CISSP
-
@scottalanmiller said in CISSP:
@scottalanmiller said in CISSP:
@eddiejennings said in CISSP:
@scottalanmiller said in CISSP:
@eddiejennings said in CISSP:
I think my next goal will be CISSP Architect. I will need to take some networking courses to brush up on my networking. Then I can pursue CISSP Architect
@scottalanmiller doesn't recommend Cisco, if I remember. What are some decent alternatives? I already have Network +
My $0.02, the concepts I learned during my CCNA training were useful. Is there a particular aspect of networking for which you're wanting to sharpen your skills?
Is there anything not covered by the Network+, though?
From what I remember (from a few years ago), there was more information about routing protocols and such on CCNA. I will say most of the CCNA though was how to configure Cisco devices for [insert network function here].
Who uses routing protocols? That's enterprise only, and network team only. Useless in general.
@IRJ will need to understand them for CSA work.
Yes, but not at the CCNA level.
Why not? He just needs to learn the fundamentals of routing, the different protocols used, and deal with some troubleshooting scenarios. As an architect he doesn't need to know the intricacies of BGP or any of the deeper routing things covered in the CCNP.
-
What about certified ethical hacker or something like that to compliment the CISSP?
-
@scottalanmiller said in CISSP:
My point was, and has always been, that the CCNA doesn't make sense on its own. Not that networking doesn't make sense or that Cisco certs don't make sense. Only that the big trend to go after the CCNA doesn't make sense as it isn't senior enough to do any good in a Cisco or routing shop, and not as good as the Network+ for non-Cisco work. The CCNA's purpose is as a stepping stone into the CCNP, not as a replacement for general networking cert exams.
The CCNA, like the MCSA, is also a vendor marketing tool to get people to use their product. Educate more people, they'll utilize more of your product.
-
@networknerd said in CISSP:
What about certified ethical hacker or something like that to compliment the CISSP?
I already have CEH
-
My suggestion would be to look at the solutions that you're going to be implementing/recommending and then hit those vendor certs (assuming they have ones). I'd be more inclined to look at Juniper or Palo Alto as alternatives to Cisco.
-
@irj Why not try for GSE?
-
@irj Why not try for GSE?
That one definitely looks brutal
-
@irj Yea, even getting the prereqs for it seems a huge challenge. I will get GSEC one day.
and then choose a path
https://www.giac.org/certifications/get-certified/roadmap -
@irj Yea, even getting the prereqs for it seems a huge challenge. I will get GSEC one day.
and then choose a path
https://www.giac.org/certifications/get-certified/roadmapI wonder how many GSEs there are...
-
-
199 !
https://www.giac.org/certified-professionals/directory/gsewow! Talk about $$$$$$
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
Without knowing more about your background and practical experience it is hard to say for certain. Logging is going to be key for most of the areas. With an eye towards Domain 3: Infrastructure Security in particular (since your questions in this thread have been about networking) I would say that you should make certain that you understand the concepts at a high level. Since this vendor agnostic and multiple choice it is likely (I've never taken a CISSP exam) that the questions are going to be aimed towards the right way to implement these things, but not the particulars of how to do it. You're going to need to understand the whys more than the hows for most of those things. Why does out of band configuration matter? What is access control segmentation, etc. If they're moving in response to the market there will probably be a number of questions on securing WiFi and VoIP.
If you're weak on PKI that could really trip you up as well. In general it doesn't sound terribly difficult so long as you have all of the basic concepts and can find your way around the various compliance laws.
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
Without knowing more about your background and practical experience it is hard to say for certain. Logging is going to be key for most of the areas. With an eye towards Domain 3: Infrastructure Security in particular (since your questions in this thread have been about networking) I would say that you should make certain that you understand the concepts at a high level. Since this vendor agnostic and multiple choice it is likely (I've never taken a CISSP exam) that the questions are going to be aimed towards the right way to implement these things, but not the particulars of how to do it. You're going to need to understand the whys more than the hows for most of those things. Why does out of band configuration matter? What is access control segmentation, etc. If they're moving in response to the market there will probably be a number of questions on securing WiFi and VoIP.
If you're weak on PKI that could really trip you up as well. In general it doesn't sound terribly difficult so long as you have all of the basic concepts and can find your way around the various compliance laws.
So maybe I'll be OK. We covered all of that in CISSP. I'm sure this will dive in deeper, but I probably already have enough base knowledge. I'm going to order the book and read through it and see if I can understand everything
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
Without knowing more about your background and practical experience it is hard to say for certain. Logging is going to be key for most of the areas. With an eye towards Domain 3: Infrastructure Security in particular (since your questions in this thread have been about networking) I would say that you should make certain that you understand the concepts at a high level. Since this vendor agnostic and multiple choice it is likely (I've never taken a CISSP exam) that the questions are going to be aimed towards the right way to implement these things, but not the particulars of how to do it. You're going to need to understand the whys more than the hows for most of those things. Why does out of band configuration matter? What is access control segmentation, etc. If they're moving in response to the market there will probably be a number of questions on securing WiFi and VoIP.
If you're weak on PKI that could really trip you up as well. In general it doesn't sound terribly difficult so long as you have all of the basic concepts and can find your way around the various compliance laws.
So maybe I'll be OK. We covered all of that in CISSP. I'm sure this will dive in deeper, but I probably already have enough base knowledge. I'm going to order the book and read through it and see if I can understand everything
I'd think so. It would probably be worth your while to compare the stated purposes/jobs differences are for the two exams and focus your energy in those categories.
