Entry-level certs prior to CISSP

Entry-level certs prior to CISSP

I am very interested in pursuing a career in the area of information security. I have been working for several years in the field of quality management systems and manufacturing. I joined an information service provider two years back doing qualiy system work and was exposed to information security management systems, after which my interest in the field of security grew. I am wondering where should I go from here. Should I try to get myself certified as a CISSP? Can I be an information security professional without having any experience with any platforms? Or should I find a job (e.g. networking, system admin, development) to gain experience, then specialize? I tried looking for a job in both security or networking, however the job situation here (Singapore)is such that employers no longer want to take in people without experience (due to the supply being more than demand). I would really appreciate your advice.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Indeed, a CISSP may make sense at some point or another, but I'd urge you to start more gently and treat the CISSP as a second or third rung in a ladder of related certifications. If you're not too comfortable with the subject matter, start out with the network and Internet security exams at BrainBench.com. After that, you'll want to tackle a good, solid entry-level security certification, such as:

  • TruSecure ICSA
  • SANS GIAC GSEC
  • CompTIA Security+ (Note: Security+ won't be publicly available until late 2002 or early 2003.)

    Once you get these under your belt, you should be able to tackle the materials for the CISSP at your leisure. The Shon Harris book, CISSP All-in-One Study Guide and the forthcoming Pearson CISSP Training Guide (due early in 2003) should be excellent prep guides for this topic.

    For more information on this topic, visit these other SearchSecurity.com resources:
    Career & Certification Tip: Revisiting the vendor-neutral security certification landscape -- again!
    Webcast Archive: Careers, Certifications & Training
    Best Web Links: Infosec Training, Careers & Events


    This was first published in August 2002