Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: need some advice please (rather long read)

from [David Harley] Network Security [Permanent Link]
Subject: RE: need some advice please (rather long read)
Date: Sat, 25 Aug 2007 13:07:04 +0100 
Hi, Matt.



 My goal of course is CISSP 

but I don't feel that my experience would fit the criteria 
because even though I did security related jobs it was not in 
my "job title"


It's not the job title so much, but the full requirements for certification
are quite complex and demanding. See
https://www.isc2.org/cgi-bin/content.cgi?category=1186, though you really
need to look over the whole part of the site regarding the cert and contact
them directly if you're still not sure whether you qualify.

"Valid experience includes information systems (IS) security-related work
performed as a practitioner, auditor, consultant, investigator or
instructor, that requires IS security knowledge and involves the direct
application of that knowledge. The four years of experience must be the
equivalent of actual fulltime IS security work (not just IS security
responsibilities for a four year* period); this requirement is cumulative,
however, and may have been accrued over a much longer period of time."


I may be wrong about this and it would be 
great if somebody who is a CISSP or knows these kinds of 
things could take the some time to look at my resume and give 
me some advice.


I can't speak for (ISC)2, and I don't know how long your work has included
some security content, so the advice I can give you is limited, but it
sounds to me as if you have a range of practical experience but probably not
enough, or specific enough, for CISSP. In fact, a lot of the "big gun" certs
have a bias towards management experience which you may not have. You have
several options:
* look at SSCP, for which the experience requirements are less onerous, but
still shows a decent baselevel knowledge and (most importantly) intent to
keep progressing
* look at associate membership, which is for people who've passed the CISSP
or SSCP exam but don't yet have the experience for the full cert
(https://www.isc2.org/cgi-bin/content.cgi?category=1334)
* look at other certs (obviously, you already have). I'm not the person to
tell you about the full range of security certs available, but one option is
to pick an area you're particularly interested in and try for a cert (GSEC,
for example) in that area. You obviously have lots of hands-on experience,
some of it definitely in security: maybe it would be worth focusing on a
hands-on certification? Even if you were looking for something more
managerial in the longer term, a hands-on cert wouldn't be wasted. 

HTH.

-- 
David Harley CISSP
http://www.smallblue-greenworld.co.uk
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: need some advice please (rather long read), Isaac Perez Moncho
Next by Date:  Re: Find policies applied to an AD computer, Dummy cerberus
Previous by Thread:  Re: need some advice please (rather long read), Isaac Perez Moncho
Next by Thread:  Need help with iptables, farhod
Indexes:  [Date] [Thread] [Top] [All Lists]