Home Forums Classifieds GT Store Blogs Today's Posts Search Social Groups


Glock Talk
Welcome To The Glock Talk Forums.

Thread Tools Display Modes
Old 08-09-2004, 13:54   #1
Senior Member
Join Date: Apr 2004
Location: SC
Posts: 363

Does anyone on here actually have their Certified Information Systems Security Professional certificate and do the job?
I have been told what their job is, sounds like a fun yet impossible to get into role. To boot the cert. is like $500 to test for. Any truth to this? Whats the real deal for job experience. I assume a computer support specialist would not be considered for this role? No security experience except giving, limiting, adding rights to profiles. Adding policies to groups, etc.

echo99 is offline   Reply With Quote
Old 08-09-2004, 14:30   #2
CLM Number 2
Scouts Out
HerrGlock's Avatar
Join Date: Dec 2000
Posts: 64,497


Originally posted by echo99
No security experience except giving, limiting, adding rights to profiles. Adding policies to groups, etc.

You're a windows guy. You can try for it, but you won't get it. Yes, I look at applications regularly.

CISSP is a set of letters that I'd jump at.

If you want to break out of the WIN-only crowd and get into security, look at Cisco PIX classes and/or certification. It is a good way to start thinking in a security manner instead of what WIN gives you.

Yes, Cisco and other boarder guys are VERY different and you have to live security to be worth a darn in that group.

Oh, some things I've asked for interviews. These are not necessarily position killers, even a wrong response, as long as the person's thinking can make me think better of the person.

What is a packet?
What is a packet filter?
What is stateful inspection?
How do you look for a stack smashing connection with only firewall logs?
What does code red look like when it hits your firewall?
What's the protocol that uses port 22?
Why are there assigned ports?
If your firewall allows a connection to port 80 and someone telnets to it, what happens? To the connecting computer? To the server? To the firewall?

Sent from my rotary phone
"The way I see it as soon as a baby is born, he should be issued a banjo!"- Linus Van Pelt
UNIX - Not just for Vestal Virgins any more

Last edited by HerrGlock; 08-09-2004 at 14:34..
HerrGlock is offline   Reply With Quote
Old 08-09-2004, 21:30   #3
Join Date: Jan 2000
Location: California
Posts: 75
I got my CISSP about a year ago (I worked for an MSSP at the time and it seems like half the company went through boot camp). I believe that it currently costs around $500 for the test...this doesn't include any training (which you'd do well to attend).

The thing about the CISSP cert that you have to remember is that it's considered a "managerial" cert. Although there are technical aspects to it, it's not really considered a technical cert (being a "Windows" or "Unix" guy has nothing to do with it). As such, there's no single "job" associated with having a CISSP other than management...which isn't to say that all CISSPs become managers...I certainly didn't.

Having no security experience, you'd be better served by looking into SANS GIAC certificates (http://www.giac.org/subject_certs.php). They offer certificates that address a number of different subject areas, and provide a more technical education. Of particular interest to me was the GCIH cert (the "hacker" track). The CISSP is a very dry test...unless you have a real interest in security, and the experience to back it up, it is *extremely* difficult to pass.
physicsdevil is offline   Reply With Quote
Old 08-09-2004, 23:57   #4
Texas T
CLM Number 23
TX expatriate
Texas T's Avatar
Join Date: Jan 2000
Location: W7YBY
Posts: 12,095

My former boss has a CISSP & GSNA, and just released this book:
Tech Talk

I've known the guy for 10 years and he's a pretty smart cookie...

Tony Howlett is the president of Network Security Services, a computer-security application service provider built entirely on open-source software. A Certified Information Systems Security Professional (CISSP) and GIAC Systems and Network Auditor (GNSA), he has fourteen years of experience, including running a major regional ISP/CLEC and building a nationwide ATM/DSL network. Mr. Howlett is a frequent speaker on computer security and has written for Computer Currents, Windows Web Solutions, Security Administrator, and other magazines.
"A gun is a tool, Marion. No better and no worse than any other tool - an axe, a shovel, or anything.
A gun is as good or as bad as the man using it. Remember that." Alan Ladd as Shane (1953)

NRA Life Benefactor Member, AMA Champion Member, AOPA Member, ARRL Member, GOA Life Member
Texas T is offline   Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -6. The time now is 21:59.

GT Wiki
GT Blogs
Social Groups
GT Store

Users Currently Online: 920
260 Members
660 Guests

Most users ever online: 4,867
May 19, 2015 at 1:03