My question concerns the ten areas of the CISSP Common Body of Knowledge. I have my CISSP and CCNA certificates,...
but my actual "hands-on" security experience comes mostly from 8-9 years of performing systems and network administration in very small, heterogeneous NT and Unix environments.
Is there any information available that will provide significant detail as to what the duties and responsibilities would be in any one of the ten areas of the CISSP? I'm trying to figure out what area of security would be of the greatest interest to me, as well as whether I have the right aptitude for that particular area.
I'm leaning toward intrusion detection and definitely want to direct my time, expenses and efforts toward the SANS certifications that would be the most appropriate for me.
The parent organization for the CISSP, (ISC)2, is pretty quiet on the subject of how job duties and responsibilities map to each of the 10 areas in the CBK. Since you already have a CISSP, forgive me for observing that point should be nearly moot, except obviously that you're trying to figure out how to put your knowledge to work in the workplace. But having obtained the CISSP, you have been able to convince them that you had at least three years of relevant work experience, as well as passing the test. I might therefore ask you to revisit your application and see how you made the case to qualify to meet the on-the-job experience requirement.
SearchSecurity CISSP Security Essentials School
Visit our CISSP exam training course featuring nearly 10 hours of free video instruction, plus articles explaining each domain in the CBK.
That said, it's probably best to let your technical interests guide further work and training. If IDS are what excite you, you are correct in observing that SANS offers training and certification on that subject (as do numerous vendors, including ISS, Computer Associates, Network Associates and many others).
I'm sorry I can't point you to specific lists of job duties or aptitude tests or self-assessments to help you figure where to specialize. My advice is to continue to read widely in the field, and to concentrate in those areas where your interest and enthusiasm are highest. With a 13-to-1 ratio of jobs to qualified candidates, the security field is one where you can try out various roles before settling into the one you like best.
Ask the Expert!
Do you have a question for one of our security experts? Email your questions today! (All questions are anonymous)
Dig Deeper on Security Industry Certifications
Related Q&A from Ed Tittel
A network engineer job description will vary. Primarily, it depends on whether the job focuses on engineering a new network or on running a network ...continue reading
System administrator responsibilities are, fundamentally, about the care and feeding of systems but cover a broad range of possibilities when looking...continue reading
Get the inside scoop on a network manager's job description, workload and responsibilities which keep an organization's network infrastructure ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.