CISSP's?

[ElZorro]

Thinking about going for the CISSP. I know of one person who has studied for it, has anyone taken and passed it? If so, what do you recommend for studying? Class, bootcamp, book, etc. I've taken and passed the PMP, which is a similar type of certification for Program Managers (similar in the layout and density of material, obtuse definitions, 'drink the cool-aid' mentality, and test format), took a 5 day bootcamp and passed easily.

Any other thoughts on the CISSP?

Edit:

Oh, and background for those that might not know me too well. I worked in IT for a number of years (4+), and have managed desktops, servers, networks, physical security, etc. I've done continuation of operations planning, physical security planning, etc. I have a pretty strong background in computer and network security (white hat and black hat). And a Masters in CS.

[complacent]

I think I'm allergic to certs...

[Libra Monkee]

Yeah I'd like some info on this too. CISSP is one of my goals for this year since I've decided to redirect my career path. Why? For a number of reasons, not the least of which is I'm sick of dealing with lusers.

"No, I will not restore the mp3s you accidentally deleted. Yes, you can go home and choke on your mother's c:censor:t."

[Sabre]

The CISSP covers a lot of ground, from encryption types to the various types of fire. The CISSP boot camp I went to was very good. Best recommendation is to take the exam right afterward (I'm sure this was the same as the PMP). The best way to study from it is to learn as much as you can from the teacher since they know exactly what is on the test... yep, time to drink that cool-aid again!

[Libra Monkee]

...the various types of fire.

FIRE FIRE FIRE!

[schvin]

been meaning to do it, but have been putting it off for years. i don't have much motivation to do it right now, but it may be a good thing to put on the resume. from talking to my friends and colleagues that have it, i strongly feel that it is based on "their way" or "how they think" rather than the more technical "real" knowledge that we may or may not have.

fwiw. that said, i think is subconsciously mark a +1 when i see it on a candidate's resume.

saw the vanity tag 'ogcissp' in ballston commons a few years ago.

[Libra Monkee]

Who offers these courses?

[Phibs]

been meaning to do it, but have been putting it off for years. i don't have much motivation to do it right now, but it may be a good thing to put on the resume. from talking to my friends and colleagues that have it, i strongly feel that it is based on "their way" or "how they think" rather than the more technical "real" knowledge that we may or may not have.

fwiw. that said, i think is subconsciously mark a +1 when i see it on a candidate's resume.

saw the vanity tag 'ogcissp' in ballston commons a few years ago.

I usually mark a -1 next to any resume w/ certifications since they do not mean you have real world experience. The PMP / CISSP might be different but you should be able to get an interview based on your experience and skill set rather than certifications.

[schvin]

oh, i absolutely agree, phibs. definitely. it is semi-unconscious, but it is a mental note. obviously when i actually get to ask questions it becomes clear whether there is any experience :p

[Sabre]

Certs get you through the door, experience gets your the job.... At least in my experience!

[ElZorro]

Who offers these courses?

There are a number of places online that I found, but don't know which ones are 'good'.

[ElZorro]

I usually mark a -1 next to any resume w/ certifications since they do not mean you have real world experience. The PMP / CISSP might be different but you should be able to get an interview based on your experience and skill set rather than certifications.

The challenge is lately in the government contracting world, certifications are becoming mandatory - contractors are required to propose and staff contracts with Certification Q or Accreditation Y as a way of helping the government select the winning bid. Its getting more and more common to see requirements for PMP-holding PM's on bids. I think in these cases certifications are being used for what they should be used for - a checkbox that says someone was able to jump through a hoop, and not necessarily proof that someone can do a job. This is why resumes should have two sections - training/education/certs & experience.

[avriette]

In my experience as an interviewee, the certs will get you in the door, but the only thing that gets you the job is skills and how well you manage the interview.

In my experience as an interviewer, the certs will sort of bring the resume to my attention, but at the same time, somebody with a lot of certs looks like someone who hasn't done a lot in the field, but has a lot of book work. This person is usually a pain in the ass to hire, as they take a long time to spin up. Usually, after they spin up, though, they're pretty good.

You can also usually ask for more money, but it's not like 10%, you might be able to ask for a little above the median (check salary.com), or if HR comes up with a comp package (rather than you stating a rate), they are more impressed than IT people and will give you a bit more. It's the same way with degrees, although they have formulae that equate years of experience to degrees. I've been told that e.g., a bachelors is equivalent to five years in the field (although I disagree with this strongly).

The tests are very expensive, and unless my employer pays for them, I don't take them on that reason alone. I do like the classes that usually come with the tests, so I'd do it for that reason, but not because I thought it would affect my career or earnings potential.

[ElZorro]

It's the same way with degrees, although they have formulae that equate years of experience to degrees. I've been told that e.g., a bachelors is equivalent to five years in the field (although I disagree with this strongly).

Most of the time I've seen 2 or 3 years counted for a bachelors and 2 for a masters. Sitting in a classroom for 4 years does not give you more knowledge than doing the job for 4 years.

[avriette]

It's the same way with degrees, although they have formulae that equate years of experience to degrees. I've been told that e.g., a bachelors is equivalent to five years in the field (although I disagree with this strongly).

Most of the time I've seen 2 or 3 years counted for a bachelors and 2 for a masters. Sitting in a classroom for 4 years does not give you more knowledge than doing the job for 4 years.

Which is exactly the point about exams. Sitting in a classroom for a two-week CISSP course is not the same has having been an IOS monk for two years.

[The Gray Ghost]

I am studying for mine right now. I want to take the exam in like 6 months. I am studying the Cybex manual which I think hands down is the best IMO. I also hae heard from several of my engineer buddies from Lucent that the Cisco Security cert is really good also. I really feel that if you are in a job where you can work with IA and IAVA's, it will be a major plus to have that cert. Good Luck...if you need a study partner PM me. Oh, and by the way certs like this and CCIE are really great if you have the real world experience and a lab to tinker in.....LOL...


Mark

[ElZorro]

I am studying for mine right now. I want to take the exam in like 6 months. I am studying the Cybex manual which I think hands down is the best IMO.

Cool! I'm torn between doing another bootcamp (I did one for the PMP, I know I can succeed that way, and its done in a week) or just being patient and getting a book.

[The Gray Ghost]

cybex ftw......


mark