CISSP among highest paying certifications

[Spyrus]

So MsM what books or resources could you point me toward if I wish to acquire my CISSP? Not knowing my skill set lets say my knowledge is in the mid range, I by no means consider my self in the professional stand point or would I claim to be able to go into a job and perform the needs of a sr network analyst more of a jr or jr jr But its more I want to pick up and this seems like a great cert that has been recommended to me by multiple ppl.... figure its time I put my brain to some form of use.

[MrLinus]

Hrmm... let's see what I used..

Process of Network Security, The: Designing and Managing a Safe Network by Thomas A. Wadlow

Information Security Management Handbook (3rd, 4th and 5th Editions) by Tipton and Krause

TCP/IP Illustrated by Stevens

The CERT Guide to System and Network Security Practices by Allen

Network Intrusion Detection by Stephen Northcutt et al.

Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems by Stephen Northcutt et al.

Computer Forensics: Incident Response Essentials by Warren G. Kruse, Jay G. Heiser

Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick et al

Information Warfare and Security by Denning

Computer Security Handbook, 4th Edition by Seymour Bosworth, M. E. Kabay

Writing Information Security Policies by Scott Barman

The Cuckoo's Egg by Cliff Stoll

Hack Attacks Encyclopedia: A Complete History of Hacks, Cracks, Phreaks, and Spies Over Time
by John Chirillo

Practical Unix & Internet Security by Simson Garfinkel and Gene Spafford

The Code Book by Simon Singh

Security Warrior by Cyrus Peikari, Anton Chuvakin

Managing Security with Snort and IDS Tools by Cox and Gerg

Intrusion Detection with Snort by Rehman

Hacking by Jon Erickson

Hacking Exposed

Linux Server Security by Michael Bauer

Anything at the SANS Reading Room

Joined Yahoo mailing list of other "CISSP elects" to ask questions of others.

Articles in Sys Admin Magazine

Cert Specific Stuff:

All-in-One CISSP by Shon Harris
Office ISC Guide to CISSP by ISC(2)
The CISSP Prep Guide, 2nd Edition by Krutz
CCCure Website (free testing engine)

Add to all of that spending time doing internal pen tests (simple ones) on the company I used to admin at plus create their security policy and create an "abuse lab" at home... pretty much is what I used.

Did about 18 months of study on and off (more on for the last 6 months) prior to writing the exam itself.

Does that help?

[sysmin770]

Originally posted here by Spyrus
what books or resources could you point me toward if I wish to acquire my CISSP?

Don't study from just one source. The CISSP is a very broad range certification and covers many different areas. You will fare better if you study from multiple sources. Even though I have not used it the official ISC2 CISSP study guide would be something I would recommend. A personal favorite of mine is the CISSP All-In-One by Shon Harris. It is a very good book with a companion CD and a lot of test questions. I would also recommend using study exams. The ones from Boson were actually pretty cool. The Prep-Logic exam sucked, and sadly enough so did the Transcender. I was very surprised to see how many questions the Transcender was actually having wrong. Even though I never used it you might want to check out www.cccure.org

Good luck on your studying. Take a deep breath when you sit down to take the test and expect to see questions you didn't study for. It is inevitable.

[MrLinus]

Good luck on your studying. Take a deep breath when you sit down to take the test and expect to see questions you didn't study for. It is inevitable.

And, just as importantly, read the questions carefully (you actually have more than enough time). I had some recent students go and write it recently (and pass!). They commented on the fact that they were glad they reviewed their questions because they missed a few of the "NOT" or "Except" type questions. (you're mind interprets the question as to what it thinks is there rather than what is there).

[Jebo Majku]

Originally posted here by rapier57
I'm beginning to think that a qualified, experienced person (with certs, mind you) having trouble getting hired is largely due to the HR community. Most couldn't write a correct and appropriate job recruitement notice to save their lives. They won't respond to your application unless you are called for an interview. They put requirements for certs like CISSP and CISA on entry level positions or basic packet sniffer duty jobs. Of course, management of the companies behind those HR people are providing the direction and requirements. Heck, I recently laughed at one recruitment announcement that required 5 years experience in SOX 404.

Kinda reminds me of one position announcement that required 5 years of experience in Windows 95--this was published two months after the release of Win95.

I stopped follwing the "whats hot now" lists of cert sites long time ago. i do certs that tweak my interest & fancy. keeps me fresh and motivated.

I am aiming for all the LPI certs and Novells SuSE certs in near future because I like to goof around with linux distros.

