topic Re: CISSP CERTIFICATION in Become A Member

CISSP CERTIFICATION

Roger — Mon, 09 Oct 2023 08:19:30 GMT

If you have CompTia Security+ Certificate and had worked with it for 6 years, do you stand the chance to get the CISSP Certificate? And then again is it necessary to have CompTia Security+ Certificate before embarking on your CISSP CERTIFICATION journey?

Re: CISSP CERTIFICATION

dwtramsey — Thu, 26 Oct 2017 12:46:55 GMT

I'd like to know the answer to this one. It seems pretty hard to get the required experience to qualify for CISSP enrollment, if you haven't got a CISSP!

Re: CISSP CERTIFICATION

0rfeus — Thu, 26 Oct 2017 12:49:08 GMT

Hi,

I did not have any other security related certificates but 10+ years IT related jobs before attempting the CISSP.

I spent some hours during the summer (few calendar months) reading the CISSP study book, attended a bootcamp, made my practice tests and passed the actual with no problems.

So I guess just do your studies and when practice tests show you know >80%, I think you are good to go...

Re: CISSP CERTIFICATION

dwtramsey — Thu, 26 Oct 2017 12:50:58 GMT

Hey

Quick response 🙂 thanks for the advice, very useful mate!

Dan

Re: CISSP CERTIFICATION

Roger — Thu, 26 Oct 2017 12:59:56 GMT

What kinda job were you into before embarking on CISSP CERTIFICATION?

Re: CISSP CERTIFICATION

Roger — Thu, 26 Oct 2017 13:00:49 GMT

Exactly

Re: CISSP CERTIFICATION

mwapemble — Thu, 26 Oct 2017 13:07:33 GMT

It's certainly not necessary to have the CompTIA (or any other) qualification prior to starting on CISSP.

Many people come to broad ranging security roles from either technical security (i.e. firewall or network admin) or from general IT. Others come in from more general employment in high-security environments (e.g. military and some government) or from specialist roles such as risk, audit or forensics, where they gain a degree of security experience.

Others come straight from college?

Personally, I was a systems engineer in a (very) high-security environment, and my last role project managing a secure communications system. I then transitioned in to security testing and then in to more general security work.

Re: CISSP CERTIFICATION

Roger — Thu, 26 Oct 2017 13:12:02 GMT

Apparently, you had a degree which helped you. But my situation is different. I don't have a degree in any security field. Taking the CISSP course straight without any knowledge in security, is it a good start?

Re: CISSP CERTIFICATION

jrisner1 — Thu, 26 Oct 2017 13:52:04 GMT

It is possible to take the test and pass with good preparation. However, if you are just getting into security it may be a good idea to do the Security+ or SSCP first. The requirements for the SSCP are must less stringent than the CISSP and once you pass it you can join ISC2. Either way Good Luck!!!

Re: CISSP CERTIFICATION

mwapemble — Thu, 26 Oct 2017 14:03:27 GMT

I don't have a degree in any security field.

Neither did I. I have a degree in electrical and electronic engineering. No security content whatsoever.

Taking the CISSP course straight without any knowledge in security, is it a good start?

For people without any academic background in computer security, I've always recommended Dieter Gollman's "Computer Security" book. It covers all the dull stuff (formal security models etc) that you are highly unlikely to have to think about after the exam. However, BoK revisions may have made this less important. Security Engineering (Ross Anderson) is also a solid background.

Re: CISSP CERTIFICATION

Roger — Thu, 26 Oct 2017 14:08:14 GMT

Thanks a lot for the information shared.

Re: CISSP CERTIFICATION

Roger — Thu, 26 Oct 2017 14:09:35 GMT

Thanks a lot 😊

Re: CISSP CERTIFICATION

Stpn2me — Thu, 26 Oct 2017 16:04:18 GMT

It's always good to have some type of security background when trying for the CISSP.

