If a favorable board review surfaces today, I will probably accept a position as a privacy/security officer for a local health care exchange. Can anyone speculate on the average learning time for Security+ and CISSP given moderate technological background? Kindly, -Steve King
How much privacy / information security experience do you currently have? This will play a role in how quickly you can complete the necessary study time for each exam (and pass). The CISSP, as you know, has experience requirements. As for the Sec+, I'd start there. There are several good study guides online and related books which are fine. If doing the CISSP, I'd recommend taking the SANS course which is taught by Eric Cole. Simply no one better.
ScubaSteve... None. I was very candid in my interview and the local organization believes I am a right fit who will "get up to speed" as needed. Does Security+ assume too much knowledge? Kindly, -Steve King
Security+ does not. You can and should start now. There was a nice overview called the "passport" which was very good. It is a little dated, but it is the best place to start. I've given mine away or I'd would have gladly sent you my copy. Half.com for Security+ Passport. Note: this is a starting point. You will probably need some other reference material. This book is dated, but covered the needed areas nicely --- at a high level. If you buy other books, do not get caught up in the details, just have a general understanding. Furthermore, I'd give this a go. Clement rocks and has good, free CISSP study guides as well. Lastly, I hope that you have a good team. You will need them. If you have to go at it alone, it isn't much fun.
I have not taken the CISSP but the Security+ was not too hard. I studies for about 4 days and passed it but I also had my MCSE, MCSA, MCP+Internet, Net+, etc. I would think with a limited background you will learn what you need to pass the test in 2-3 weeks. I used the Exam Cram book and it worked pretty well. Best of luck.
Good links and thanks for the info! I find out tomorrow about transition realities. Lots of studying...here I come. -Steve King
In terms of the CISSP - The best possible path to the cert is: 1. Get the required experience (check ISC2 because the experience requirement just went up and I forget what it is right now.) 2. There is a recommendation requirement from someone who is a CISSP in good standing or an executive of your firm responsible for security (note that at the time I went through it it couldn't be any person responsible for security, if you went this route it had to be an exec responsible for security in a field that's government regulated or a standing CISSP) Best to get yourself into local chapters of organizations where you can meet a few CISSPs and mingle. 3. Pick up a copy of the CISSP CBK and read it while taking notes. Set a goal of 5-10 pages at a time. Review your notes every time you get to the end of a section and cull them appropriately for the high level review prior to the exam. (The CISSP exam is 10 miles wide and an inch deep. The CBK can get about three inches deep) 4. If you have the cash, take a bootcamp just prior to the exam. I recommend a gent by the name of Clement DuPuis. He used to do work for Vigilar but is prominent in the CISSP and security training and consulting markets. The purpose of this is to get some experience taking questions similar to the exam and getting some focus on what is guaranteed to be on the exam in terms of types of material. 5. Take the exam. You'll pass. Most people fail due to lack of preparation. 6. Now for the hard part, 120 CPE credits over three years. The CISSP, like some other credentials is a lifelong cert that (should you decide to keep it) forces you to keep current. I've found this harder than actually taking the exam and doing the networking due to holding down a full time job and full time school schedule. Thankfully most of my schooling counts towards the reqs, or I'd be all done. That stated, if you want to get past the requirement in point 2 at some point, hit me up with a PM and maybe we trade linked in profiles and chat up a bit. I won't vouch for anyone that asks but if it's easier to help someone by developing some online familiarity and I can independently validate that someone's not being disreputable, I'd be happy to push the process along. Good Luck. Best, Al
ITJD et al... I appreciate the links. Today I find out how this company wants to work the transition from my present job. I am excited to join this field since it looks like it's pretty wide open. Kindly, -Steve King
Pretty good information, but let him pass the Sec+ first. He doesn't have any Infosec experience yet. : )
Noted. I spoke to what I knew based on the CISSP name drop. : ) At the end of the day, if he gets the gig he's going to likely drop two years of experience based on having an undergrad degree and three years of related experience on the ten domains isn't going to be hard to get once you start getting on the fringes of those domains. By the time he's ready to sit the exam there will be one and I've seen a lot of people turn questionable security duties (hall monitor anyone?) into physical security domain experience. Of course I'm being a little facetious, but not much.
I got the JOB... To everyone: I got the gig and start in June [As an aside, it was rather confirming that they were more than willing to allow me to finish the school year without breaking my contract.]. The position is in a local health care network doing privacy officer work. There is a plethora of information available that I will be perusing to see what is the most logical way to augment my experience. For example, just looking over the waiver information for the CISSP credentialling process opened avenues I did not even know existed. As in a "Certified Computer Security Incident Handler" which waives one year of the experience requirement. With that in mind, I will have to see if it makes more sense to pursue RHIA first (seemingly) and then supplement with more security specific studies. To more firmly augument my IT base as I am surveying the HIM components more critically, I think I would like to get on the bandwagon with various CompTia certs (including Sec+) and then broaden to those aforementioned. -Steven King BA, MBA, MEd
