I'm now embarking on my CISSP CERTIFICATION journey and I've decided to go in for CompTia Security+ CERTIFICATION first in order to understand the basic concepts of security and work with it for more experience. Any recommendations please.
Thanks for the reminder ITGuy. I viewed Prof Messer Security+ information a view months ago and forgot about it.
The best instructor I've found so far, for both test topics and real world advice, is Mike Chapple on Lynda.com. Start with Insights from a Cybersecurity Professional, then move on to his Security+ Series and finally, his CISSP series. I have free access to Lynda through my employer, but if you don't and have the time and discipline, you can get the free 30 day trial and get through all the videos, saving your CISSP notes for when you're ready.
Another thing you can do is introduce yourself to the information security department and your own employer and those of friends and family. I guarantee the majority of them will offer help, to borrow books, study notes, give you a mock interview (or a real interview once you're ready).
I'd also recommend getting some general background info across all areas of IT. Pick up an introductory book on Python. It's a clean, simple language to learn and a lot of security tools are written in that language. Get Wireshark and capture packets on your own machine. Set up a VM environment for Kali Linux and Metasploitable (both free) and follow some labs. Make sure you read the instructions about how to set up the networking for the VMs so you don't accidentally use the Kali tools on the open network.
The most important advice is to learn something every day. Even if you spend only 15 minutes, keep the incremental progress going.
If you don't want a career in security, don't waste your time and money on a CISSP. The CompTIA Security+ is more than you'll need. Focus on project management and compliance. Project management will give you skills you'll use throughout your career. Compliance will make you an asset to your team on Day 1, especially with GDPR right around the corner.
The bigger question is: what do you want to do with your career? Are you new to the field? If so, find a path you like and get better acquainted with it. Networking? Network+, CCNA, JNCIA are all great. Development? Forget certs. Nobody uses them. Make projects that show you can do testing and documentation. Ops? Grab a VMWare and Microsoft cert. Even if it's security, the CISSP is what you get after a few years in the industry. I actually would find it a terrible way to enter the market.
Though I've been a system engineer doing networks for a couple decades, I never had to time to get a cert. CISSP was my first one. I took a boot camp, studied hard during it (just do everything the instructor says), then waited a couple months to take the exam (usually not a good idea)... and still passed first time around.
But when they say it is a "mile wide and an inch deep", that's about the gist of it. There are ten domains of knowledge, half of which relate to IT or software... meaning the rest of them do not pertain to "IT security", basically. So certainly work on the COMPTIA cert, too (you will gain more in-depth knowledge), just be aware that you'd have about half of the CISSP domains covered. If you have the budget, I'd go with a bootcamp for CISSP training.