Security Certification

zyonuf79

Gawd
Joined
May 30, 2006
Messages
870
I did a bit of searching here on the forum but could not find any good information. My employer has recently put a policy in place where they are going to pay for a certification test and give us a bonus for passing the exam. Three conditions:

1. Pass the test or we do not get reimbursed for the cost and of course no bonus

2. We need to take the test by Jan 1, 2008....giving me just about 2.5 months to study and pass the test.

3. They are not paying for study material


So, for those who have certification, what did you use to prepare for the exam. Did you just go get a book at the bookstore and self study, did you buy a package online, did you pay a ton of money for a bootcamp?

Thanks for the information!
 
I did a bit of searching here on the forum but could not find any good information. My employer has recently put a policy in place where they are going to pay for a certification test and give us a bonus for passing the exam. Three conditions:

1. Pass the test or we do not get reimbursed for the cost and of course no bonus

2. We need to take the test by Jan 1, 2008....giving me just about 2.5 months to study and pass the test.

3. They are not paying for study material


So, for those who have certification, what did you use to prepare for the exam. Did you just go get a book at the bookstore and self study, did you buy a package online, did you pay a ton of money for a bootcamp?

Thanks for the information!

Let me get this straight.....

You have to pay for the cost of the course up front? Thats complete horse shit man. When you say they are not paying for study materials, do you mean like practice test or do you mean like books/classes/hardware/etc? Again, that's horse shit if they expect you to front that kind of money.

Are you required to get this cert to keep your job? If so, and they don't want to pay for it... Idd say book man. That place sounds like a garbage place to work.:rolleyes:

Now, on to the positives:

2.5 months to take which cert? security+? CISSP? If you 2.5 months for the security plus, you will be fine... its a cakewalk. The CISSP can be done in 2.5 months but you definitely wont retain anything that you learned:p

You can pick up any security+ book and they generally cover everything that you will need for the test. I had a co-woker that did the CISSP in 2 weeks with help from a bootcamp so you can also think about going that route.
Some good practice for the security+ would be ensuring that you have a solid foundation in networking(obviously) so you may want to check out some network+ books and CCNP books.
 
I am not required to get the certification to keep my job....it is completely voluntary. They are only paying for the test and they are giving us a bouns for passing the test.

I can choose any cert that I want from a list which includes Network+, Security+, CCNP and other firewall specific certifications.. I know I cannot get all of them in 2.5 months so I was considering taking the Network+ and the Security+.

I would take more but I can't afford any bootcamps.
 
ok, then this is just for lower level certs like Security or Network +

I would say get a GIAC or CISSP, cert, but the materials cost would be too high.
 
For study materials, the CBT Nugget videos are very good.

I have used them successfully for MCSE+M, Linux+, CCA and VCP. I also watched the Certified Ethical Hacker series(although I will never take that test).

The vids are a tad pricey, but you could possibly convince your cheap-a$$ company to get them for all you.
 
I would try for CISSP but I don't meet the experience requirement quite yet.

You could be what's called a CISSP Associate, which means you've done everything including pass the exam, but you don't yet meet the experience requirements. However, a downside is I believe the exam costs $500 to take and it's definitely one of the more difficult exams to take. It's going to be very hard if you don't already have a good understanding of security concepts.
 
You could be what's called a CISSP Associate, which means you've done everything including pass the exam, but you don't yet meet the experience requirements. However, a downside is I believe the exam costs $500 to take and it's definitely one of the more difficult exams to take. It's going to be very hard if you don't already have a good understanding of security concepts.

Actually, the designation is Associate of (ISC)².
 
Shon Harris called it becoming a "CISSP Associate." I hope she's right because it looks a lot better on a resume than Associate of (ISC)².


https://www.isc2.org/cgi-bin/content.cgi?category=96


Associate of (ISC)² status is available to those who have gained competence in key areas of industry knowledge and information security concepts and can pass either the CISSP® or SSCP® examinations, but lack the years of practical work experience required for full accreditation. Associates of (ISC)² must also subscribe to the (ISC)² Code of Ethics and maintain their status in good standing with (ISC)².
 
https://www.isc2.org/cgi-bin/content.cgi?category=96


Associate of (ISC)² status is available to those who have gained competence in key areas of industry knowledge and information security concepts and can pass either the CISSP® or SSCP® examinations, but lack the years of practical work experience required for full accreditation. Associates of (ISC)² must also subscribe to the (ISC)² Code of Ethics and maintain their status in good standing with (ISC)².

