CISSP among highest paying certifications - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: CISSP among highest paying certifications

  1. #11
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    So MsM what books or resources could you point me toward if I wish to acquire my CISSP? Not knowing my skill set lets say my knowledge is in the mid range, I by no means consider my self in the professional stand point or would I claim to be able to go into a job and perform the needs of a sr network analyst more of a jr or jr jr But its more I want to pick up and this seems like a great cert that has been recommended to me by multiple ppl.... figure its time I put my brain to some form of use.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #12
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hrmm... let's see what I used..

    Process of Network Security, The: Designing and Managing a Safe Network by Thomas A. Wadlow

    Information Security Management Handbook (3rd, 4th and 5th Editions) by Tipton and Krause

    TCP/IP Illustrated by Stevens

    The CERT Guide to System and Network Security Practices by Allen

    Network Intrusion Detection by Stephen Northcutt et al.

    Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems by Stephen Northcutt et al.

    Computer Forensics: Incident Response Essentials by Warren G. Kruse, Jay G. Heiser

    Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick et al

    Information Warfare and Security by Denning

    Computer Security Handbook, 4th Edition by Seymour Bosworth, M. E. Kabay

    Writing Information Security Policies by Scott Barman

    The Cuckoo's Egg by Cliff Stoll

    Hack Attacks Encyclopedia: A Complete History of Hacks, Cracks, Phreaks, and Spies Over Time
    by John Chirillo

    Practical Unix & Internet Security by Simson Garfinkel and Gene Spafford

    The Code Book by Simon Singh

    Security Warrior by Cyrus Peikari, Anton Chuvakin

    Managing Security with Snort and IDS Tools by Cox and Gerg

    Intrusion Detection with Snort by Rehman

    Hacking by Jon Erickson

    Hacking Exposed

    Linux Server Security by Michael Bauer

    Anything at the SANS Reading Room

    Joined Yahoo mailing list of other "CISSP elects" to ask questions of others.

    Articles in Sys Admin Magazine

    Cert Specific Stuff:

    All-in-One CISSP by Shon Harris
    Office ISC Guide to CISSP by ISC(2)
    The CISSP Prep Guide, 2nd Edition by Krutz
    CCCure Website (free testing engine)
    Add to all of that spending time doing internal pen tests (simple ones) on the company I used to admin at plus create their security policy and create an "abuse lab" at home... pretty much is what I used.

    Did about 18 months of study on and off (more on for the last 6 months) prior to writing the exam itself.

    Does that help?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #13
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Originally posted here by Spyrus
    what books or resources could you point me toward if I wish to acquire my CISSP?
    Don't study from just one source. The CISSP is a very broad range certification and covers many different areas. You will fare better if you study from multiple sources. Even though I have not used it the official ISC2 CISSP study guide would be something I would recommend. A personal favorite of mine is the CISSP All-In-One by Shon Harris. It is a very good book with a companion CD and a lot of test questions. I would also recommend using study exams. The ones from Boson were actually pretty cool. The Prep-Logic exam sucked, and sadly enough so did the Transcender. I was very surprised to see how many questions the Transcender was actually having wrong. Even though I never used it you might want to check out www.cccure.org

    Good luck on your studying. Take a deep breath when you sit down to take the test and expect to see questions you didn't study for. It is inevitable.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  4. #14
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Good luck on your studying. Take a deep breath when you sit down to take the test and expect to see questions you didn't study for. It is inevitable.
    And, just as importantly, read the questions carefully (you actually have more than enough time). I had some recent students go and write it recently (and pass!). They commented on the fact that they were glad they reviewed their questions because they missed a few of the "NOT" or "Except" type questions. (you're mind interprets the question as to what it thinks is there rather than what is there).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #15
    Originally posted here by rapier57
    I'm beginning to think that a qualified, experienced person (with certs, mind you) having trouble getting hired is largely due to the HR community. Most couldn't write a correct and appropriate job recruitement notice to save their lives. They won't respond to your application unless you are called for an interview. They put requirements for certs like CISSP and CISA on entry level positions or basic packet sniffer duty jobs. Of course, management of the companies behind those HR people are providing the direction and requirements. Heck, I recently laughed at one recruitment announcement that required 5 years experience in SOX 404.

    Kinda reminds me of one position announcement that required 5 years of experience in Windows 95--this was published two months after the release of Win95.
    I stopped follwing the "whats hot now" lists of cert sites long time ago. i do certs that tweak my interest & fancy. keeps me fresh and motivated.

    I am aiming for all the LPI certs and Novells SuSE certs in near future because I like to goof around with linux distros.

