Options
How do I get verifiable experience?
nsummy
Registered Users Posts: 3 ■□□□□□□□□□
Apologies if this has been asked before, I did a search and couldn't find anything. Basically I have been working in IT roughly for 10 years now, starting out with help desk & tech support, to now providing all internal support for a company of 45 people. My current job ranges from fixing broken computers, to setting backup policies, to configuring switches & firewalls. I pretty much do everything except programming.
We are hiring someone to handle the more help-desk style user issues and I'm going to be transferring to a strictly system admin role where I will be dealing with security a lot more. My boss wants me to get a CISSP which I am happy to do but the more I read the more I'm not sure if its such a good idea. While I have plenty of experience in IT and some in security in general, it appears that it will be impossible for me to get any past or future experience verified as I do not know anyone who is CISSP certified.
Looking at other certs it appears as they have similar requirements (unless I'm missing something). My questions is, even if I pass these tests am I wasting my time because I will never be able to prove any experience? I literally know no one that has any security certs. I'm completely lost as to what to do. It seems like I could spend all day working on firewalls, security cameras, encryption, etc and I still still would be dead in the water because no one could verify for me. Any advice? Thanks in advance!
We are hiring someone to handle the more help-desk style user issues and I'm going to be transferring to a strictly system admin role where I will be dealing with security a lot more. My boss wants me to get a CISSP which I am happy to do but the more I read the more I'm not sure if its such a good idea. While I have plenty of experience in IT and some in security in general, it appears that it will be impossible for me to get any past or future experience verified as I do not know anyone who is CISSP certified.
Looking at other certs it appears as they have similar requirements (unless I'm missing something). My questions is, even if I pass these tests am I wasting my time because I will never be able to prove any experience? I literally know no one that has any security certs. I'm completely lost as to what to do. It seems like I could spend all day working on firewalls, security cameras, encryption, etc and I still still would be dead in the water because no one could verify for me. Any advice? Thanks in advance!
Comments
-
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
Based on what you're saying here, it doesn't look like you'll even meet the required 5 years in at least two of the security domains.
-
Optionsnsummy
Registered Users Posts: 3 ■□□□□□□□□□
I understand that, I'm not claiming I have the required experience now. I'm just asking what I do if I get the 4-5 years experience & don't know someone with a CISSP?
Also, maybe a more appropriate question, beyond Security+, what would be a good cert for someone doing a lot of security work but maybe not as their full time job. I want to get into more security oriented work.... -
Optionsjasong318
Member Posts: 102
Take a look at the domains 'Networking & Telecommunications' and 'Operations Security', you'll probably find you have some experience in those areas. And if you can't find a CISSP to vouch for you, you can have ISC^2 do an audit on you and your experience. And if you find that you don't have enough experience you can still take (and hopefully) pass the exam and become an 'Associate of ISC' until you get the 5 years of experience and then will become a full-fledged CISSP.
There are other security certs that don't require experience, such as CompTIA's Security+, CEH ,etc. -
Optionsnsummy
Registered Users Posts: 3 ■□□□□□□□□□
Thanks for the info jasong318, I'll take a look!
-
Options
emerald_octane
Member Posts: 613
ya you're putting way too much thought into it. When you get the experience, send your info to (ISC)^2 and you will receive the cert. Even if they audit you it isn't the end of the world; all they will do is call your people and confirm your duties. -
Options
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
Agreed, not to mention that certs can take years off of your requirement. If you have worked user account,s you have done "access control" If you have installed patches or updated anti-virus, you have experience in those areas. -
OptionsGoodBishop
Member Posts: 359 ■■■■□□□□□□
If you don't know someone with a CISSP, there is a secondary form you can fill out: https://www.isc2.org/uploadedFiles/Certification_Programs/applicant-endorsement-help-CISSP.pdfI understand that, I'm not claiming I have the required experience now. I'm just asking what I do if I get the 4-5 years experience & don't know someone with a CISSP?
Also, maybe a more appropriate question, beyond Security+, what would be a good cert for someone doing a lot of security work but maybe not as their full time job. I want to get into more security oriented work....
Beyond Security+, perhaps SSCP or CCNA+Security.