You're probably right... Since it's for the CISSP or SSCP, if you've passed the CISSP exam you could probably say "CISSP Associate of (ISC)²" to be more accurate.
 
You're probably right... Since it's for the CISSP or SSCP, if you've passed the CISSP exam you could probably say "CISSP Associate of (ISC)²" to be more accurate.


https://www.isc2.org/cgi-bin/content.cgi?page=824

An (ISC)² Associate is NOT a CISSP or SSCP, and may not use this designation or represent that he/she has this designation until such time at the required experience is obtained and the certificate is actually issued.
 
https://www.isc2.org/cgi-bin/content.cgi?page=824

An (ISC)² Associate is NOT a CISSP or SSCP, and may not use this designation or represent that he/she has this designation until such time at the required experience is obtained and the certificate is actually issued.

I can understand that, but I'm not how strict they are on it. I know you can't say your a CISSP when you're an associate, but saying you're an CISSP Associate of (ISC)² seems very reasonable. I just emailed them about it and will report back what they tell me...
 
I am not required to get the certification to keep my job....it is completely voluntary. They are only paying for the test and they are giving us a bouns for passing the test.

I can choose any cert that I want from a list which includes Network+, Security+, CCNP and other firewall specific certifications.. I know I cannot get all of them in 2.5 months so I was considering taking the Network+ and the Security+.

I would take more but I can't afford any bootcamps.


lol, get them to pay for CCNP... then find a job making 2x as much...


unless you have to have that done by january, how can they even make such a dumb offer
 
Here is the response I got back to my question about what you can put on your resume if you aren't a full CISSP.

"In regards to your e-mail below if you pass the Associate Examination you would then just use the title on your resume as the following:

Associate of CISSP

You are unable to use the CISSP on your resume until you are a
Certified CISSP."
 
You have to say you are a "Associate of (ISC)²". They threaten to yank your Associate status and the possibility of becoming a CISSP if you imply that you're in any way a class of CISSP. However, you are entitled to place a bullet point under "Associate of (ISC)²" on your resume that states "Passed the CISSP exam on Jan 1, 2007. Currently two months short of 48-month professional experience requirement." or something that affect.

I had the conversation with ISC as well, and this was perfectly acceptable to them. I got a job with Cisco and had that on my resume, and no one made a big deal about it. It can also strike up conversation about the certification and what you've done in the past related to it.
 
You have to say you are a "Associate of (ISC)²". They threaten to yank your Associate status and the possibility of becoming a CISSP if you imply that you're in any way a class of CISSP. However, you are entitled to place a bullet point under "Associate of (ISC)²" on your resume that states "Passed the CISSP exam on Jan 1, 2007. Currently two months short of 48-month professional experience requirement." or something that affect.

I had the conversation with ISC as well, and this was perfectly acceptable to them. I got a job with Cisco and had that on my resume, and no one made a big deal about it. It can also strike up conversation about the certification and what you've done in the past related to it.

I don't see how they could be so strict on it when they apparently tell people 2 different things, but what you said makes sense and seems fair. I'll take your advice... Thanks for your input!
 
Browsing through their site here I see references to "Associate of (ISC)²", "(ISC)² Associate", and "(ISC)² Associate for CISSP". I get the impression that they don't really know what to call it.

When I was an Associate, it was very clearly communicated to me that "Associate of (ISC)²" was the designation.

Going back through all the official communications I've received from them, I don't see anything alluding to a name change.

It might not hurt to email the person back with the links given on these posts and ask them to clarify. If they still come back with "Associate of CISSP", I'd use it and save the email - then push back on them to both update their website, and let the people who are paying maintenance fees to them know about the change :).
 
Back
Top