• Last Updated:
  • Jan 17th, 2019 11:01 am
Tags:
[OP]
Deal Expert
User avatar
Jun 15, 2011
39499 posts
5839 upvotes
King City

Cyber Security

Any members here in the field? Or working in a SOC? CISSP, CISM, CISA, or Comptia Security +?

I am looking to get more information. :)
The One and Only and Proud to be an Indian.
If I helped in any way, click that cool little "Thanks" button.
____________________________________
Incident Response|Malware Analyzer
8 replies
[OP]
Deal Expert
User avatar
Jun 15, 2011
39499 posts
5839 upvotes
King City
Bump. Anyone?
The One and Only and Proud to be an Indian.
If I helped in any way, click that cool little "Thanks" button.
____________________________________
Incident Response|Malware Analyzer
Member
Dec 31, 2007
401 posts
103 upvotes
i did the CISSP and was lucky to pass on the first try. many of my colleagues tried multiple attempts.

cissp is quite tough. one of the toughest i did. it's called a mile wide and an inch deep cause it covers so many topics, everything from networks, security, governance, legal, physical, applications, storage and everything else you can think of. it went from 10 domains of knowledge to 8, but it was more of a shuffle. all the topics are still there, just shuffled around.

it's doable but not for the faint of heart and you should have a strong background in a number of IT fields before you attempt. it makes it easier as you can focus on your weak points. the old exam was like 6 hrs and 250 questions. you could go forward and backwards during the exam to correct any questions you were iffy about on the first pass. this exam was extremely tough. i think they are now using a adaptive exam. no idea on how hard it is now, but i'm certain it is just as tough as the non adaptive.

the shon harris book is good, but now dated. there are more recent books that are reflective of the newer topics. every book i read was over 700 to 1100 pages. you pretty much have to know or remember most of it, since you don't know what's going to be on the exam. there are a lot of sample questions out there and they were not even close to what was on the exams. it does teaches you on how to answer, so that's key. do as many questions as you can. rinse and repeat and repeat again.

i studied on and off for 2 years, but when i finally committed to it, i studied hard for 6 months and downloaded everything i could get my hands on. in the end, i read 3 large books and got test exams from many sources. not one of the test questions were even close to what i saw on the exam. the exam was really tough and i had to answer the question with everything i remembered and my years of experience. the questions are also a bit of a language test. some questions are worded in a way that you instinctively think the answer is obvious, but if you read the question really carefully, you will realize the answer is the more ambiguous answer. so it took me the 5 hours with 50 minutes to review every 250 questions, with me changing several questions on further reflection. nerve wracking.

the CISSP has more street/industry credibility than Security+. CompTIA exams are considered entry level IMHO. I have no experience with CISA or CISM, but expect those to be tough as those are not entry level exams either.

good luck if you decided to do the CISSP.
[OP]
Deal Expert
User avatar
Jun 15, 2011
39499 posts
5839 upvotes
King City
luking wrote:
Jan 9th, 2019 2:18 pm
PM me
Done :)
gladiator1942 wrote:
Jan 9th, 2019 3:07 pm
i did the CISSP and was lucky to pass on the first try. many of my colleagues tried multiple attempts.

cissp is quite tough. one of the toughest i did. it's called a mile wide and an inch deep cause it covers so many topics, everything from networks, security, governance, legal, physical, applications, storage and everything else you can think of. it went from 10 domains of knowledge to 8, but it was more of a shuffle. all the topics are still there, just shuffled around.

it's doable but not for the faint of heart and you should have a strong background in a number of IT fields before you attempt. it makes it easier as you can focus on your weak points. the old exam was like 6 hrs and 250 questions. you could go forward and backwards during the exam to correct any questions you were iffy about on the first pass. this exam was extremely tough. i think they are now using a adaptive exam. no idea on how hard it is now, but i'm certain it is just as tough as the non adaptive.

the shon harris book is good, but now dated. there are more recent books that are reflective of the newer topics. every book i read was over 700 to 1100 pages. you pretty much have to know or remember most of it, since you don't know what's going to be on the exam. there are a lot of sample questions out there and they were not even close to what was on the exams. it does teaches you on how to answer, so that's key. do as many questions as you can. rinse and repeat and repeat again.

i studied on and off for 2 years, but when i finally committed to it, i studied hard for 6 months and downloaded everything i could get my hands on. in the end, i read 3 large books and got test exams from many sources. not one of the test questions were even close to what i saw on the exam. the exam was really tough and i had to answer the question with everything i remembered and my years of experience. the questions are also a bit of a language test. some questions are worded in a way that you instinctively think the answer is obvious, but if you read the question really carefully, you will realize the answer is the more ambiguous answer. so it took me the 5 hours with 50 minutes to review every 250 questions, with me changing several questions on further reflection. nerve wracking.

the CISSP has more street/industry credibility than Security+. CompTIA exams are considered entry level IMHO. I have no experience with CISA or CISM, but expect those to be tough as those are not entry level exams either.

good luck if you decided to do the CISSP.
Thank you for this post :). I am currently enrolled in York U's Certificate in Cyber Security program to help prep students to take the CISSP after completion. There are 2 certificates - introductory and advanced and I've registered for both. The introductory certificate is almost over - middle of Feb. That being said I have learned a lot in these courses so far and its very interesting. The whole field of Cyber Security. I do plan on writing the CISSP sometime in August or September while my memory is still fresh haha.

As for the CompTIa Security +, I was thinking of writing it by March, to at least hopefully get into an entry level position with little to no IT experience. However having a CPA, I may eventually enter the IT Risk, Governance and Compliance sector.