  6. #16
    Originally posted here by Spyrus
    So MsM what books or resources could you point me toward if I wish to acquire my CISSP? Not knowing my skill set lets say my knowledge is in the mid range, I by no means consider my self in the professional stand point or would I claim to be able to go into a job and perform the needs of a sr network analyst more of a jr or jr jr But its more I want to pick up and this seems like a great cert that has been recommended to me by multiple ppl.... figure its time I put my brain to some form of use.
    here's another.

    take a break from using torrent to download vin deisel movies and porno and look up cissp educational materials. there are sites that have the full CD study pack of all the CBK's.

  7. #17
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by Jebo Majku
    I stopped follwing the "whats hot now" lists of cert sites long time ago. i do certs that tweak my interest & fancy. keeps me fresh and motivated.
    That is by far one of the best statements I've ever heard about certifications. I have some friends (let's call them the unwashed open source zealots) who scoff and drip derision on me when I discuss certifications...and then get all pissed off when I tell them about my job offers, and how I travel 1/3 of the time and work from home the rest. They get jealous and act like I am undeserving, but they won't do anything to prove they have skills or abilities that are note worthy. They take this "I've been kernel hacking for years, screw you and your 'Linux Certification'" attitude, and then get upset when they don't get selected for Linux specific jobs.

    Certifications are NOT the end-all-come-all of a candidates worth...but coupled with experience, they can create an 'acceptable' or even 'exceptional' candidate from a marginal one. I have landed several positions not based on my experience directly with the subject matter, but with my experience in related fields, my certifications, and my proven ability to learn and improve in the necessary areas.

    Unfortunately, a hiring manager or supervisor (who may just have a clue) is going to value someone much differently than an HR nazi with a job description and a list of duties. Those people tend to be more impressed with cert's and your ability to correctly answer their scripted Q&A's. They may not recognize that your 3 years of Helpdesk and Tier 2 support work makes you a great candidate for Frontline SysAdmin work, but since you don't have any cert's and no real keyboard time with Unix admin, you are completely unacceptable.

    I think the key is to not overemphasize certifications. They have their value, but you can waste a lot of time and money at the boot camp, and see no real benefit.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #18
    Junior Member
    Join Date
    Feb 2005
    Posts
    26
    Exactly. I started studying my first MCSE years 8 years ago, found the Networking Essentials core and TCP/IP elective most to my liking, and really always enjoyed palying with and implementing networking related technologies like VPN's and WAN's.

    From there I decided I wanted to take the networking further and when down the Cisco cert path.

    And if you get in to networking seriously I think it's almost impossible in this day and age not to have one eye on security. It's a requirement of every network design and you will almost always have to do some NAT, traverse firewalls and/or configure encryption etc during anything above basic LAN administration.

    So now I find myself with 1 CCSP exam of 5 done, 4 to go because it's the way my career is going and it is what most lifts my frock about my profession.

    Maybe CISSP next year...

  9. #19
    Senior Member
    Join Date
    Jan 2005
    Posts
    100
    Being a late bloomer in all things - including education and certs, I believe in finding out what I can before I hit anything.

    Case in point, when I first got into security - I wanted to get my CISSP right away - because, well I guess just becuase, I mean it "certified" that I knew something right? Well already being a part of a corporation entity meant that for this particular organization they could give a frell if I had a cert or not - what they wanted was me to get the job done while learning along the way. They also said that "If we wanted a CISSP person, we would just hire them, not send your dumba** to class." Well maybe not that last part. That also applied for getting an MBA - they would rather hire an MBA than pay for me to get one - maybe if I was a model employee that would change - yeah that's the ticket!

    So that was an eyeopener for me. They encouraged me instead to go for my Masters degree, which I did (not an MBA tho - yes it is weird) - and now I want another degree (it happened - I'm addicted to education - and I will get an MBA! Now it's just because - yes lame). So now, having switch jobs (to Auditing), I have been infected yet again to go for some certs. Based on the job and what they will pay for now, I need to go for the CISA first. Here are the requirements to qualify for the CISA:

    http://www.isaca.org/Content/Navigat...tification.htm

    Now those of you with many certs following your name - which have helped you - in terms of bling and actual learning - for your career in IT or security related positions? CISSP, CISA, CIA, CISM, others?

    Also - side note - having been a part of this community for a short time - I realized just how much I have to learn and/or how deep my lack grasping technical concepts go and that formal education and practical application with a goal in mind, seems to be the only way this stuff sticks for me. I continually am amazed at the technical know-how that exists in this community - example the tutorials section - amazing.

    MSM - I take it you teach a class for taking the CISSP? Is the class online per chance?

    TIA.
    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb

    http://www.AntiOnline.com/sig.php?imageid=764

  10. #20
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    MSM - I take it you teach a class for taking the CISSP? Is the class online per chance?
    Nope. In person and over a few months. But I don't teach towards the exam per say. Rather I teach towards understanding security so that even if you don't take the exam, you'll be more aware and pay more attention to security (I've had a couple of students who took the course for that reason -- not interested in the exam but rather wanted to improve their awareness of security).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •