cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Roger
Newcomer III

Getting CISSP Certified

I'm now embarking on my CISSP CERTIFICATION journey and I've decided to go in for CompTia Security+ CERTIFICATION first in order to understand the basic concepts of security and work with it for more experience. Any recommendations please.

16 Replies
rjaldins
Viewer III

you better start soon , remember SY O41 will end on July 2018 , i recomended prepare for SY 051 , 🙂 good Luck !!!
Roger
Newcomer III

Exactly what I was thinking.........
bwalker
Viewer II

Thanks for the reminder ITGuy.  I viewed Prof Messer Security+ information a view months ago and forgot about it.

lorcan
Viewer

The best instructor I've found so far, for both test topics and real world advice, is Mike Chapple on Lynda.com. Start with Insights from a Cybersecurity Professional, then move on to his Security+ Series and finally, his CISSP series. I have free access to Lynda through my employer, but if you don't and have the time and discipline, you can get the free 30 day trial and get through all the videos, saving your CISSP notes for when you're ready. 

 

Another thing you can do is introduce yourself to the information security department and your own employer and those of friends and family. I guarantee the majority of them will offer help, to borrow books, study notes, give you a mock interview (or a real interview once you're ready). 

 

I'd also recommend getting some general background info across all areas of IT. Pick up an introductory book on Python. It's a clean, simple language to learn and a lot of security tools are written in that language. Get Wireshark and capture packets on your own machine. Set up a VM environment for Kali Linux and Metasploitable (both free) and follow some labs. Make sure you read the instructions about how to set up the networking for the VMs so you don't accidentally use the Kali tools on the open network. 

 

The most important advice is to learn something every day. Even if you spend only 15 minutes, keep the incremental progress going. 

 

-Paul

Kbarrack
Viewer

The primary difference Between the CISSP and Security+ Exams is scope. Security Plus is a yard wide and 200 yards deep. CISSP is 20 yards wide and 50 yards deep. Also, Security+ asks questions on topics that are outdated and there are usually a couple of questions, the answers to which, that cannot be found in any known literature. My advice is to get practice exams and go though then until you are confident in the material.
John
Newcomer III

If you don't want a career in security, don't waste your time and money on a CISSP.  The CompTIA Security+ is more than you'll need.  Focus on project management and compliance.  Project management will give you skills you'll use throughout your career.  Compliance will make you an asset to your team on Day 1, especially with GDPR right around the corner.

 

The bigger question is:  what do you want to do with your career?  Are you new to the field?  If so, find a path you like and get better acquainted with it.  Networking?  Network+, CCNA, JNCIA are all great.  Development?  Forget certs.  Nobody uses them.  Make projects that show you can do testing and documentation.  Ops?  Grab a VMWare and Microsoft cert.  Even if it's security, the CISSP is what you get after a few years in the industry.  I actually would find it a terrible way to enter the market.

---
You only say it's impossible because nobody's done it and lived.
dbohlmann
Newcomer I

Though I've been a system engineer doing networks for a couple decades, I never had to time to get a cert.  CISSP was my first one.  I took a boot camp, studied hard during it (just do everything the instructor says), then waited a couple months to take the exam (usually not a good idea)... and still passed first time around.

But when they say it is a "mile wide and an inch deep", that's about the gist of it.  There are ten domains of knowledge, half of which relate to IT or software... meaning the rest of them do not pertain to "IT security", basically.  So certainly work on the COMPTIA cert, too (you will gain more in-depth knowledge), just be aware that you'd have about half of the CISSP domains covered.  If you have the budget, I'd go with a bootcamp for CISSP training.