Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CISSP without experience

from [NetEng] Network Security [Permanent Link]
Subject: RE: CISSP without experience
Date: Tue, 15 Feb 2005 16:33:08 -0800 
 
The only issue with taking the certification without experience is that
questions asked on the exam rely on your experience as a Security
Administrator, with depth (four years).  Look at the CCNA and other
certifications that are now fairly devalued quite a bit (thankfully they
have been revamped), but overall the CISSP stands out for integrity and
above all experience in several domains of Information Security.  There is a
reason why the CISSP is one of the highest respected certifications in the
InfoSec arena.

How can you call yourself an ISO Information Security Officer and not have
the valuable experience required to handle such a position?  By doing so,
you could easily place your entire organization at risk because of your lack
of practical knowledge.

The best way to pass this exam is to STUDY.  To gain experience in InfoSec
means to work in a role such as a Network Engineer, or Systems Administrator
with Security as a "second" focus to give you the experience you need until
you can get promoted to InfoSec full time.  You will find that a majority of
the best ISO's have network, systems or even desktop services backgrounds on
their resume.  It is important as an ISO to understand all functions of
Information Technology (business flow) because of the recommendations for
security you will recommend and enforce!

InfoSec is a long journey and isn't meant for people who don't know or
understand even basic concepts of how to handle risk assessments, securing
of infrastructures, or incident handling etc.

When it comes down to it, knowledge and experience is going to be fully
required when there is a security incident - for which you won't be prepared
to handle.  During an interview with a real ISO, your weaknesses will be
discovered and your certification won't be worth the paper it is printed on,
such as a paper MCSE was back in the Dot.Com era.  During a technical
interview (which more and more companies are using to weed out less
qualified candidates), you will be tested and grilled on not just concepts -
but overall knowledge which could only have come from experience.
Therefore, memorization of the ten domains and questions/answers won't help
you at all.

Do the InfoSec industry a favor and please re-think your career choice.
There are many ways to get to InfoSec, but not any real short cuts.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CISSP without experience, Clement Dupuis
Next by Date:  Re: CISSP without experience, Times Enemy
Previous by Thread:  RE: CISSP without experience, Hardeep
Next by Thread:  RE: CISSP without experience, Andrew Shore
Indexes:  [Date] [Thread] [Top] [All Lists]