cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor III

Welcome one and all! Why CISSP?

When I first heard of CISSP  - many years ago it seems - I said to myself - there is no way I could  achieve something like that.

 

The infosec people I knew were highly skilled in arcane bits of network wizardry. They ate bytecode for breakfast; Slacked off by building Slack; and knew more rules and regs that I could shake a stick at.

 

In the IT Pantheon, they were enshrined. 

 

But I learned more about the work they do, and I knew I shared their interests. I was all about confidentiality, integrity and availability.

 

I was a budding CISSP, but I didn't even know it.

 

So how about you and your journey? When did you decide you had the chops to go for CISSP?

 

Whether you are a complete neophyte or a seasoned veteran, there is room to learn and grow, fail and succeed.

 

When did you start, where are you now, where are you going?

 

Best!

8 Replies
Defender I

Re: Welcome one and all! Why CISSP?

> j_M007 (Contributor I) posted a new topic in Welcome on 08-13-2018 04:24 AM in

> When I first heard of CISSP  - many years ago it seems - I said to myself -
> there is no way I could  achieve something like that.   The infosec people I
> knew were highly skilled in arcane bits of network wizardry.

When I first heard of CISSP, there was no CISSP. I was researching computer
viruses, and other malware on the side. In the course of my research, I came
across some queries by a group of people who were talking about trying to put
together questions for an exam to try and determine whether people who talked
about computer security knew what they were talking about. (It was still computer
security back then, information security was still in the future.)

I thought about sending in some questions relating to viruses. But I held off
because of two factors. One was that the computer security people wouldn't let
me speak at conferences. In their view, virsues weren't an issue because they didn't
affect mainframes. (They did, but most people didn't know anything about viruses
back then.)

> They ate bytecode
> for breakfast; Slacked off by building Slack; and knew more rules and regs that
> I could shake a stick at.   In the IT Pantheon, they were enshrined.

The second factor was that I was researching in a field where, at the time, I was
one of only about a hundred people who knew the topic. They were the enshrined
among the enshrined, and I was comparing myself to them.

(Bytecode hadn't been invented: if you didn't program down to the metal, you
were nobody. This is the time when "Real programmers use 'copy con prog.exe'"
wasn't actually a joke yet. I remember a conversation (via email) with one, and I
mentioned programs that used only printable characters. He said that was
impossible, and I sent him an example. Two weeks later he had produced one that
did a little graphical Christmas card. These guys were impressive.)

Anyway, I decided against sending in questions. I probably should have gotten
involved at that point. They later formed ISC2: I went on to do other things.

>    But I
> learned more about the work they do, and I knew I shared their interests. I was
> all about confidentiality, integrity and availability.

Part of what I did was reviewing a whole bunch of security software, and later
security books and literature:
http://victoria.tc.ca/int-grps/books/techrev/mnbksc.htm

As well as other technical leterature:
http://victoria.tc.ca/int-grps/books/techrev/mnbk.htm

I was also doing a lot of security consulting, and, eventually, figured I should take
the test they had, by now, developed and perfected, to see if *I* knew what I was
talking about when I talked about security.

>   I was a budding CISSP,
> but I didn't even know it.

When I actually sat the test, I found that all the virus research had been pretty
good prep. So had the book reviewing.

>   So how about you and your journey? When did you
> decide you had the chops to go for CISSP?

After I passed.

>   Whether you are a complete neophyte
> or a seasoned veteran, there is room to learn and grow, fail and succeed.  

Amen. Life long learning. One of the reason I love this field!

> When did you start, where are you now, where are you going?

Who knows? I never wanted to be a security maven.

I wanted to be .... a lumberjack! [cure chorus of Mounties in the background]

(Actually, I *have* been a lumberjack, and I *do* live in BC, so ...)

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
http://www.infosecbc.org/links http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Contributor II

Re: Welcome one and all! Why CISSP?

My journey started in 1979 when I discovered my first catastrophic COBOL bug and I was hooked on securing software, later systems and enterprises in general. Problem back then you would have had a very difficult time working in InfoSec. This lasted until the very late 90s when pebbles became an avalanche of security awareness. 

 

I first completed the CISSP when I worked for a organization I felt I would never leave, allowed my CISSP to lapse for a few years only to find I needed the cert to clear certain HR filters so I studied up for a month, taking the exam again on paper and continued on. Now facing my fourth or fifth (depending on how you count these) renewal I am continually both fascinated and frustrated by the field. If your comfortable with a high degree of constant learning this is the place for you.

