Security Basics mailing list archives

RE: need some advice please (rather long read)

From: "David Harley" <david.a.harley () gmail com>
Date: Sat, 25 Aug 2007 13:07:04 +0100

Hi, Matt.

 My goal of course is CISSP

but I don't feel that my experience would fit the criteria 
because even though I did security related jobs it was not in 
my "job title"


It's not the job title so much, but the full requirements for certification
are quite complex and demanding. See
https://www.isc2.org/cgi-bin/content.cgi?category=1186, though you really
need to look over the whole part of the site regarding the cert and contact
them directly if you're still not sure whether you qualify.

"Valid experience includes information systems (IS) security-related work
performed as a practitioner, auditor, consultant, investigator or
instructor, that requires IS security knowledge and involves the direct
application of that knowledge. The four years of experience must be the
equivalent of actual fulltime IS security work (not just IS security
responsibilities for a four year* period); this requirement is cumulative,
however, and may have been accrued over a much longer period of time."

I may be wrong about this and it would be 
great if somebody who is a CISSP or knows these kinds of 
things could take the some time to look at my resume and give 
me some advice.


I can't speak for (ISC)2, and I don't know how long your work has included
some security content, so the advice I can give you is limited, but it
sounds to me as if you have a range of practical experience but probably not
enough, or specific enough, for CISSP. In fact, a lot of the "big gun" certs
have a bias towards management experience which you may not have. You have
several options:
* look at SSCP, for which the experience requirements are less onerous, but
still shows a decent baselevel knowledge and (most importantly) intent to
keep progressing
* look at associate membership, which is for people who've passed the CISSP
or SSCP exam but don't yet have the experience for the full cert
(https://www.isc2.org/cgi-bin/content.cgi?category=1334)
* look at other certs (obviously, you already have). I'm not the person to
tell you about the full range of security certs available, but one option is
to pick an area you're particularly interested in and try for a cert (GSEC,
for example) in that area. You obviously have lots of hands-on experience,
some of it definitely in security: maybe it would be worth focusing on a
hands-on certification? Even if you were looking for something more
managerial in the longer term, a hands-on cert wouldn't be wasted. 

HTH.

-- 
David Harley CISSP
http://www.smallblue-greenworld.co.uk

Current thread:

need some advice please (rather long read) Matt (Aug 24)
- Re: need some advice please (rather long read) Isaac Perez Moncho (Aug 27)
- RE: need some advice please (rather long read) David Harley (Aug 27)