Ask the Expert

The ten areas of the CISSP Common Body of Knowledge

My question concerns the ten areas of the CISSP Common Body of Knowledge. I have my CISSP and CCNA certificates, but my actual "hands-on" security experience comes mostly from 8-9 years of performing systems and network administration in very small, heterogeneous NT and Unix environments.

Is there any information available that will provide significant detail as to what the duties and responsibilities would be in any one of the ten areas of the CISSP? I'm trying to figure out what area of security would be of the greatest interest to me, as well as whether I have the right aptitude for that particular area.

I'm leaning toward intrusion detection and definitely want to direct my time, expenses and efforts toward the SANS certifications that would be the most appropriate for me.

    Requires Free Membership to View

The parent organization for the CISSP, the ISC-squared, is pretty quiet on the subject of how job duties and responsibilies map to each of the 10 areas in the CBK. Since you already have a CISSP, forgive me for observing that point should be nearly moot, except obviously that you're trying to figure out how to put your knowledge to work in the workplace. But having obtained the CISSP, you have been able to convince them that you had at least three years of relevant work experience, as well as passing the test. I might therefore ask you to revisit your application and see how you made the case to qualify to meet the on-the-job experience requirement.

That said, it's probably best to let your technical interests guide further work and training. If IDS are what excite you, you are correct in observing that SANS offers training and certification on that subject (as do numerous vendors, including ISS, Computer Associates, Network Associates and many others).

I'm sorry I can't point you to specific lists of job duties or aptitude tests or self-assessments to help you figure where to specialize. My advice is to continue to read widely in the field, and to concentrate in those areas where your interest and enthusiasm are highest. With a 13-to-1 ratio of jobs to qualified candidates, the security field is one where you can try out various roles before settling into the one you like best.

For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Security Training
Career Tip: Security Certification: CISSP
Chat Transcript: Security certifications: What they are, and why you need them

This was first published in February 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: