RE: I've passed the CISSP exam, few months back...Now what???

From: Brunner, Mark (MBrunner_at_tor.fasken.com)
Date: 09/09/05

  • Next message: Ronnie Miller: "Re: Log Analyzer Tool"
    Date: Fri, 9 Sep 2005 11:04:43 -0400
    To: <rami9009@hotmail.com>, <security-basics@securityfocus.com>
    
    

    These feelings that you are having actually aren't all that unusual. Exams serve as a benchmark, and can only test for a level of knowledge, and not for the ability to apply or use that knowledge in a real world situation.

    As an SSCP certified former teacher pursuing CISSP certification, I would offer the following for anyone that has just gained ANY certification and is now uncertain of their readiness to use that knowledge. I am currently lacking the means or the time to write the CISSP. I usually have the time, but not the cash, or the cash but no time. I'm doing or have done everything that I _imagine_ a Security Consultant would do, have read the right and some of the wrong books, can spot the differences, and have gotten my hands very dirty, applying what I have gained over the past 8 years on a daily basis...

    First, attaining CISSP status should only be one of many objectives that lead to a larger goal. What is it that you REALLY want to do or become? Define it clearly. Write yourself a job description, not just a title.

    Next, and hopefully supporting the above, there are 10 domains defined in the CISSP BOK. Which area(s) do you wish to explore further, interest you the most, and offer the most opportunity?

    Continue to learn and explore. Buy some old hardware and beat it to death. Configure the hell out of it. Plan each configuration as a different topology or scenario and see what you can do. The experience is found in the doing.

    Finally, here is an opportunity to give a little back. Why not volunteer your services? Conduct Security Awareness Training to the less fortunate, do some security work for not for profit organizations, or others? I enjoyed working with the Special Olympics a few years back, and got back as much as I gave.

    Good to luck to you,
    Mark

    -----Original Message-----
    From: rami9009@hotmail.com [mailto:rami9009@hotmail.com]
    Sent: Thursday, September 08, 2005 12:51 AM
    To: security-basics@securityfocus.com
    Subject: I've passed the CISSP exam, few months back...Now what???

    I have passed the CISSP exam few month back. I have almost 14 years experience in the IT field, support, networking, and routing. I thought that adding security to this profile will be cool. . I prepared for it just like any other exam; I read the right books, studied well and passed. The problem is that now few months later I feel that I have forgot everything. I want to apply for a security consultant position, but I feel that I lack the confidence to fulfill this position. What went wrong????
    I am willing to devote time and effort to bridge the gap and rebuild this "Security skill set" but I don't know where to start or what book to read. Please guys advice!


  • Next message: Ronnie Miller: "Re: Log Analyzer Tool"