Networking

Prep for CISSP and explore GIAC alternatives

TechRepublic members share links to their favorite CISSP prep resources and suggest another vendor-neutral option: the GIAC series. Check out their recommendations and get the details on the GIAC certs.


In a recent edition of "IT Certification Corner," guest columnist Molly Joss said that certifications are essential for all IT security staffers. Joss offered links to information about several security certification options, including the programs offered by the International Information Systems Security Certification Consortium, Inc. (ISC)2. The nonprofit organization offers two certification programs: the Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP).

TechRepublic members responded with recommended resources for preparing for the CISSP exam. Here's a rundown of their CISSP suggestions, as well as details about another vendor-neutral certification option.

More about the CISSP
In “CISSP tests more than systems security expertise,” TechRepublic columnist Erik Eckel presented an overview of the CISSP exam’s 10 IT security subjects, which (ISC)² refers to as test domains. He also shared a list of test domains encompassed by the 125 multiple-choice questions on the SSCP exam. TechRepublic’s subscription site, TechProGuild, offers a more in-depth look at the 10 test domains on the CISSP exam.

Resources from TechRepublic members
TechRepublic member vraptorz suggested that pros working toward their CISSP should sign up for the CISSP and SSCP Open Study Guides Announce List. Messages posted to the group advise cert seekers of new study guides, links, and other developments.

Certified CISSP MadMark prepared for his exam by using the list, along with “two years reading, proposing policy changes, configuring tech, security project management, a self-paced exam simulator, and a 3-day course from (ISC)2.” In a discussion on TechRepublic, he shared links to the simulator he used and recommended a book, Information Security Management Handbook, Vol. 4.

“Please avoid the ‘CISSP in 24 hours’ stuff,” MadMark advised. “It is crap, and there are enough 'paper-certs' out there already.”

Additional study materials
Members will find further tips and materials for study at CISSP.com, which was created by Andrew A. Afifi to promote the certification. For example, the site lists the following free books that may help cert seekers prepare for the exam:

The GIAC alternative
Joss’ article didn’t mention the vendor-neutral Global Information Assurance Certification (GIAC) series offered by The SANS (SysAdmin, Audit, Network, Security) Institute. However, TechRepublic members chimed in to remind others of its offerings. Hellbee said she believes GIAC is a more relevant option because she’s heard that the CISSP is dated. “The infosec guys I know feel more confident in the GIAC series, which are more technical, focused certs,” she said.

GIAC currently offers the following individual certificate programs:

Candidates for GIAC certification must complete a research paper and pass either one or two exams, depending on the certification track. Although candidates don't have to earn GIAC certifications in any particular order, the organization recommends that you master security fundamentals before moving on to more advanced topics.

GIAC certs: How do they compare?
Are you a GIAC-certified security professional or considering becoming one? How do you think GIAC compares to (ISC)2 and CompTIA? Post your comments to the discussion below.

 

In a recent edition of "IT Certification Corner," guest columnist Molly Joss said that certifications are essential for all IT security staffers. Joss offered links to information about several security certification options, including the programs offered by the International Information Systems Security Certification Consortium, Inc. (ISC)2. The nonprofit organization offers two certification programs: the Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP).

TechRepublic members responded with recommended resources for preparing for the CISSP exam. Here's a rundown of their CISSP suggestions, as well as details about another vendor-neutral certification option.

More about the CISSP
In “CISSP tests more than systems security expertise,” TechRepublic columnist Erik Eckel presented an overview of the CISSP exam’s 10 IT security subjects, which (ISC)² refers to as test domains. He also shared a list of test domains encompassed by the 125 multiple-choice questions on the SSCP exam. TechRepublic’s subscription site, TechProGuild, offers a more in-depth look at the 10 test domains on the CISSP exam.

Resources from TechRepublic members
TechRepublic member vraptorz suggested that pros working toward their CISSP should sign up for the CISSP and SSCP Open Study Guides Announce List. Messages posted to the group advise cert seekers of new study guides, links, and other developments.

Certified CISSP MadMark prepared for his exam by using the list, along with “two years reading, proposing policy changes, configuring tech, security project management, a self-paced exam simulator, and a 3-day course from (ISC)2.” In a discussion on TechRepublic, he shared links to the simulator he used and recommended a book, Information Security Management Handbook, Vol. 4.

“Please avoid the ‘CISSP in 24 hours’ stuff,” MadMark advised. “It is crap, and there are enough 'paper-certs' out there already.”

Additional study materials
Members will find further tips and materials for study at CISSP.com, which was created by Andrew A. Afifi to promote the certification. For example, the site lists the following free books that may help cert seekers prepare for the exam:

The GIAC alternative
Joss’ article didn’t mention the vendor-neutral Global Information Assurance Certification (GIAC) series offered by The SANS (SysAdmin, Audit, Network, Security) Institute. However, TechRepublic members chimed in to remind others of its offerings. Hellbee said she believes GIAC is a more relevant option because she’s heard that the CISSP is dated. “The infosec guys I know feel more confident in the GIAC series, which are more technical, focused certs,” she said.

GIAC currently offers the following individual certificate programs:

Candidates for GIAC certification must complete a research paper and pass either one or two exams, depending on the certification track. Although candidates don't have to earn GIAC certifications in any particular order, the organization recommends that you master security fundamentals before moving on to more advanced topics.

GIAC certs: How do they compare?
Are you a GIAC-certified security professional or considering becoming one? How do you think GIAC compares to (ISC)2 and CompTIA? Post your comments to the discussion below.

 

Editor's Picks

Free Newsletters, In your Inbox