May I ask if you're currently in a Cyber security role at an organization?
The One and Only and Proud to be an Indian.
If I helped in any way, click that cool little "Thanks" button.
____________________________________
Incident Response|Malware Analyzer
Member
Dec 31, 2007
401 posts
103 upvotes
djemzine wrote:
Jan 9th, 2019 10:22 pm
Done :)



Thank you for this post :). I am currently enrolled in York U's Certificate in Cyber Security program to help prep students to take the CISSP after completion. There are 2 certificates - introductory and advanced and I've registered for both. The introductory certificate is almost over - middle of Feb. That being said I have learned a lot in these courses so far and its very interesting. The whole field of Cyber Security. I do plan on writing the CISSP sometime in August or September while my memory is still fresh haha.

As for the CompTIa Security +, I was thinking of writing it by March, to at least hopefully get into an entry level position with little to no IT experience. However having a CPA, I may eventually enter the IT Risk, Governance and Compliance sector.

May I ask if you're currently in a Cyber security role at an organization?
i'm a network specialist with expertise in routing, switching, firewalls, storage, server farms, load balancing, cloud, virtualization, voip and pretty much anything you can think of in an enterprise. in my roles, we bake in security in our designs and implementations. pretty much everything you do in IT has to have some sort of security component.

take the security+ cause it should be relatively easy compared to the cissp. it'll give you a taste and could open some doors. nothing will beat the CISSP or CISA or CISM certs, since these are geared for IT pros with years of experience and are highly respected in the IT field. people who have their CISSP knows how difficult it is and it's elite-ness. making a certification too easy dilutes the value and it loses peer respect.

imho, comptia exams are geared for entry level people. when i was a young padwan, i passed the a+, server+, network+ and internet plus+ and their were relativey easy since i already had the years of experience and did other certs like mcse and others that were significantly tougher.

i'm not aware of two CISSP certs . ISC2 has a number of certs under its portfolio. i think what you are saying is that there are two courses. if so take both, or at least take the advanced course if you already solid with the introductory. you're pretty much going to have to know the entire 8 domains and be able to think and answer the questions. know the material, but practice for the exam. just like how athletes do trial runs on the track before race day.

i've thought about going full into cyber security or cyber risk, but i'm comfortable with what i'm doing. if i have the opportunity to go into in full, i'd definitely consider it.
[OP]
Deal Expert
User avatar
Jun 15, 2011
39499 posts
5839 upvotes
King City
gladiator1942 wrote:
Jan 9th, 2019 11:16 pm
i'm a network specialist with expertise in routing, switching, firewalls, storage, server farms, load balancing, cloud, virtualization, voip and pretty much anything you can think of in an enterprise. in my roles, we bake in security in our designs and implementations. pretty much everything you do in IT has to have some sort of security component.

take the security+ cause it should be relatively easy compared to the cissp. it'll give you a taste and could open some doors. nothing will beat the CISSP or CISA or CISM certs, since these are geared for IT pros with years of experience and are highly respected in the IT field. people who have their CISSP knows how difficult it is and it's elite-ness. making a certification too easy dilutes the value and it loses peer respect.

imho, comptia exams are geared for entry level people. when i was a young padwan, i passed the a+, server+, network+ and internet plus+ and their were relativey easy since i already had the years of experience and did other certs like mcse and others that were significantly tougher.

i'm not aware of two CISSP certs . ISC2 has a number of certs under its portfolio. i think what you are saying is that there are two courses. if so take both, or at least take the advanced course if you already solid with the introductory. you're pretty much going to have to know the entire 8 domains and be able to think and answer the questions. know the material, but practice for the exam. just like how athletes do trial runs on the track before race day.

i've thought about going full into cyber security or cyber risk, but i'm comfortable with what i'm doing. if i have the opportunity to go into in full, i'd definitely consider it.
Thank you so much for your reply. It really does help, especially me having no technical experience at all. I do want to make the career change as this industry interests me more than the industry I am in. My classmates are all from various industries, and some including IT as well. I hope you don't mind if I reach out to you via DMs if I have any questions, etc.
The One and Only and Proud to be an Indian.
If I helped in any way, click that cool little "Thanks" button.
____________________________________
Incident Response|Malware Analyzer
Member
Dec 31, 2007
401 posts
103 upvotes
djemzine wrote:
Jan 10th, 2019 7:32 pm
Thank you so much for your reply. It really does help, especially me having no technical experience at all. I do want to make the career change as this industry interests me more than the industry I am in. My classmates are all from various industries, and some including IT as well. I hope you don't mind if I reach out to you via DMs if I have any questions, etc.
sure.
Jr. Member
Dec 25, 2006
108 posts
8 upvotes
I just recently got through my endorsement process and received the official CISSP certification about 2 weeks ago ( yes, it takes 2 full months for an endorsement process to be completed). I can pretty much vouch to all that said this exam is truly a beast. The amount of information is vast and the saying "a mile wide and an inch deep" is very accurate. To get me through the exam back in Oct of last year, which is now CAT based and no longer the 250 questions 6 hr exam, I used the Sybex 8th edition book and Eric Conrad's 11th hr for review just a few days before the actual exam. I also used the free videos available online from the highly popular trainer Kelly Handerhan at https://www.cybrary.it/. Her videos are top notch so be sure to check them out if you are studying for the exam.

If you are planning to take this test, do not take it lightly because it's $700 USD per attempt and you can only take it 3 times per calendar year. Stay focused throughout your studies and you should be fine.

If you want to get your feet wet in IT security certs then Comptia Security+ is the way to go. Security+ isn't so bad if you have the networking foundation down and have been working in IT. I actually got that first prior to the CISSP which somewhat helped but keep in mind that it's nothing compared to the CISSP in terms of the amount of information you need to know.

Top