Security+ Exam Good Primer for CISA?

I have been in my CyberSecurity Compliance job since November and I'm trying to absorb as much as I can on network principles, security principles, and even C++ programming (for my Master's Degree in Information Assurance). My company offered us a CISSP boot camp for free although I don't know when I'll have the time (or $$) to pay for that exam. I also feel that I'm missing some key concepts: I just took a self-assessment on a lot of networking fundamentals and I got 30% on the self assessment. I had no idea about the cabling (Cat5), 10BaseT, WAN, VLAN questions, the list goes on and on. I have work to do.

I took the CISA exam 2 years ago and missed by 20 points - I think the CISA is suited better to what I want to do in the future, but I feel obligated to pursue the CISSP since I am working in a technical realm in my job. So I feel pulled in too many directions: Security + first, CISA second, then CISSP third? Does this make sense? I had a few recommendations on CCNA too but I don't know when I'll be able to tackle that since I have no experience with Cisco at all.

Thanks for some guidance. Unfortunately, I'd like to learn everything at once but my family keeps getting the way!

Find more posts tagged with

Comments

numberfive

free CISSP boot camp will be a good use of time for sure. can't see why you would decline such an opportunity, way better for you than CCNA knowledge wise.
if you feel that you lack technical knowledge then you should go for CISA first and move to CISSP after (when you will get more practical experience). dunno how is it in US, but in europe Security+ is pretty much useless imo.

andhow

I completed my CISSP, Security+, and then went on to get my CISA all in the course of about 3 months. (My old job didn't encourage or particularly recognize certs...) I have to say that the CISSP complimented the CISA a bit as there was some overlap in the material. You could see many similar themes although CISSP went into detail around encryption, access management, etc while CISA only scratched the surface.

Security+ and CISA both demand some understanding of how technology "works". Security+ is more in depth. I'm hesitant to say that Security+ helped me prepare for the CISA though. CISA expects you to understand technology so you can have a good understanding of controls. Security+ is more in depth about how those controls should be configured or where there may be some scrutiny needed. Do they complement each other? Sure, but you need to understand that there is so much more in the CISA around core audit capabilities that Security+ doesn't even touch.

You may want to look into Network+ study material to give you a better understanding of network fundamentals.

In a past life I was a UNIX administrator. This was back in the day when UNIX servers did everything from firewalls and routers to database and mail servers. (Wow that was a fun job!) It gave me a great understanding of how networks needed to be configured and how "IT" works. Along this line, you may want to build yourself a Linux server (virtual or otherwise) and set these up. You will learn technology fundamentals that you won't find in a book.

Good luck!

andhow

numberfive wrote: »

dunno how is it in US, but in europe Security+ is pretty much useless imo.

I can't completely disagree. My studying for Security+ involved me reading the first 4 pages of a Security+ Exam Cram book... It was so much like a "light CISSP" that I didn't see the point in spending more time studying. I put the book down and just took the test.

wes allen

I don't know about CISA, but Sec+ can be a good warmup for CISSP if you are week in the domains Sec+ covers. You might even look into studying for, but not necessary taking, Net+ or CCENT to help get those basics down.

If you are looking at CISSP in the near future, then Sec+ should be a pretty casual experience, like a few days reading Darrils book then taking the test. If Sec+ feels even kinda tough, then you will need much more time to prep for CISSP. Once you have CISSP or CISA or any other mid level cert, Sec+ isn't going to add any value to your resume.

razz2525

Sorry, we were already given the CISSP training at work but now I'm having so much trouble refreshing myself on all of that material between the demands of work and home plus the $$ involved in taking the test. I will definitely take the test but I'm such a noob with the networking concepts, a lot of the CISSP material taught was very high-level. This boot camp was not a deep dive but touched on the main areas that the teacher thought would be the most important to learn. Shon Harris' book was awesome as the textbook for the class but it was overwhelming for me. Basically, I was introduced to the acronyms before I even understood how the acronymned terms even relate to one another!

I will try Darril Gibson's book for Net+ information and move on from there!

As for building my own Linux server, where would I start to do that?

I learn by doing - I can read forever but I need to do it (or live it) to really understand it.

andhow

razz2525 wrote: »

As for building my own Linux server, where would I start to do that? I learn by doing - I can read forever but I need to do it (or live it) to really understand it.

It's been a while since I built a Linux server. I used VMware Workstation and created a 40GB virtual ubuntu session. I'm sure others here could recommend other ways to do it. You should know that most flavors of Linux have fantastic front ends that... dumb down the configuration experience. (Yeah, I said it.) The issue with this is that you may not understand how the administrative GUI is making things happen. If you decide to explore Linux, please get familiar with the GUI and take some time to understand what the GUI is doing in the background. Understanding files like the /etc/hosts, /etc/resolv.conf, /etc/nsswitch.conf, /net/netmasks, /etc/sendmail, and others all help you understand how the environment works. Screw up the server (change the netmask or duplex) and see the impact to which systems you can ping, how it creates collisions, and lost packets and where you can find the errors. Install a firewall (very useful for understanding CISSP and Security+ bodies of knowledge) and see how disabling different ports impacts different services.

To be fair, I'm very biased around UNIX administrators. I know that somebody that has been in UNIX administration for a year understands patch management, network configuration, vulnerability management, access management, and many other areas which add value all across IT and all of which are useful in the security world.

brownwrap

I have built man UNIX and Linux boxes. Sun/Solaris, HP, SGI, and RedHat variants. I have finished the Linux From Scratch project twice, and contemplating trying it once more.

LFS Project Homepage

Actually finished LFS and BLFS twice:

brownwrap.blogspot.com

brownwraps-linuxfromscratch.blogspot.com/