LITTLEBLACKDOG.COM

Posted: Sun Sep 30, 2007 7:44 am Post subject: CISSP Cert Qualifications

After 7 years of disappointment I have finally found another ICSSP that will sponsor me. Very Happy

But just like 7 years ago they are changing the certification requirements Rolling Eyes

But I think I may still qualify to take the exam, but I am not a 100% sure. That is the point to this post. If this should be moved to another forum then by all means move it. I really wasn't sure where to put it.

The requirements are that I have 5 years of experience within 2 out of the 10 CBK domains.

Quote:

* Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
* Work requiring habitual memory of a body of knowledge shared with others doing similar work.
* Management of projects and/or other employees.
* Supervision of the work of others while working with a minimum of supervision of one's self.
* Work requiring the exercise of judgment, management decision-making, and discretion.
* Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
* Creative writing and oral communication.
* Teaching, instructing, training and the mentoring of others.
* Research and development.
* The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
* Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect, engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words "coder" or "operator" are likely excluded.

If I get my CompTia Security + that will count as 1 year of experience, so I am planning on taking that test in a couple of weeks.

My work experience that could be possibly be considered is as follows.

I was a Student Technology Manager for a school district for a year. My job was to train students, and Job Corps students on computer repair.

I was also a Network Administrator for a year. I did have a boss I had to report to, and also I was part of a group of IT and we made decisions as a group. I was pretty much in charge of the network at my site, so I handled security, network design, phone systems, helpdesk, and everything in between.

I had gone overseas, and did some security consulting for 3 companies. I was overseas for 6 months, and I did not work the whole time. Also I was payed under the table. So I am really not sure if I should put that one down. It would be hard to prove, and I know at least one of the companies would deny that I worked there.

I was then a web consultant for a year at a private company. I did web and database design. I also did some network consulting for the same company.

Next I was a Network Admin again at a small company for 8 months. I was the top of the food chain, I only had to report to the owner. I had done web design, database design, network security, web security and helpdesk tasks.

Currently I am a Workstation Analyst by the time I go to take the exam I will have 1 year here. I do have a boss I report to, but so far I have been making pretty much all my own decisions on what to do with the workstations. Also I just updated our entire network. Designed and implemented it.

One of the first jobs that I had was when I was around 13, my brother-in-law said he had a company (I'm pretty sure he was lying). And he "hired" me on to do website design for doctors offices. I did about a half dozen websites over about a year. I don't know the legalities of this, I'm pretty sure it was illegal as child labor and such. But I don't really know.

I'm hoping that I have the experience, but from what I could tell I could "warp" any of the jobs that I had to meet the requirements.

What do you guys think?
Worst case I can start doing consulting on the side to build up the amount of experience.

Posted: Sun Sep 30, 2007 7:13 pm Post subject:

Not quite sure what your asking. But I've been in the IT industry for going on 12 years. 8 Of which have been focused solely on Information Security. Im not a big fan of certs, I have *none* So far it hasn't hurt me.

However HR drones love them and will often toss resumes if they don't see the right certs where applicable.

So to get back to the question... what is yours? Rolling Eyes

Posted: Mon Oct 01, 2007 3:24 am Post subject:

Sorry, was kind of in a hurry when I wrote the post.

Basically I am just asking if my work experience is enough for me to take the exam.

If it is I'll start studying again, if not I'll start consulting again.

I kind of agree about the certs, but the CCIE and the CISSP have always been on my to do list, since I am too lazy to go back to college Wink

Posted: Mon Oct 01, 2007 6:45 am Post subject:

I've felt than any senior level Network Admin type has met the qualifications.

Remember 1 of the domains is also physical security as well.

Also, you don't have to have another Certified person to sponser you, it just makes you less likely to be auditted. If you have a letter from supervisors over that course of time, than that counts as well.

I got my CISSP a couple of years ago, and it was a bit harder than most exams I have taken. Remember it is a management certification, and international as well. While it gets pretty technical, it is a "inch deep, mile wide" type certification. The requirements, are really there to show that you have used your own judgement when dealing with issues, not being told "Disable these accounts, and enable these functions".