OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tony Howlett (thowlett@netsecuritysvcs.com)
Date: Mon Dec 10 2001 - 11:27:43 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    At 08:42 PM 12/8/2001 +0600, you wrote:
    >I want to take the CISSP exam and need some opinions. First, my background -
    >
    >I will be passing my Bachelors in Business Administration in three months
    >and no longer want to be with the B-Schools. They suck. Anyhow, I've been
    >with the security industry (a field that I've come to love since then) for
    >about 1 1/2 years. I know the basics of everything (win, linux, crypto and
    >what-not). For I want a prompt access to the security industry, I want
    >CISSP badly.
    >
    >I want to know if it's possible to get the certification for people like
    >me who don't have any real life working experience but knows a load about
    >network security industry as a whole. Is it possible to pass the exam only
    >by reading the books and not-having any real life experiance?

    The CISSP credential requires 3 years job experience so based on the
    information above you would yet qualify to take the exam. However they do
    offer a lesser credential, the SSCP which only requires 1 year experience
    and is an easier exam. If the 1.5 years you mention above is actual job
    experience (they require it to be full time infosec experience, not for
    example, a sys admin who did some security stuff) then you could take the
    SSCP exam.

    The reasoning behind this is obvious. No book can teach you all you need
    to be an infosec professional. They are great for preparation and a good
    foundation to understand things but nothing beats real world
    experience. Having just taken the test, i can attest to the fact that no
    one book (or series of books) is enough to prepare you for the test.

    If you are looking for a security credential that doesnt require time in
    the job, check out SANS and their GIAC credential. I took their GCIA and
    found it to be excellent. But its no cake walk either, you have to write a
    research paper in addition to the test. But its focus is more practical
    and would set you up for an entry level infosec position verus the CISSP
    which is aimed more at management.

    Good Luck!