Remember, this is a graduate level certification. The Security+ is for entry level admins. What the CISSP shows is that you have been in the trenches and now you have some experience with Security management. When I first took the CISSP, I failed the exam because I hadn't gotten out of network administrator mode. And the test questions do test that. You have to look at the exam from a manager's point of view. I would suggest being in the field for a few years before taking the exam.

Stpn2me

CISSP, CAP

Re: CISSP CERTIFICATION

Roger — Fri, 27 Oct 2017 04:19:06 GMT

Thanks a lot 😊

Re: CISSP CERTIFICATION

QuizMeKid — Sun, 29 Oct 2017 14:26:13 GMT

Security+ is a great start it covers material in quite a few of the CISSP domains. Pending where you get your training, you can gain a good understanding of: Cryptography; OSI model gaining exposure to network security; compliance and operational security; threats and vulnerabilities; application-data-and host security; most importantly access control and identity management. You gain this knowledge and you will be well on your CISSP journey. However, remember it's a huge commitment so prioritized your time appropriately. Wishing you the best...

Re: CISSP CERTIFICATION

MarkyMark — Sun, 29 Oct 2017 14:28:25 GMT

@Roger wrote:
If you have CompTia Security+ Certificate and had worked with it for 6 years, do you stand the chance to get the CISSP Certificate? And then again is it necessary to have CompTia Security+ Certificate before embarking on your CISSP CERTIFICATION journey?

Since the CISSP is a "management" credential, it's certainly expected that one has some experience in security/risk management prior to going for the cert. That said, having any other certification is not a requirement.

Since you specifically mentioned Security+, while I have never sat for the exam, my understanding is that it's more of an entry level security designation. And while it does help one understand security fundamentals, it tends to focus more on security operations rather than management/strategic issues (this can be said for their more advanced CASP cert). This isn't either good or bad (it really depends on your current role actually). But there is always a tendency to "tier" certifications as we are ingrained with this concept from our school days (you start with primary school, then secondary, then college, etc.). I believe the DOD requirement also supports this.

I think the key is to not necessarily focus on the certification, but the knowledge/skills that they are supposed to represent. I know plenty of people who have more knowledge/experience than required for these certs, but never bothered to attain them. This doesn't really make then any less valuable.

Re: CISSP CERTIFICATION

Roger — Sun, 29 Oct 2017 14:29:06 GMT

Thank you very much. I will remember your advice.

Re: CISSP CERTIFICATION

Roger — Sun, 29 Oct 2017 14:32:07 GMT

Thank you very much for the enlightenment. Much appreciated 👍

Re: CISSP CERTIFICATION AND DETAILS STUDY GUIDE FOR INDIA

infomediazapps1 — Mon, 30 Oct 2017 06:23:05 GMT

mail us all details regarding cissp exam details.

Re: CISSP CERTIFICATION

QuizMeKid — Tue, 31 Oct 2017 16:28:30 GMT

Mark,

A person inquiring or obtaining certifications can have many objectives in mind, for some, it is an individual accomplishment, and for other, it is job specific and or required. For whatever one's purpose or need maybe, they have to develop their roadmap to achieve their personal goals. That said, Security+ is far from being an entry-level security designation. I would be more inclined to think Tech 1 level is the entry point with A+, Network+, and SSCP (Systems Security Certified Practitioner), which I believe is the associate level to the CISSP. Perhaps, the SSCP might be a more achievable certification for a newbie with a direct mapping to the CISSP. The CISSP tents to be more of a Check-box item than an actual application and or practice. Some people will tell you they never used anything learned from preparing for the CISSP in their workplace because that is not the CISSP purpose, the CISSP is designed more for thinking/strategy and less for the application (hands-on, tactical folks).

And I couldn’t agree with you more, the key is not necessarily to focus on the certification, but the knowledge and skills that the cert materials are supposed to represent. The push for certifications is a government requirement and thus now a contractual necessity.