RE: need some advice please (rather long read)

Hi, Matt.

My goal of course is CISSP
but I don't feel that my experience would fit the criteria
because even though I did security related jobs it was not in
my "job title"

It's not the job title so much, but the full requirements for certification
are quite complex and demanding. See
https://www.isc2.org/cgi-bin/content.cgi?category=1186, though you really
need to look over the whole part of the site regarding the cert and contact
them directly if you're still not sure whether you qualify.

"Valid experience includes information systems (IS) security-related work
performed as a practitioner, auditor, consultant, investigator or
instructor, that requires IS security knowledge and involves the direct
application of that knowledge. The four years of experience must be the
equivalent of actual fulltime IS security work (not just IS security
responsibilities for a four year* period); this requirement is cumulative,
however, and may have been accrued over a much longer period of time."

I may be wrong about this and it would be
great if somebody who is a CISSP or knows these kinds of
things could take the some time to look at my resume and give
me some advice.

I can't speak for (ISC)2, and I don't know how long your work has included
some security content, so the advice I can give you is limited, but it
sounds to me as if you have a range of practical experience but probably not
enough, or specific enough, for CISSP. In fact, a lot of the "big gun" certs
have a bias towards management experience which you may not have. You have
several options:
* look at SSCP, for which the experience requirements are less onerous, but
still shows a decent baselevel knowledge and (most importantly) intent to
keep progressing
* look at associate membership, which is for people who've passed the CISSP
or SSCP exam but don't yet have the experience for the full cert
(https://www.isc2.org/cgi-bin/content.cgi?category=1334)
* look at other certs (obviously, you already have). I'm not the person to
tell you about the full range of security certs available, but one option is
to pick an area you're particularly interested in and try for a cert (GSEC,
for example) in that area. You obviously have lots of hands-on experience,
some of it definitely in security: maybe it would be worth focusing on a
hands-on certification? Even if you were looking for something more
managerial in the longer term, a hands-on cert wouldn't be wasted.

HTH.

--
David Harley CISSP
http://www.smallblue-greenworld.co.uk

Relevant Pages

  • RE: Re: University Degree or CISSP
    ... A legitimate CISSP requires at a minimum of 4 years of industry ... degree with experience, or cert with experience. ... SECURITY+ is OK, but combined with a NETWORK+ and an A+, shows that you ... mostly management concepts in security. ...
    (Security-Basics)
  • RE: CISSP Continuing Education
    ... I don't actually think that's a weakness for this type of cert. ... Actually, what CISSP says to me is this: ... "I am an information security professional with a minimum of x years ... If I needed that sort of endorsement, ...
    (Security-Basics)
  • Re: [Full-disclosure] CISSP Test
    ... The CISSP cert is a great cert to have if you want to get your foot in the ... CISSP is basically a 50,000 foot view of IT security as ... all I care, I could care less if they have yet another class coming up in my ...
    (Full-Disclosure)
  • Re: Security+
    ... CISA Articles ... I've heard mention of the CISSP ... and have seen articles on the Security+. ... I wanted to get one Cert this year and it going to be CISSP. ...
    (Security-Basics)
  • Re: Doubt regarding Sec+
    ... I have a CEH, ... The CEH is a technical cert which is great if ethical hacking and pen ... The CISSP is currently considered the defacto standard for overall ... information security. ...
    (Security-Basics)