How long did it take you? (edit: passed!)

milliamp

I am going to take some time off but so far I think this will be my next exam.

How long did it take you to finish the exam?

darkuser

i'd buy a book and spend 3-4 weeks.
unless you can memmorize the sans website.

milliamp

I saw some people that mentioned their total study time was ~20 hours.

I'll take your challenge.

RussS

I have seen people not study for it and pass - I have also seen people study 50 hrs or more and fail.

keatron

I think it depends on your test taking skills, experience, and memorization skills. I purchased a book for Security+ but never really read it. But I'm reading security books, publications, articles and websites all the time. So I think it's a tough call.

Do you have experience already?

milliamp

keatron wrote:

Do you have experience already?

Yes I do

evanderburg

2 weeks

KGhaleon

I'm going to take it friday, after studying about 2 or 3 weeks. I also spoke with the administrator who runs the networks at an old school that I took classes at, and he gave me the rundown on network security. It's always nice to know someone who's already had plenty of security experience.

KG

milliamp

Well I took yesterday off work to study and took and passed my exam this morning (so much for taking time off first ).

I didn't smoke the exam but I am happy enough to just pass.

Some of the questions were tricky, with most exams your first answer is the best answer but with this one it helped to take time and really process some of the questsions before selecting an answer.

I am really not sure which certification is next. I'd really like to first focus on stuff that does not expire but I am not sure there are any left worth having.

I think my options moving forward are:
LPI Junior Linux admin:
CCNA
CISSP

I am not yet sure which of the 3 I am going to go for.

Webmaster

milliamp wrote:

I think my options moving forward are:
LPI Junior Linux admin:
CCNA
CISSP

I am not yet sure which of the 3 I am going to go for.

I can't say what you should do, but if you have the 4years required experience, I'd definitly go for the CISSP. It's kinda like choosing between a Honda, Volkwagen, and a Mercedes SLK (the latter representing the CISSP...) Which one you should choose depends on a lot of factors. I.e. what do you want to do (Linux admin, networking, or security), what's in demand in your area, what's your experience, hence how do the above add to your resume, etc.etc.

Congrats on passing the Security+!

milliamp

The only reason I am postponing the CISSP is because while you are certified they require you pay them a maintenance fee and take classes etc. Holding on to it seems like high maintenance so it would be a good one to do later on.

Right now I am really trying to get the the low maintenance certifications so I am not stuck having 5-6 certifications that need to be renewed every 2 or 3 years and working on all the one time certs at the same time (It would be like working a second job).

I was thinking about going for the LPI one because I just finished Linux+ and the timing would be good.

I think I know what my next certification will be though.

Webmaster

milliamp wrote:

The only reason I am postponing the CISSP is because while you are certified they require you pay them a maintenance fee and take classes etc. Holding on to it seems like high maintenance so it would be a good one to do later on.

IMHO your postponing it for the wrong reasons then. The fee is peanuts compared to the salary of the average CISSP, and you are not required to 'take' classes. Teaching classes helps, writing articles, and a lot of other things you can do to get the required points to stay certified, things you want and need to do anyway as a CISSP. So it would hardly be a second job or even comparable to the amount of work you need to do for the job itself as working in the security arena requires you to keep up to date for the (first) job.

Like I said in my previous post, it's all up to you. LPI would be a good follow-up for the Linux+ exam and those linux skills will definitely come in handy an infosec job.

keatron

Johan is right, you don't have to take classes. You can use them if you want, but it's not a requirement. Here's some of the things you can do to earn your CPE points

Attending educational courses or seminars
Attending security conferences
Being a member of an association chapter and attending meetings
Listening to vendor presentations
Completing university/college courses
Providing security training
Publishing security articles or books
Serving on industry boards
Self-study
Completing volunteer work, including serving on (ISC)² volunteer committees

It's pretty flexible, and if you notice, some of these things cost you nothing. (Except time).