CISSP
-
@irj Why not try for GSE?
-
@irj Why not try for GSE?
That one definitely looks brutal
-
@irj Yea, even getting the prereqs for it seems a huge challenge. I will get GSEC one day.
and then choose a path
https://www.giac.org/certifications/get-certified/roadmap -
@irj Yea, even getting the prereqs for it seems a huge challenge. I will get GSEC one day.
and then choose a path
https://www.giac.org/certifications/get-certified/roadmapI wonder how many GSEs there are...
-
-
199 !
https://www.giac.org/certified-professionals/directory/gsewow! Talk about $$$$$$
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
Without knowing more about your background and practical experience it is hard to say for certain. Logging is going to be key for most of the areas. With an eye towards Domain 3: Infrastructure Security in particular (since your questions in this thread have been about networking) I would say that you should make certain that you understand the concepts at a high level. Since this vendor agnostic and multiple choice it is likely (I've never taken a CISSP exam) that the questions are going to be aimed towards the right way to implement these things, but not the particulars of how to do it. You're going to need to understand the whys more than the hows for most of those things. Why does out of band configuration matter? What is access control segmentation, etc. If they're moving in response to the market there will probably be a number of questions on securing WiFi and VoIP.
If you're weak on PKI that could really trip you up as well. In general it doesn't sound terribly difficult so long as you have all of the basic concepts and can find your way around the various compliance laws.
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
Without knowing more about your background and practical experience it is hard to say for certain. Logging is going to be key for most of the areas. With an eye towards Domain 3: Infrastructure Security in particular (since your questions in this thread have been about networking) I would say that you should make certain that you understand the concepts at a high level. Since this vendor agnostic and multiple choice it is likely (I've never taken a CISSP exam) that the questions are going to be aimed towards the right way to implement these things, but not the particulars of how to do it. You're going to need to understand the whys more than the hows for most of those things. Why does out of band configuration matter? What is access control segmentation, etc. If they're moving in response to the market there will probably be a number of questions on securing WiFi and VoIP.
If you're weak on PKI that could really trip you up as well. In general it doesn't sound terribly difficult so long as you have all of the basic concepts and can find your way around the various compliance laws.
So maybe I'll be OK. We covered all of that in CISSP. I'm sure this will dive in deeper, but I probably already have enough base knowledge. I'm going to order the book and read through it and see if I can understand everything
-
@Kelly and @scottalanmiller Here is the outline for CISSP-ISSAP. What do you think I should brush up on?
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx
Without knowing more about your background and practical experience it is hard to say for certain. Logging is going to be key for most of the areas. With an eye towards Domain 3: Infrastructure Security in particular (since your questions in this thread have been about networking) I would say that you should make certain that you understand the concepts at a high level. Since this vendor agnostic and multiple choice it is likely (I've never taken a CISSP exam) that the questions are going to be aimed towards the right way to implement these things, but not the particulars of how to do it. You're going to need to understand the whys more than the hows for most of those things. Why does out of band configuration matter? What is access control segmentation, etc. If they're moving in response to the market there will probably be a number of questions on securing WiFi and VoIP.
If you're weak on PKI that could really trip you up as well. In general it doesn't sound terribly difficult so long as you have all of the basic concepts and can find your way around the various compliance laws.
So maybe I'll be OK. We covered all of that in CISSP. I'm sure this will dive in deeper, but I probably already have enough base knowledge. I'm going to order the book and read through it and see if I can understand everything
I'd think so. It would probably be worth your while to compare the stated purposes/jobs differences are for the two exams and focus your energy in those categories.
