In your guys opinion is the cissp actually worth going for?
I have the option to go and atempt the test but i am uneasy as to if its actually worth my time and effort? Do you guys have any recomendations for security certifications?

I'd do it. Can't have too many certs.

me...i dunno...


but this guy didn't think so...

A Certified Waste of Time (http://online.securityfocus.com/columnists/67)

there are some comments at the bottom from people who disagreed...

yah....zigar i saw that report.....kind of where my unsureness comes into play...but korp is right cant have to many certs....

My point is simple. You might learn something new. That's worth it, isn't it? Having yet another peice of paper saying you are proficient in something isn't ever a bad thing...you know?

Absolutly Korp, I agree 150%.

"Can't have too many certs." True but keep in mind that you need some experience to go with your certs.

I have to agree with the author of that SF article, CISSP is just a waste of time, I've been thru their tests and I could simply become a CISSP, but it isn't worth it, it doesn't concentrate on anything specific and the amount of *new* knowledge in it could be gathered from daily PC mags.. Also, their curriculum is pretty gay, it doesn't show you the road to anything specific, like they got a Q that says..

The most important issue with distributed computing is...
a)security
2)sync
3)...
4)...

The correct answer <from their point of view> was a while in real life, there is no actual answer..

If my IDS blocks an intruder by adding an on-the-fly rule to the FW using SAMP, then the FWs don't sync, I would endup with nothing. He was blocked by 1 FW while he could pass thru another one simply.. :\

Nah, I wont take a CISSP, not specific, and doesn't actually deserve it, go get a real cert like the one of those GNU Linux certs or an ISS cert or -of course- a CCSE ;)

O, did I note that ppl that carry the CISSP think that they r Gods? they have to much self-confidence like *ahem* those that carry the MCSE....

etsh911

u should go for that it will really help u in future.
cos what i feel is if u have good basic foundation then only u can built a good building on that

rajdeep

Another option for a security cert would be the SSCP by (ISC)². They are the CISSP makers but the SSCP is geared towards the technical side of things rather then the management side, as the CISSP is. I took the beta for the SSCP and with only four years in the computer field I faired alright. SSCP covers 7 domains, where the CISSP has ten domains. Now don't let this mis-lead you because the 9 of the CISSP domains are condensed into the 7 of the domains in theSSCP.

Certifications are only worth something when it's related to your field, you continuously work on keeping the experience in said field up, and the certification program is updated to match technology and it's not something that can be cram-learned in 2 weeks, giving the whole program the whole 'paper MCSE' look. Go for it if you plan on using it extensively but if not, skip it. I can't stand people who take a bunch of shite and don't use it, but because they have it (or at least got it once) they think they're more knowledgeable than they really are.

Prime example: how many professionals at work do you see sign with glorious signatures? My work signature is the same as on here...about video games (Global Operations is out today!) whereas here's a signature of someone who sits in the same row:

K**** C*****
MCSE + I, MCDBA
Pre-Production
Team Lead for Unicenter Implementation

What that signature tells me is that she's not really that knowledgeable in anything she stated. And it's VERY easy to pick her apart as far as stuff is concerned.

bwahahaha vorlin!
you and your anti-MCSE self.

as for certs and their worth.....its just a piece of paper and how well you can take a test.
As mrwall said...its not anything you can't learn on the web or in a pc mag. The only worth they have in my opinion is for getting your foot in the door at a company. Then you better be prepared to back it up with some hardcore knowledge. if it relates to your job or one that you want to go for.. then go for it....it can't hurt anything...I know some places won't even look at your resume unless you look good on paper. If its just so you can have a fancy title or say to your friends that you are CISSP...then its not worth it.
just my 2 pennies

I'll kick in my 2 cents' worth here...

The "buzzword" for the IT industry for 2002 is "security." The CISSP is worthwhile if you are going to be responsible for/managing incident response, detection, system hardening, etc. If you wish to take the more technical route, then the other ISC cert may be worthwhile. MCSA? Trying to secure an OS that is by it's nature insecure? Good luck. TruSecure Corp just released a couple of them. Look into Cisco or Checkpoint if you want to take an active hands-on role in enterprise security.

The problem is this - While you may have the knowledge, experience, and initials after your signature...the HR Manager may have no clue what a CISSP, CCSA, or MCSA stands for or what it shows.

A case in point...a buddy of mine passed his CISSP about 9 months ago, but had no experience in building or installing hardware components. When it came time to secure the servers against future attacks - he had no experience to draw from. He was "downsized" about 2 months ago due to poor performance and budget cutbacks.

Having a paper certificate that identifies you as a "certified security professional" is a good thing - but what's better is being able to prove it when the stuff hits the fan.

bowlfreak
NT MCSE, Inet+, Net+

what about GIAC?

Certifications serve their purpose. With all the downsizing today it is invaluable. It shows a certain dedication to your field. I've had 4 managers in the last 4 months and 3 different job titles without changing jobs. New managers are often given a head count that they must meet. They are told, "ok you have 30 people under you now, pick 20 and get rid of 10." Without ever working with you or even knowing what you have done, are capable of, or how hard you work they are to decide who is going to make the team. It cannot hurt to have letters behind your name, regardless of what you know, in these increasingly common situations. We all know most IT managers couldn't tie thier own shoes without help or at least approval from higher up. You say you have the oppurtunity, I say, take it as long as it is on someone else's dime.