Saturday, November 16, 2013

Final Post

So, last post; time for a look back.  Over the last twelve weeks, I've posted on a wide variety of Infosec related current events from a pretty wide variety of sources.  I have to say that I've mostly regurgitated other peoples articles, but usually interesting ones with some relevance to the course.

In the Social Engineering course I took, the instructor had us post to a weekly journal that only the individual student and the instructor could access.  I feel like this relative privacy enable me to be more open about how the course was going and any issues I was having.  On the other hand, using this blog format allows for cross feeding news, ideas, and view points across the entire class, so there are advantages to both approaches.

Good luck and Good night -- to all of us.

Mark V2

Posted by at No comments:

Sunday, November 10, 2013

I'd like to to share with you my own experience with the CISSP certification--for what its worth.
I'd been working in the IS business for about 10yrs when the new DoD 8570-1 requirement came out in late '05.  I really didn't want to get the certification because I was afraid that I'd be tagged forever as an "IS" guy and there are other fields I'd like to work in.  However, I was working for Lockheed Martin at the time, and they insisted that I get the cert, due to the 8570 requirement.  I studied three different books for about 3 months.  The book I used the last few days before my test to quiz myself, (believe it or not) was the "CISSP for Dummies" book.  
The test took over 4 hours and was, by FAR, the hardest test I've ever taken.  I felt like I was taking the bar to be a lawyer.  There wasn't a single question that I felt like had a clear-cut easy answer.  Every answer seemed like it was both partially correct and partially incorrect.  Selecting the "best" answer was sometimes based on one word or clause.  
As you may know, ISC2 doesn't give you any feedback on how you did on the test, if you pass--they just tell you that you passed.  I have no idea if I made it by one point or 100.
Since I got the certification, the amount of respect I get when dealing with other IS professions does seem higher, but I was right about the "IS Tag"--I will probably never be able to get a job in the straight engineering or IT operations/sustainment fields unless I'm willing to take a BIG pay cut and start at a junior level.  I think having my CISSP probably added $12k to my annual salary when I left Lockheed and was hired by BAE, so financially it was definitely  worth it, but being an "IS professional" is not my dream career.
So there you go--one CISSP's experience.
v/r
Mark V2
Posted by at No comments:
Subscribe to: Comments (Atom)