Post CISSP advice

abnmi

Good afternoon all, recently passed the CISSP and now want to become more technical oriented. I am a former military intelligence guy now work as a US Govy INFOSEC Specialist. What certs or learning would complement the CISSP and provide better depth to it. Thanks in advance.

Darxtar

For government InfoSec work, CAP or ISSEP

Chivalry1

Many of the GIAC certification offer great technical disciplines. The courses are expensive but if you can get your employer to pay that will be worth the investments.

broli720

I suggest figuring out what you actually want to focus on. If it's networking go Cisco, if it's servers then Microsoft. Figure out what you want to do then focus on learning the technologies.

YFZblu

I feel like there's way too much fun stuff going on in military infosec to stick to admin'ing networks and servers - Security analysis is where it's at in my (biased) opinion...Personally I'd be trying to find a secor of military infosec which deals with cybercrime and incident handling.

Cert-wise, I think SANS and Offensive Security have the best technical training available.

LarryDaMan

YFZblu wrote: »

Cert-wise, I think SANS and Offensive Security have the best technical training available.

You mean training-wise, I think SANS and Offensive Security have the best technical training available.

Cert-wise, the GIAC/SANS stuff is not well marketed and reads like the alphabet-soup of certifications.

YFZblu

LarryDaMan wrote: »

You mean training-wise, I think SANS and Offensive Security have the best technical training available.

Cert-wise, the GIAC/SANS stuff is not well marketed and reads like the alphabet-soup of certifications.

The reality is, if a security person doing interviews doesn't recognize and understand the value of GIAC certification; that person should probably not be doing interviews.

It is also that same person's job to communicate this to HR who does the initial screening. No excuses. The training is that good.

dou2ble

I don't think that's the reailty of the real infosec world. I would always recommend CISSP first, then GIAC/SANS. I agree with LarryDaMan that GIAC/SANS have great training material but no hiring manager that I know of primarily asks for these certs. We do recognize the value of them but the industry perfers ISC2 and ISACA. It is what it is. And because GIAC exams are open book the perception is that it's easier/watered down. Our clients don't say we want someone with experience and no certs, they don't ask for experience with GIAC/SANS, but what they do ask for is at least one Sr on the project with experience plus CISSP, CISM or CISA. HR is filling a spot based on the requirements, arguing with them over what cert is best doesn't help the applicant. Even in DOD circles I've heard of managers that have GSLC, which meets the IAM3 requirement, being told they must get their CISSP too.

YFZblu wrote: »

The reality is, if a security person doing interviews doesn't recognize and understand the value of GIAC certification; that person should probably not be doing interviews.

It is also that same person's job to communicate this to HR who does the initial screening. No excuses. The training is that good.

dou2ble

abnmi wrote: »

Good afternoon all, recently passed the CISSP and now want to become more technical oriented. I am a former military intelligence guy now work as a US Govy INFOSEC Specialist. What certs or learning would complement the CISSP and provide better depth to it. Thanks in advance.

CISSP concentrations ISSEP and ISSAP fill the 8570 IASAEIII requirement. ISSMP is CND-SP Manager. I'm looking at taking the ISSEP or GSLC next year. If you have a technical background it'll def help to get some Microsoft, Linux or VMC too.

tprice5

dou2ble wrote: »

If you have a technical background it'll def help to get some Microsoft, Linux or VMC too.

What is this VMC you speak of?

Edit: Abdmi, your LinkedIn profile is not accessible from the link you listed on your page.