Security Basics mailing list archives
RE: need some advice please (rather long read)
From: "David Harley" <david.a.harley () gmail com>
Date: Sat, 25 Aug 2007 13:07:04 +0100
Hi, Matt.
My goal of course is CISSP
but I don't feel that my experience would fit the criteria because even though I did security related jobs it was not in my "job title"
It's not the job title so much, but the full requirements for certification are quite complex and demanding. See https://www.isc2.org/cgi-bin/content.cgi?category=1186, though you really need to look over the whole part of the site regarding the cert and contact them directly if you're still not sure whether you qualify. "Valid experience includes information systems (IS) security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires IS security knowledge and involves the direct application of that knowledge. The four years of experience must be the equivalent of actual fulltime IS security work (not just IS security responsibilities for a four year* period); this requirement is cumulative, however, and may have been accrued over a much longer period of time."
I may be wrong about this and it would be great if somebody who is a CISSP or knows these kinds of things could take the some time to look at my resume and give me some advice.
I can't speak for (ISC)2, and I don't know how long your work has included some security content, so the advice I can give you is limited, but it sounds to me as if you have a range of practical experience but probably not enough, or specific enough, for CISSP. In fact, a lot of the "big gun" certs have a bias towards management experience which you may not have. You have several options: * look at SSCP, for which the experience requirements are less onerous, but still shows a decent baselevel knowledge and (most importantly) intent to keep progressing * look at associate membership, which is for people who've passed the CISSP or SSCP exam but don't yet have the experience for the full cert (https://www.isc2.org/cgi-bin/content.cgi?category=1334) * look at other certs (obviously, you already have). I'm not the person to tell you about the full range of security certs available, but one option is to pick an area you're particularly interested in and try for a cert (GSEC, for example) in that area. You obviously have lots of hands-on experience, some of it definitely in security: maybe it would be worth focusing on a hands-on certification? Even if you were looking for something more managerial in the longer term, a hands-on cert wouldn't be wasted. HTH. -- David Harley CISSP http://www.smallblue-greenworld.co.uk
Current thread:
- need some advice please (rather long read) Matt (Aug 24)
- Re: need some advice please (rather long read) Isaac Perez Moncho (Aug 27)
- RE: need some advice please (rather long read) David Harley (Aug 27)