmash7 Member Posts: 40 ■■□□□□□□□□
    I would throw some videos in there as well, if possible. If you can read shon cover to cover then you might be able to pull it off, but I thought it was a bit too verbose for the amount of time I had to study for the test (~ 4 months).


    Ya emerald it has many concepts and terms to cover can you tell me sites where i can get scenarios based question for Cissp exams
  • emerald_octaneemerald_octane Member Posts: 613
    cccure.org is pretty much de facto for learning concepts. Note that I have not come across a resource that adequately prepares you for the exam except for some questions dished out in the review seminar handbook. cccure won't prepare you for the type of questions but it will prepare you for the concepts which is important in figuring out the question and answer.
  • BigstarsBigstars Member Posts: 13 ■□□□□□□□□□
    I would throw some videos in there as well, if possible. If you can read shon cover to cover then you might be able to pull it off, but I thought it was a bit too verbose for the amount of time I had to study for the test (~ 4 months).


    I agree...Shon was just too much in the time I wanted to accomplish the CISSP. I am a firm believer than Eric Conrad Book is sufficient enough to conquer the exam. I didn't have too much experience as well I had a little over a year of Info Sec experience, but I picked up the material quickly. Conrad prepared me to pass the exam, everything else I didn't know I Youtubed it. Some Great video tuts on youtube. Really gave me and understanding of confusing concepts. Sometimes its better to see things than read it.
  • Emjozac12Emjozac12 Registered Users Posts: 1 ■□□□□□□□□□
    Can I become CISSP with an AAS (Associate degree )?
  • ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
    Do you have the required amount of experience? The right degree or cert will decrease the requirement from 5 years to 4 years.
    Andy

    2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    The (ISC)2 requires a 4-year Bachelors degree to waive one year of experience and nothign less degree-wise. You already have the SSCP, so that's your one-year knocked off right there.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    JDMurray wrote: »
    The (ISC)2 requires a 4-year Bachelors degree to waive one year of experience and nothign less degree-wise. You already have the SSCP, so that's your one-year knocked off right there.

    You can also have either one year waiver if you have a certificate as stated from their website, which concludes either 5 year or 4 year with degree or 4 year with a certification as listed on their site.

    From what I understand, SOC gives you experience in the networking domain (Security Device), and risk management if you are setting procedures for SOC (because you have to set the monitoring procedure to reduce the risk to an acceptable level). Software if you are an engineer programming for SIEM.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Policies are made up much higher in the administration than SOC personnel. SOC is for monitoring, analysis, and reporting to other groups and customers. This is clearly the Monitoring and Analysis domain of the SSCP and the Operations Security domain of the CISSP.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I do not disagree with you if you would say that SOC mainly covered in the Security Operation Area, since the word is highly related and similar. But a look into the Security Operation chapter of the CISSP book did not covered anything on Security Monitoring, but rather, vulnerability/config/patch patch management, storage handling, backup, incident handling and Raid. But rather, the Security Devices uses by SOC are found in Chapter 2 under networking where you can find firewall, IDS explanation and concepts. Policies may seems totally out of place for SOC, but in my of work for SOC, we have to define procedures that reduces risk to an acceptable level for some of the use cases/monitoring derive from the Security Policy.

    For example, I was involve in working with my local security team for setting down a procedure to monitor for unauthorised password reset after office for generic accounts, and a proposing a new use case for monitoring for all management account at all times. This is because of the bulk of the password reset that SOC have to monitor daily, but at the same time we acknowledge the huge amount of rights that our user account administration team has to be able to reset anyone password, login and abuses that privileages in that short amount of time, therefore we look at a monitoring solution that is acceptable by the local security team, monitoring team and auditor. Our conclusion from our findings is that during office hour, the risk is minimal, due the the reason that employee is around and can raise suspicion themselves if their account password is reset for malicious purpose, and there is compensating controls in place to monitor for any other login abuse (ie abuse of login to Critical Servers). However, the same situation, the risk is high after office hour as there is no reason for people to reset/forget the password. In addition, we set down the procedure that all management password reset is for monitoring due to the high risk of confidential information from their emails.

    That is however, that is an experience and view from my intrinsic self. If you would say from your experience and view or in general Security Operation Center covers the Security Operation Domain, in that aspect I do not disagree with you.
Sign In or Register to comment.