RE: question about CISSP experience requirements

ISC2 also offers SSCP which requires 1 year of experience (www.isc2.org)
for example. SANS also offers a wide range of certifications from
security essentials to higher difficulties in specific security areas.
http://www.giac.org/certifications/ gives a good overview of what's
available and the requirements.

Regards,
Bruce

-----Original Message-----
From: Crispin Yuen [mailto:crispin.yuen@xxxxxxxxx]
Sent: Saturday, August 05, 2006 7:44 PM
To: Monroe, Bruce
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: question about CISSP experience requirements

What would be those other security related certifications we can get
in the interim?


On 8/5/06, Monroe, Bruce <bruce.monroe@xxxxxxxxx> wrote:
A CISSP has to vouch for the experience requirements. If a certified
CISSP vouches for the experience requirements when you don't actually
have them that is a ethics violation...and a problem in itself that
could result in issues with their own cert. I was audited by ISC2 when
I
got my CISSP a some years back so there is some checking done. From my
experience they don't check everyone, but they do check on a
percentage
from every group taking the test. My recommendation would be to get
the
experience and not try the get around the system. There are plenty of
other security related certificaitons you can get in the interim, and
the experience will stand you in good stead regardless. My 2 cents...

Regards,
Bruce

Note - the opinions expressed are my own and may not reflect those of
my
employer.

-----Original Message-----
From: e.m.baechle@xxxxxxxx [mailto:e.m.baechle@xxxxxxxx]
Sent: Friday, August 04, 2006 7:01 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: question about CISSP experience requirements

Kurt,


You raise a good question. My opinion is that the CISSP designation
should specifically identify security experience. However, my opinion
is likely very far off from reality. I've seen quite a few people
achieve CISSP status from passing a test, with no more experience on
their resume than 5 years of changing backup tapes. Suddenly they're
a
"security expert" with field experience.


The CISSP certification itself is the "gold standard" however my
observations have been that a lot of underqualified people are
achiving
it. Much the same way that $$$ drove the MCSE program to keeping a
low
passing score. Again, in my observation, I think you could achieve
the
CISSP designation if you had someone willing to attest to you having
full-time security responsibility.


Sincerely,


Eric B.




------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------------
---



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • RE: question about CISSP experience requirements
    ... got my CISSP a some years back so there is some ... should specifically identify security experience. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ... The NSA has designated Norwich University a center ...
    (Security-Basics)
  • RE: Certification Advice
    ... I've heard of other folks geting confused since the changes in ISC certifications. ... Yes, there are the three new CISSP concentrations, but there's also the Associate's program for those who don't have the experience to qualify for the full CISSP: ... MOREnet Network Security Coordinator ...
    (Security-Basics)
  • RE: Certification Advice
    ... > You can no longer get your CISSP. ... > I am considering getting some certifications under ... > increase my security knowledge. ... > Captus Networks ...
    (Security-Basics)
  • RES: [ok] [Full-Disclosure] Certifications
    ... I agree about security certifications. ... I think is necessary one hard knowledgment in network to do security certifications. ... Comparing the CISSP to the GIAC Exams is like comparing fire and water. ...
    (Full-Disclosure)
  • RE: Certification Advice
    ... have the CISSP as a basis in order to even sign up for them. ... > CISSP certification is a good one to have in the security scene. ... > a) What are good certifications to get, which will help to get me closer ... > Captus Networks ...
    (Security-Basics)