sabooher wrote: » Unless you can account for at least 5 years of experience covering 2 or more of the 10 domains, you will only be able to achieve the associate of (isc)2 designation. You will then have to wait to gain the experience before being endorsed. Nothing wrong with thw associate, you just couldn't officially call yourself a cissp. You may want to consider the security+ as well or the sscp.
geek4god wrote: » I was aware of that.. But the associate covers DOD Directive 8570 and that is what I am concerned with. Have security+ and SSCP seemed redundant with SSCP and I would be an Associate in it as well..
JDMurray wrote: » geek4god, you already have the Security+, right? There is a very large gap between the Security+ and CISSP certs and not many mid-level InfoSec certs to fill it. The SSCP, GSEC, and CEH are good examples of InfoSec certs that are in that range that are also on the 8570.01 list. Of those, the SSCP is the best one to prep you for the CISSP. The CISA and CISM certs are very relevant to the CISSP too, and you can take those exams without having the required experience just to practice for the CISSP. As others on this thread have pointed out, the best thing you can do for yourself is to understand your career goals. This is the major determinate factor for which certification you will choose to achieve.
ibcritn wrote: » What do you want to do in IA? Answering this question will help you understand some certs to go for. Security+ is a great cert to start with...id also consider GSEC.
geek4god wrote: » Is there an effective way to do GIAC without doing the SANS boot camp stuff? I have looked at several that look appealing but the cost of the SANS boot camps are scary! Especially if I am talking having to take several.. 301 is $3,525 and 401 is $4,095 and there are about 5 others that look great to me. 501, 503, 504, 560 etc.
geek4god wrote: » Career goal #1 is get a job in Security. Until I am in and around it I will not be sure of what I want to do.
geek4god wrote: » I am 43 so I will be at a disadvantage when looking at entry level and lack the experience IMO to swing much more.
JDMurray wrote: » And the final word for all of us is, "Regardless of your educations and certs, experience is still The King."
geek4god wrote: » ibcritn some good stuff in there.. I have been using Backtrack4 for some class stuff and they even have some certs for it. How widely used is it?
geek4god wrote: » Big difference between “professional experience” and “direct full-time security work experience”! Not sure how anyone in a security related field ever gets this.. If 1/3 of your job is "Access controls" and 2/3 is sysadim, but you have 10 years at it you might not ever meet the requirements of “direct full-time security work”. Maybe that is the point!
SephStorm wrote: » In my mind, CISSP is an HR tool, nothing more.
JDMurray wrote: » You are looking at the requirements too strictly. Marketing-wise, the SSCP is aimed at people who have very little InfoSec work experience and are typically newly (1-3 years) out of college. So the (ISC)2 is not expecting CSO-level experience for the SSCP. Theoretically, an entry-level help desk tech who has spent a year doing nothing but resetting passwords would be endorasable for the SSCP (under the domain of Access Control). So you don't even need the word "Security" in your title to be acceptable--otherwise I wouldn't have passed the audit.