Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Anyone here a CISSP?

  1. #1
    Junior Member IAMZOMBIE's Avatar
    Join Date
    Jan 2010
    Posts
    81

    Default Anyone here a CISSP?

    I've been kicking around the idea of getting my CISSP.
    I'm just curious if anyone here already has it.
    My main first question is how hard is it to get enough CPEs every year.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    I considered getting one for a while and decided against. First of all I didn't think Id learn anything useful from it. (I just completed a Masters degree in Information Systems Security in 2008 which covered all the useful stuff).

    Second, apart from in jobs advertised by less up to date hiring managers its not a technical certification, and is mainly a benefit for those doing the documentation style IT Security tasks (risk assessments, system security plans, compliance assessments etc). The GIAC certifications seem to be the hot IT Security technical certifications at the moment (GCIH, GCFA, etc).

    Third, the CISSP test is 6 hours long, scheduled only at particular times of the year, and needs to be done on paper . The certification would need to be REALLY good for me to put up with that.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Also, if you dont have InfoSec in you're job title for 4 years they won't even look at you for CISSP.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by PeppersGhost View Post
    Also, if you dont have InfoSec in you're job title for 4 years they won't even look at you for CISSP.
    They accept some related experience as long as there is some security component to the job, like system administration for example, but yes, its true that they also have a minimum experience requirement.

    I think that point is actually in the certifications favour (it means that the cert holder has had some hands on experience and hasnt just passed the exam right out of a certification mill), and I do meet the requirement, but regardless Im still not going to get a CISSP.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by IAMZOMBIE View Post
    Anyone here a CISSP?
    CISSP, OPST, OPSA
    I've been kicking around the idea of getting my CISSP.
    I'm just curious if anyone here already has it.
    My main first question is how hard is it to get enough CPEs every year.
    This shouldn't be hard. Do a few webinars with vendors etc and you get some hours. Teach/take some courses or write some papers you get some hours. Proctor a few CISSP exams in your area and you get hours. Attend a industry conference or two get some hours (or days). It's pretty easy. But do keep in mind that it's min 20 a year but total 120 over 3 (unless they've changed that and I'm grandfathered).
    Quote Originally Posted by PeppersGhost View Post
    Also, if you dont have InfoSec in you're job title for 4 years they won't even look at you for CISSP.
    That's not true. Unless you like in some extremely harsh union shop almost any System or Network Admin has dealt with enough security stuff to qualify.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by thorin View Post
    OPST, OPSA
    I was looking at those last year when trying to determine the a good pen testing certification to go for. I finally went with GPEN (which I got in March this year) after looking at the available training, strength of the certifying body, etc. SANS is fairly well regarded here in Australia, the OPST and OPSA are less well known and only one training provider that I know of offers the training and certification (Pure Hacking in Sydney).

    Im looking at doing the GWAPT from SANS later this year, the OSCP (Offensive Security) in a month or so and the OSCE (Offensive Security) early next year.

    Did you do the training before taking the exams? What was the exam like, regarding difficulty, content covered, format and testing process, etc? Are employers asking for the cert in your location? What is the recertification process like?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    @ lupin

    I'm actually a OSSTMM trainer now. When I joined the company I'm currently with I did both the full OPST (with the company I'm currently at) and OPSA (with Pete Herzog himself). I was pretty happy with them. ISECOM's certs are very popular in Europe and Mexico but gaining ground in North America. For the OPST we usually do a full week (5d) course with the exam on the 5th day.

    I've also been looking at doing my GWAPT (which replaced GWAS)...I had hoped for this year but in reality it seems like it's gonna wait till next year
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    prowl3r
    Guest

    Default

    I'm actually a OSSTMM trainer now.
    Looking at your avatar, you seem to be a very demanding one

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    <evil grin>
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by PeppersGhost View Post
    Also, if you dont have InfoSec in you're job title for 4 years they won't even look at you for CISSP.
    You can take the CISSP without the requisite experience; you're just considered an associate until you get the experience.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •