Cissp

Discussion in 'Other IT certifications' started by Rob1234, May 1, 2011.

  1. Rob1234

    Rob1234 Megabyte Poster Forum Leader

    940
    127
    114
    I am looking to start studying for this exam soon, just wondered if anyone here has done it or has any experience of it?
     
    Certifications: A few.
  2. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    I tried and failed the SSCP, which I thought was very hard and long. I believe that Bri1981 has done done the CISSP, just do a search :)

    -ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  3. Rob1234

    Rob1234 Megabyte Poster Forum Leader

    940
    127
    114
    Yeah I did a search and went back through some old posts saw yours from what I have heard it is a very tough exam, found out a bit more about it from this forum TechExams.net IT Certification Forums - Powered by vBulletin it seems more US based (the forum that is) and they seem to love CISSP out there due to DOD.
     
    Certifications: A few.
  4. Bri1981

    Bri1981 Byte Poster

    207
    21
    27
    Hiya mate, I did it the year before last. It's a tough one, I used the Shon Harris all in one book which was a monster.
    What materials are you using?
     
    Certifications: See signature
    WIP: MBA entry diploma
  5. Rob1234

    Rob1234 Megabyte Poster Forum Leader

    940
    127
    114
    Hi, Glad your around :D

    Well that is my next step deciding what to use. I have spent the last week finding out about the cert etc. I am lucky work are paying for it all so I am hoping to get 2 books, some training videos and then just before the exam going on a review seminar, I am giving myself about 12 months to do it.

    Did you use anything else execpt the Shon book? everyone recommends that so will get that one.

    I am going to use my MCSA or MCITP to take a year off the 5 years experience requirement then go down the associate route. Maybe you can help will this experience count towards the 5 years: for experience in my current and past roles I have done things like create AD groups and control access to folders so that only certain users have access. Also I have been in charge of encrypting of our hard drives and usb sticks. Would these things count as experience that I can put towards the 5 years?

    Thanks
     
    Certifications: A few.
  6. Bri1981

    Bri1981 Byte Poster

    207
    21
    27
    I also had a look at the CISSP for dummies as I found some of the domains a bit painful, encryption especially! That helped a bit.
    12 months is plenty of time, took me around a month, I hammered the study though.
    Have you thought of doing the Security+ first? That will give you a nice foundation (and there is quite a bit of overlap) and put you a step closer to MCSE or MCSE Security, that way you can take 2 years off the 5 they require.

    The experience you mention should be fine, I put similiar stuff on my application once I passed the exam.
     
    Certifications: See signature
    WIP: MBA entry diploma
  7. Rob1234

    Rob1234 Megabyte Poster Forum Leader

    940
    127
    114
    One month!! you making me look a slow learner now :D

    I thought about the security + but it does not look that great on the CV espically compared to CISSP so would rather just go for that. Also I belive you can only take 1 years experience off regardless of how many certs you have like MCSA, Security + etc.

    Thats good about the experience I might be able to become a full CISSP rather then just an associate CISSP :)
     
    Certifications: A few.
  8. Bri1981

    Bri1981 Byte Poster

    207
    21
    27
    My mistake mate, you are right, was thinking about the CISM (Where CISSP equals 2 years) D'oh!
    The Security+ is not regarded as highly but might be beneficial taking a look before the beast that is CISSP. That way you'll already be familiar with alot of the material, you'll have the cert and it will probably make your MCSA an MCSA Security.
    If you had planned 12 months you could get both in easily!
     
    Certifications: See signature
    WIP: MBA entry diploma
  9. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    Speaking to a bunch of the security guys here and they advise against the CISSP, they actually rate it as being on par with the MCSE with regards to Security quals, they say that the people doing the CISSP should be non-technical managers rather than techies, so if you want to move out of being a techy then go for the CISSP but if you want to stay a techy go for the SANS courses instead.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  10. Monkeychops

    Monkeychops Kilobyte Poster

    301
    22
    25
    It's by no means a technical certification (there's a little bit of techy stuff but not much), but I don't see how it is seen on par with an MCSE! The content is always said to be 'a mile wide and an inch deep' as it covers quite a broad range of topics.

    I'm historically a techy which helped in some of the topics, but if you are like one of my colleagues who is a techy through and through and doesn't like or get the other kinds of things then it's probably not for you.

