If you have CompTia Security+ Certificate and had worked with it for 6 years, do you stand the chance to get the CISSP Certificate? And then again is it necessary to have CompTia Security+ Certificate before embarking on your CISSP CERTIFICATION journey?
I do not have a Security+ cert. That didn't stop me from getting my CISSP. What I did have, though, was a ton of experience in the industry. I still studied like crazy for a few weeks and did the 1 week seminar before taking my exam.
What you'll want is experience. If your 6 years experience is at least partially full-time in security, study up and go for it. Otherwise, wait a bit.
I hear a lot of people complaining the can't get a CISSP without having infosec experience, then complain about not being able to get an infosec job without the CISSP. Well, that's just the nature of infosec. Even though the industry is desperate for workers, the nature of the job is sensitive, so it's hard to find people with talent, desire, and trustworthiness. The CISSP gets rid of a few obstacles, simply because it's a royal PITA to get and cert holders must have verifiable work experience in the field.
The best way into information security isn't a certification. The best way is to get a job doing what you're good at, then making a lateral move. So let's say you're a network guy, ask to work with routing and firewalls. Boom, security. Programmer? I'd put money on your department head being only too happy to put you on testing, compliance, and documentation. Now you're an appsecdev.
If you are in IT you may find that there are some security jobs that are going undone. Ask your boss if you can do those or mentor/pair with the security people in your organization. Setting up your own personal lab for security helps a lot too, in order to get some experience with the security tools.
When I got my CISSP my organization sent us through Security+ then Network+ before we were allowed to go to a bootcamp for the CISSP. I think the study in those base certs helped, so getting the Security+ can't hurt. I studied pretty hard for a year before I took the CISSP. I took the Gold book with me everywhere. You may find that other books are more to your liking. The key would be to find the resource that works for you. If you can find a library that has a subscription to Safari Books Online you can test drive the different books until you find one you like and purchase it.
Doing a bootcamp can be very beneficial. I recommend taking the exam/bootcamp together if you can. The people who I know that attended a bootcamp and then waited to take the exam, did not do so well and a higher number of them failed the exam.
Study hard, study long and then go take the test. Another thing that may help too is to go ahead and pick a date and register for the exam. Doing this will force you to spend time studying and preparing for the exam, otherwise life has a way of distracting you. When you set a goal and a date for the exam, you will become more determined and have a better chance at passing.
Roger,
First, to answer your question, No specific certifications are required to sit for the CISSP exam, other than five years of experience. Your Certification selections ride on your personal goals and objectives. A key component is that you must have some level of passion for this effort of work. Never make it about the money or status, it indeed is about your affection for the vocation, if you have a keen desire for knowledge and is enthuses about this type of work than you can accomplish the CISSP and anything else because you are hungry for it. It is said that one who is knowledgeable in English and word descriptions can take the CISSP exam with little effort and pass, while folks with 20 or more years of experience may have a difficult time achieving it. Most security professionals with ten+ years in the industry are told to forget everything they know when preparing for the CISSP exam.
Best Wishes ...
The CISSP used to consists of ten domains now eight domains. You can take a combination of experience from any of those areas and sum up five years. If you are new to this vocation with little to no experience, I would suggest taking a free course related to any area of the CBK (Common Body of Knowledge) and select something that you have a keen interest in therefore you will learn and enjoy what you are learning. Look for volunteer work in any of those eight domains also known as the (CBK) and grow your experience. You can also acquire a degree in any of the areas, and that counts for 2 or 3 years toward the five years requirement, I believe.
The eight domains cover a lot of the workforce so you may have five years’ worth of knowledge and need to organize your experience better.
I second the comment about the bootcamp. ISC2 uses trainingcamp.com. I went to Bushkill for the 1 week training camp, then came home and tested the next day. Keeping it fresh in your memory is the key...
Certified Information Systems Security Professional (CISSP) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².