CISSP [Archive] - Glock Talk

PDA

View Full Version : CISSP


echo99
08-09-2004, 13:54
Does anyone on here actually have their Certified Information Systems Security Professional certificate and do the job?
I have been told what their job is, sounds like a fun yet impossible to get into role. To boot the cert. is like $500 to test for. Any truth to this? Whats the real deal for job experience. I assume a computer support specialist would not be considered for this role? No security experience except giving, limiting, adding rights to profiles. Adding policies to groups, etc.

Comments?

HerrGlock
08-09-2004, 14:30
Originally posted by echo99
No security experience except giving, limiting, adding rights to profiles. Adding policies to groups, etc.

Comments?

You're a windows guy. You can try for it, but you won't get it. Yes, I look at applications regularly.

CISSP is a set of letters that I'd jump at.

If you want to break out of the WIN-only crowd and get into security, look at Cisco PIX classes and/or certification. It is a good way to start thinking in a security manner instead of what WIN gives you.

Yes, Cisco and other boarder guys are VERY different and you have to live security to be worth a darn in that group.

Oh, some things I've asked for interviews. These are not necessarily position killers, even a wrong response, as long as the person's thinking can make me think better of the person.

What is a packet?
What is a packet filter?
What is stateful inspection?
How do you look for a stack smashing connection with only firewall logs?
What does code red look like when it hits your firewall?
What's the protocol that uses port 22?
Why are there assigned ports?
If your firewall allows a connection to port 80 and someone telnets to it, what happens? To the connecting computer? To the server? To the firewall?

DanH

physicsdevil
08-09-2004, 21:30
I got my CISSP about a year ago (I worked for an MSSP at the time and it seems like half the company went through boot camp). I believe that it currently costs around $500 for the test...this doesn't include any training (which you'd do well to attend).

The thing about the CISSP cert that you have to remember is that it's considered a "managerial" cert. Although there are technical aspects to it, it's not really considered a technical cert (being a "Windows" or "Unix" guy has nothing to do with it). As such, there's no single "job" associated with having a CISSP other than management...which isn't to say that all CISSPs become managers...I certainly didn't.

Having no security experience, you'd be better served by looking into SANS GIAC certificates (http://www.giac.org/subject_certs.php). They offer certificates that address a number of different subject areas, and provide a more technical education. Of particular interest to me was the GCIH cert (the "hacker" track). The CISSP is a very dry test...unless you have a real interest in security, and the experience to back it up, it is *extremely* difficult to pass.

Texas T
08-09-2004, 23:57
My former boss has a CISSP & GSNA, and just released this book:
http://www.informit.com/ShowCover.asp?isbn=0321194438&type=a

I've known the guy for 10 years and he's a pretty smart cookie...

Tony Howlett is the president of Network Security Services, a computer-security application service provider built entirely on open-source software. A Certified Information Systems Security Professional (CISSP) and GIAC Systems and Network Auditor (GNSA), he has fourteen years of experience, including running a major regional ISP/CLEC and building a nationwide ATM/DSL network. Mr. Howlett is a frequent speaker on computer security and has written for Computer Currents, Windows Web Solutions, Security Administrator, and other magazines.