Steps to take CISSP exam

shayno90

What are the required/minimum certs to have before doing the CISSP exam, (i.e. Network+ Security+ and then CompTIA A+)?

I guess it is best to buy the reading materials instead of paying for the tuition, as the fees are quite expensive?

Have a few years IT admin experience but no certs yet, so interested in getting some.

oxide

Prerequisites can be found here.

https://www.isc2.org/studiscope/default.aspx

In summary, you need 5 years security experience for CISSP. SSCP might be an option also. I bought the Shon Harris AIO book amongst others and used the cccure site to study and ask questions. Passed without doing course. However that was 2006. Syllabus has changed drastically since then.

Good resource here

http://cccure.org

O

shayno90

Thanks for the info. I understand that you can do the exam and pass but only receive a cert after 5 years experience.

Do you recommend to do any of the CCNA or CompTIA+ certs or what certs did you have before doing the CISSP exam and study?

Will buy the Shon Harris CISSP guide and practice exams book.

oxide

Apologies about my misunderstanding.

I had the MCSE (NT4) and CCNP before attempting the CISSP. I had no specific security related certs but had a little experience (firewalls). Might have had a checkpoint cert at the time.

Pursing the CompTIA+ or CCNA can only help your career. I feel the CCNA would definitely help you with the Telecoms Domain. You definitely need to know your OSI layers thoroughly. However, there are 9 other domains that need to be understood. The CompTIA+ syllabus doesnt really relate to any of the 10 CBK domains. The CompTIA+ is more based on PC support etc. I would forget this.

The CCNA or whatever will certainly help you for some parts. You need to know the OSI model for sure. If you are considering another cert to have under your belt I would consider a security related cert. Something like the Security + or CEH.

In summary, certs are not necessarily needed. I think experience is more important personally. The CISSP touches a huge amount of topics but never, in my opinion, goes really in depth.

The practice tests on ccure.org are invaluable. Some good study notes etc are available.

O

shayno90

Thanks for the advice. Think the best progression to do the CISSP exam is to do the CompTIA certs then CCNA to give a good base before attempting the big exam.

Krusader

http://www.professormesser.com/free-comptia-security-training/security-plus-videos/

Should give you a good foundation

shayno90

Thanks for the link to the videos. Also where did you book to take the exams, was it a local college?

Wendolene

Hi shayno90,

A good starting point for getting an understanding of what's required of you to get the CISSP is https://www.isc2.org/cissp-how-to-certify.aspx. From there, you'll find that you'll spend a lot of your time just reading the wealth of information on the ISC2 web site. There's a lot to understand about ISC2 as an organisation, the certifications they offer, how to get them and how to maintain them.

There are no certifications required to do the CISSP. Apart from passing the exam ( score 700 points from 250 questions in 6 hours ), 5 years endorsed work experience in at least 2 of the 10 exam domains is required.

Certain limited waivers exist ( https://www.isc2.org/credential_waiver/default.aspx ) for the work experience requirement, e.g. 1 year for Microsoft's MCSA or MCSE, CompTIA Security+.

The process is ( basically ):
- study for the exam
- register for the exam
- pass the exam
- complete the application for certification containing an endorsement of your work experience from an already-certified CISSP.

Again, ISC2 facilitates those who cannot find an endorser, but I've no idea how that changes the process for a candidate.

The important thing in all of this is not actually the studying for the exam - it's the work experience. I relied on mine hugely in the exam, rather than on anything I read on web sites or in the Shon Harris book mentioned above. The exam is "a mile wide and an inch deep", so studying alone simply will not cut it.

I would completely agree with oxide above re. getting the CCNA, Security+, CEH. They'll certainly help complement your experience as you work towards satisfying the CISSP requirements.

However, certifications ( in anything ) should not be viewed as an end in themselves. They're a nice complement to your work experience, but they are not your work experience ... if you get the distinction I'm trying to draw.

FWIW, the Shon Harris book is quite verbose - she takes 200 words to describe something that could be described in 20. It's not really a cover-to-cover read, but should be used as a topical reference as you progress. That said, it's still about the best of what's out there. Any other texts I read were bone dry and boring

The ISC2 used to hold exams in Dublin and Belfast on a Saturday once or twice a year, but they haven't held any here for a few years, I think. I did my exam in London.

However, for a first step, I'd recommend immersing yourself in the ISC2 web site ( https://www.isc2.org/ ).

HTH

shayno90

Thanks for info Wendolene. Good to know to you need some certs behind you but thought they would be a stepping stone before attempting the more in depth CISSP exam.

Seems better to just have to renew the one CISSP cert every 3 years versus multiple smallert certs every 3 years.

Where is a good test centre in Dublin or across the country?

Wendolene

shayno90 wrote: »

Thanks for info Wendolene. Good to know to you need some certs behind you but thought they would be a stepping stone before attempting the more in depth CISSP exam.

Seems better to just have to renew the one CISSP cert every 3 years versus multiple smallert certs every 3 years.

Where is a good test centre in Dublin or across the country?

Hi shayno90,

You're quite welcome. Just to be clear, no other certs are required for CISSP, although they may help with professional development along the way.

The CISSP is not the be-all-and-end-all in information security. It's not a technical certification unlike, say, Cisco's CCNA, Checkpoint's CCSA, Microsoft's MCSA/MCSE or EC-Council's CEH are. It's an infosec management certification - hence the need for 5 years endorsed relevant work experience before candidates are eligible.

There are many other certifications you may find useful to maintain depending on your work environment (not just the one's I mentioned above), so I'd suggest that you may very well find yourself maintaining multiple certifications on a multi-annual basis.

As I said above, I tested in London. This was before ISC2 introduced (long overdue) computer-based testing via Pearson Vue, so I spent 4 hours of the 6 available filling in the dotted answer sheet (like a large lotto docket) with a pencil!

There seems to be just 2 Pearson Vue testing centres in Dublin - IT Blanchardstown & New Horizons. I've tested in New Horizons a couple of times, and it's fine. It's easily accessible via the Luas (Jervis stop). Their testing rooms can get warm if busy (people + PCs = heat), so I would advise dressing in removeable layers on the day, if you go there. Apart from that, it's grand though. I don't know anything about testing in ITB.