 

Not bored yet.

 

B/Eads

Advocate I

Re: Welcome one and all! Why CISSP?

My journey commenced in the early 80's, after my first posting overseas to Iraq during the original Iraq/Iran war, where I was stationed in Baghdad for two years.   I was a member of Her Majesty's Foreign & Commonwealth Office, where I learnt and experienced my craft from the outset of my career.    After 20 years of Civil Service existence, I went into the Private Sector.  At that point, this is when I realised going out in the open, I needed credentials, so I opted for the CISSP, which grounded my years of understanding and focused my attention.  I certainly needed the ethics and code of practice after being virtually hidden for many years in various places. Since then I migrated to New Zealand, and the CISSP certification was definitely recognised as a door opener and an essential set of credentials for employment purposes.

 

Regards

 

Caute_cautim

 

 

Contributor III

Re: Welcome one and all! Why CISSP?

Cool. Her Majesty's Civil Service - Kiwi style. Very interesting trajectory. ;-) NZ, AUS, Canada, UK, USA, the so-called five eyes.

 

FVEY may have been shaken, but not stirred. 

 

Regards.

Newcomer III

Re: Welcome one and all! Why CISSP?

Compared to many replies here, I am a serious newbie, having been certified in 2017.  I worked in wireless telco for almost 20 years, and saw the rise of data as a wireless service through 5 technology generations (I was out before 5G, my first one didn't ever get a number)  As ti grew, the security growth was fascinating,and I amdeit part of my job to analyze what was going on and feed back to other teams.  We were on the front edge of the technology all the time, there were no seasoned experts, we had to apply what we could and make it up.  Leaving that business, I had an opportunity to take a job where Security was part of the official title, and pursued CISSP as a way to both prove some level of knowledge, and to help me fill out my very incomplete education.  I find that in self educated and experience based expertise, you may have some blind spots you aren't aware of, simply because you haven't run into them.  One of the benefits of a broad based cert like CISSP is that it takes you down into the corners to show you what you don't know, but might need.

 

In the end, I pursued and got my CISSP to prove I was interested in, and capable of, this field full time, to move from a network/wireless engineer to cybersecurity, and have been able to do so.  I look forward to becoming one of the old guys in this field/ (already working on the old..)

 

Advocate I

Re: Welcome one and all! Why CISSP?

@mgormanCongratulations, we can hardly call you a Newcomer, given your 20 years of experience!   Welcome to the dynamic group, who will assist, challenge and support you throughout your journey.

 

Best regards

 

Caute_cautim

Defender I

Re: Welcome one and all! Why CISSP?

> mgorman (Newcomer I) posted a new reply in Welcome on 01-03-2019 10:36 AM in the

> Compared to many replies here, I am a serious newbie, having been certified in
> 2017.

Around here, that practically qualifies you for Greybeard status ...

>  I worked in wireless telco for almost 20 years, and saw the rise of data
> as a wireless service through 5 technology generations (I was out before 5G, my
> first one didn't ever get a number)  As ti grew, the security growth was
> fascinating,and I amdeit part of my job to analyze what was going on and feed
> back to other teams.  We were on the front edge of the technology all the time,
> there were no seasoned experts, we had to apply what we could and make it up.

Been there ...
 
> Leaving that business, I had an opportunity to take a job where Security was
> part of the official title, and pursued CISSP as a way to both prove some level
> of knowledge, and to help me fill out my very incomplete education.  I find
> that in self educated and experience based expertise, you may have some blind
> spots you aren't aware of, simply because you haven't run into them.

You have lots of company ...

>  One of
> the benefits of a broad based cert like CISSP is that it takes you down into the
> corners to show you what you don't know, but might need.   In the end, I
> pursued and got my CISSP to prove I was interested in, and capable of, this
> field full time, to move from a network/wireless engineer to cybersecurity, and
> have been able to do so.

Welcome.  We need all the help we can get.

>  I look forward to becoming one of the old guys in
> this field/ (already working on the old..)

In order to advance, you might want to check out the CISSPforum, were some of
the *real* old-timers hang out ...
bit.ly/CISSPforum
http://www.noticebored.com/html/cisspforumfaq.html


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Newcomer III

Re: Welcome one and all! Why CISSP?

I started off on the path.  Joined the Army at 17 and was in INFOSEC.