[Jebo Majku]

Originally posted here by Spyrus
So MsM what books or resources could you point me toward if I wish to acquire my CISSP? Not knowing my skill set lets say my knowledge is in the mid range, I by no means consider my self in the professional stand point or would I claim to be able to go into a job and perform the needs of a sr network analyst more of a jr or jr jr But its more I want to pick up and this seems like a great cert that has been recommended to me by multiple ppl.... figure its time I put my brain to some form of use.

here's another.

take a break from using torrent to download vin deisel movies and porno and look up cissp educational materials. there are sites that have the full CD study pack of all the CBK's.

[zencoder]

Originally posted here by Jebo Majku
I stopped follwing the "whats hot now" lists of cert sites long time ago. i do certs that tweak my interest & fancy. keeps me fresh and motivated.

That is by far one of the best statements I've ever heard about certifications. I have some friends (let's call them the unwashed open source zealots) who scoff and drip derision on me when I discuss certifications...and then get all pissed off when I tell them about my job offers, and how I travel 1/3 of the time and work from home the rest. They get jealous and act like I am undeserving, but they won't do anything to prove they have skills or abilities that are note worthy. They take this "I've been kernel hacking for years, screw you and your 'Linux Certification'" attitude, and then get upset when they don't get selected for Linux specific jobs.

Certifications are NOT the end-all-come-all of a candidates worth...but coupled with experience, they can create an 'acceptable' or even 'exceptional' candidate from a marginal one. I have landed several positions not based on my experience directly with the subject matter, but with my experience in related fields, my certifications, and my proven ability to learn and improve in the necessary areas.

Unfortunately, a hiring manager or supervisor (who may just have a clue) is going to value someone much differently than an HR nazi with a job description and a list of duties. Those people tend to be more impressed with cert's and your ability to correctly answer their scripted Q&A's. They may not recognize that your 3 years of Helpdesk and Tier 2 support work makes you a great candidate for Frontline SysAdmin work, but since you don't have any cert's and no real keyboard time with Unix admin, you are completely unacceptable.

I think the key is to not overemphasize certifications. They have their value, but you can waste a lot of time and money at the boot camp, and see no real benefit.

[Goz]

Exactly. I started studying my first MCSE years 8 years ago, found the Networking Essentials core and TCP/IP elective most to my liking, and really always enjoyed palying with and implementing networking related technologies like VPN's and WAN's.

From there I decided I wanted to take the networking further and when down the Cisco cert path.

And if you get in to networking seriously I think it's almost impossible in this day and age not to have one eye on security. It's a requirement of every network design and you will almost always have to do some NAT, traverse firewalls and/or configure encryption etc during anything above basic LAN administration.

So now I find myself with 1 CCSP exam of 5 done, 4 to go because it's the way my career is going and it is what most lifts my frock about my profession.

Maybe CISSP next year...

[KuiXing-2005]

Being a late bloomer in all things - including education and certs, I believe in finding out what I can before I hit anything.

Case in point, when I first got into security - I wanted to get my CISSP right away - because, well I guess just becuase, I mean it "certified" that I knew something right? Well already being a part of a corporation entity meant that for this particular organization they could give a frell if I had a cert or not - what they wanted was me to get the job done while learning along the way. They also said that "If we wanted a CISSP person, we would just hire them, not send your dumba** to class." Well maybe not that last part. That also applied for getting an MBA - they would rather hire an MBA than pay for me to get one - maybe if I was a model employee that would change - yeah that's the ticket!

So that was an eyeopener for me. They encouraged me instead to go for my Masters degree, which I did (not an MBA tho - yes it is weird) - and now I want another degree (it happened - I'm addicted to education - and I will get an MBA! Now it's just because - yes lame). So now, having switch jobs (to Auditing), I have been infected yet again to go for some certs. Based on the job and what they will pay for now, I need to go for the CISA first. Here are the requirements to qualify for the CISA:

http://www.isaca.org/Content/Navigat...tification.htm

Now those of you with many certs following your name - which have helped you - in terms of bling and actual learning - for your career in IT or security related positions? CISSP, CISA, CIA, CISM, others?

Also - side note - having been a part of this community for a short time - I realized just how much I have to learn and/or how deep my lack grasping technical concepts go and that formal education and practical application with a goal in mind, seems to be the only way this stuff sticks for me. I continually am amazed at the technical know-how that exists in this community - example the tutorials section - amazing.

MSM - I take it you teach a class for taking the CISSP? Is the class online per chance?

TIA.

[MrLinus]

MSM - I take it you teach a class for taking the CISSP? Is the class online per chance?

Nope. In person and over a few months. But I don't teach towards the exam per say. Rather I teach towards understanding security so that even if you don't take the exam, you'll be more aware and pay more attention to security (I've had a couple of students who took the course for that reason -- not interested in the exam but rather wanted to improve their awareness of security).