    It's designed for someone who wants a career in information security management.

    As you say it's not really for someone who wants to be a die hard techy, but some things in there will help. And in my opinion it is never ever a bad thing to have a bit more what I'd call 'business awareness' rather than just knowing pure techy stuff.

    At the end of the day look at the job adverts for the kind of jobs you want to be doing and see what they ask for. SANS stuff might be good, but you don't see it asked for on many jobs compared to a CISSP. And when your first step is getting your application past HR screening you want to be able to put as much stuff in it that they are specifically asking for as you can!

    Personally I've found it a very good cert to have to get where I want to be, in the next couple of weeks I'll be starting a new job as either a senior consultant at a large financial in their vulnerability/pen test team, or as a senior infosec manager for a large consultancy. The CISSP was easily a help in getting as far as I have done with both positions.

    I got round to doing mine about 18 months ago, I also echo the comments that doing the Sec+ isn't a bad idea to get you started as there's a bit of overlap and it covers some of the topics in lesser detail that might be handy.

    All depends on how long you've got to do it :)
     
    Last edited: May 4, 2011
  11. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    All pen test forums I've seen say CISSP is laughable, yet another instance where certs and recruiters have skewed the market against real knowledge and expertise.

    However there are a lot of corporate jobs where they essentially just want a fall guy to take the security manager post, for these its probably perfect.
     
    Last edited: May 4, 2011
  12. Monkeychops

    Monkeychops Kilobyte Poster

    301
    22
    25
    Well for pen testing they're right, as it's not a pen testing cert! It's an information security management cert designed for management/assurance type roles.

    Taking the pen testing scenario as an example, the CISSP type person comes into play to look at the business aspects of the results of such tests, analysing the risks to the business etc.

    If you're wanting to get more into the nitty gritty then you could then go for the specialist CISSP concentrations.

    If you want pen testing then you've got the CeH, CREST/CHECK, the SANS stuff, and all manner of other hands on security certs and routes you can go down.

    The CISSP, CISM, CISA et al are all your manager kind of certs.

    But it is a problem with companies just blanket asking for a CISSP for anything security related. But I guess on the flip side if it's so laughable and easy to get then why not just do it to put a tick in the box ;)

    So to the OP I'd say what area of security is it you want to go into, this will help dictate what certification path you should go down.
     
    Last edited: May 4, 2011
  13. Rob1234

    Rob1234 Megabyte Poster Forum Leader

    940
    127
    114
    Thanks for your comments I am looking to move to the Information security management side of things not right away in time once I have more experience that is, but like you said about job adverts etc. this cert is one that is asked for alot.

    What study material did you use to pass the exam?
     
    Certifications: A few.
  14. Monkeychops

    Monkeychops Kilobyte Poster

    301
    22
    25
    Well I did the Sec+ a bit before, then it was just on the job stuff coupled with being sent on one of ISC2's revision seminars to polish things off before taking the exam.

    Was taken with the lead instructor at ISC2 at the time who was an amazing bloke, the stories he had from his previous work in the US military were something else.

    Wasn't your normal 'read the Shon Harris book' method the majority of people use ;)

    But as others have done, the cheapest way is to grab that book and depending on your background in the field maybe do the Sec+ first using the Mike Meyers Passport book.
     
    Last edited: May 4, 2011
  15. Rob1234

    Rob1234 Megabyte Poster Forum Leader

    940
    127
    114
    As work are paying I will be doing a revision seminar as well, people have said they are good.
     
    Certifications: A few.
  16. Bri1981

    Bri1981 Byte Poster

    207
    21
    27
    Good luck mate, let us know how you get on.
     
    Certifications: See signature
    WIP: MBA entry diploma
  17. Spidey76

    Spidey76 Bit Poster

    37
    4
    8
    I may be interested in checking out CISSP once I get the MCSE/MCIT:EA out of the way. Is it a technical qualification or more design approach?
     
  18. Monkeychops

    Monkeychops Kilobyte Poster

    301
    22
    25
    It's an information security management certification. The techy stuff that is in there is pretty high level stuff.

    Check out the ISC2 website for more info, gives details on the pre reqs and stuff as well.
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.