CISSP vs Security+

[HungryHouse]

I would love to get your thoughts on this guys. I am a network engineer of the last 8 years, and have certs in Cisco, Nortel, Adtran, etc. I am going for both of the above certs based on my new role/focus as our company is focusing on security products, and so I can be a more valuable resource to our customers in a consultative role. I hope to have both by Feb 2009. Which should I go for first?
I was considering going to courses however, from most of the blogs I have been reading and examining the course objectives, it seems that the ROI for courses arent there and books appears sufficient? I do see some video and elearning coursework that look good, and I do rather enjoy a week or two of "dedicated" learning, because, as many of you can relate, with commute times, family at night and work demands, tough to get that dedicated time otherwise! I have experience in firewalls, vpn, some IPS/IPDs and network security in general. I would like to know your opininons, on which one first, and methods of study? I appreciate it in advance.

 

[SimonDavies]

TBH the CISSP and Security+ are leagues apart, the Security+ is something any spotty teenager in a book can pass where as the CISSP is something that you have to work very hard towards and isn't something you're guaranteed to get. It's not just a case of passing an exam for the CISSP either, you need to demonstratively prove your previous number of years experience.

Comparing the CISSP and Sec+ is like comparing... I don't know.. Oranges and Apples... they are both fruit but completely different.

I would really suggest looking into the requirements of the CISSP and think if you could pass their requirements (as it stands.. I couldn't and I have been doing Security style work for a number of years in the area of Network and Server security).

Sorry to be so harsh... but really it's like a high school diploma and PHD being equated to the same level of education.

SimonD.

The real world is not about exam scores, it's about ability.

 

[CiscoGuy33]

HungryHouse,

SimonD hit it on the head with "Sorry to be so harsh... but really it's like a high school diploma and PHD being equated to the same level of education."

Security + you can get by buying a book and taking an exam for $200 and passing it ..... read up on CISSP - "The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers."

https://www.isc2.org/cgi-bin/content.cgi?category=97

Security + would be your first step to get your feet wet on a long journey to CISSP.

I had a student with 15 years experience in security and it took her 3 trys and about 2 years of classes and bootcamps to pass CISSP (on top of her 15 years) - she said it was the hardest she had EVER worked and she had her PHD.

You said you have a background in Cisco - why not go CCSP and CCIE Security?

Good luck!

E.A. Broda
CCNA, CCDA, CCAI, Network +

 

[HungryHouse]

Oddly, I had a security consultant who is an Ethical Hacker and gives seminars tell me to go CISSP first and them Security + then Ehtical Hacking if I wanted to stay in it that far. I did not realize that the Security+ and CISSP were that far apart. Regarding additional Cisco certs, I no longer am on the Cisco team at our company having focused now on other product lines, and tough to get a vendor specific cert when I won't be using it. We do have 2 other CISSPs at our company, one with slightly more experience than me, one with significantly less.
I appreciate the feedback guys. I will take it into consideration greatly.
Thanks very much.

 

[SimonDavies]

I will tell you how difficult the Sec+ is, from signing in at the test center to signing out after test completion was 20 minutes, that's 100 questions with a max score of 900. I passed with a score of 868 I think it was.. in 20 minutes.

It really is entry level.

SimonD.

The real world is not about exam scores, it's about ability.

 

[HungryHouse]

Do any of you see value in the SSCP cert? How would this compare with Security+, and as a prelim towards CISSP?

Thanks for you insights.

-HH

 

[SimonDavies]

To be honest I haven't seen that over here in the UK, sure it's still part of ISC2 but it's not something I have seen too much. As it stands tho I believe it would definitely be a better cert for you as it does cover some of the same CBK's that you will need for the CISSP.

SimonD.

The real world is not about exam scores, it's about ability.