I've passed the CISSP exam, few months back...Now what???

Discussion in 'Computer Security' started by John MacLean, Sep 8, 2005.

  1. John MacLean

    John MacLean Guest

    I have passed the CISSP exam few month back. I have almost 14 years
    experience in the IT field, support, networking, and routing. I
    thought that adding security to this profile will be cool. . I
    prepared for it just like any other exam; I read the right books,
    studied well and passed. The problem is that now few months later I
    feel that I have forgot everything. I want to apply for a security
    consultant position, but I feel that I lack the confidence to fulfill
    this position. What went wrong????
    I am willing to devote time and effort to bridge the gap and rebuild
    this "Security skill set" but I don't know where to start or what book
    to read. Please guys advice!
     
    John MacLean, Sep 8, 2005
    #1
    1. Advertisements

  2. John MacLean

    Shadus Guest

    ["Followup-To:" header set to alt.computer.security.]
    A piece of paper isn't a substitute for experience. Unless you are
    actively using a piece of knowledge you're not going to remember it.
    Security isn't something that is learnable by just reading a book and
    taking a test, like most things people do well it's something you gain
    by sweat perserverence in the field, applying good security procedures
    and methodology, and evolving with the field as it grows. Get a low end
    job in security (eg: a job where you have someone else backing you up,
    since you're not an expert)-- you've got your paperwork, find out what
    specifics you want to follow and learn what you need to know. Once you
    do that you'll be able to apply your knowledge in the field with more
    confidence and know that you're not blowing smoke up a future employeers
    ass.
     
    Shadus, Sep 8, 2005
    #2
    1. Advertisements

  3. John MacLean

    Jim Guest

    Shadus wrote on 9/8/2005 10:09 AM:
    Amen. It's not 1995 where you could have pulled a $100k job just for
    filling out the application.

    If you want to make a lot of money with no experience or knowledge, get
    a sales job.

    Jim
     
    Jim, Sep 8, 2005
    #3
  4. John MacLean

    Bowgus Guest

    Bowgus, Sep 9, 2005
    #4
  5. John MacLean

    Mr.G Guest


    Apply your new skills on your job.
    Take advantage of your security departments knowledge base.
    If you have no security department, start doing the work and
    checking behind your self. Test your own security on your own
    computers, either in a closed LAN or at home.
    Start talking to other people in your area that are experts.

    Mr.G
     
    Mr.G, Sep 13, 2005
    #5
  6. John MacLean

    claudel Guest

    If you decide to "test the security" at your job, make sure
    that you get some sort of written permission from someone
    of proper authority before you do so.


    Claude
     
    claudel, Sep 13, 2005
    #6
  7. John MacLean

    Sheldon Guest

    John,

    First of all, congrats on passing your CISSP. One thing that I found after
    passing my CISSP exam is that now that all this studying and preparing is
    done, and passed the exam... can't stop now.

    There are so many resources that I've found useful since getting the cert.
    Lots of documents that were helpful before the exam such as the NIST 800
    series docs come in very helpful. I recently attended a Vulnerability
    Assessment course and two documents that were pointed out of great
    significance were the Open Source Systems Testing Methodology Manual
    (OSSTMM) and the Information Security Forum Standard (ISF). These two
    documents deal with VAs, but even so are a valuable read to the security
    professional. The ISO17799 is a good document, but rather costly. Websites
    of interest: The Reading room at SANS, SecurityDocs.com,
    searchsecurity.techtarget.com, the Cisco Learning Connection (CPE credits!),
    and another that I kinda like is firewall.cx. That's off the top of my head.

    I find myself watching quite a few webcasts lately. Frequently I'll attend
    SANS and SearchSecurity webcasts. The beauty about these are that they
    contain good material, you can get live feedback, and they're worth 1CPE per
    hour of webcast.

    Don't stress. There are piles of free resources out there to keep your skill
    set up to date, it just depends on you how far you want to go.

    Sheldon Handcock, CISSPĀ®
     
    Sheldon, Oct 15, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.