Problem solve Get help with specific problems with your technologies, process and projects.

The ten areas of the CISSP Common Body of Knowledge

My question concerns the ten areas of the CISSP Common Body of Knowledge. I have my CISSP and CCNA certificates,...

but my actual "hands-on" security experience comes mostly from 8-9 years of performing systems and network administration in very small, heterogeneous NT and Unix environments.

Is there any information available that will provide significant detail as to what the duties and responsibilities would be in any one of the ten areas of the CISSP? I'm trying to figure out what area of security would be of the greatest interest to me, as well as whether I have the right aptitude for that particular area.

I'm leaning toward intrusion detection and definitely want to direct my time, expenses and efforts toward the SANS certifications that would be the most appropriate for me.

The parent organization for the CISSP, (ISC)2, is pretty quiet on the subject of how job duties and responsibilities map to each of the 10 areas in the CBK. Since you already have a CISSP, forgive me for observing that point should be nearly moot, except obviously that you're trying to figure out how to put your knowledge to work in the workplace. But having obtained the CISSP, you have been able to convince them that you had at least three years of relevant work experience, as well as passing the test. I might therefore ask you to revisit your application and see how you made the case to qualify to meet the on-the-job experience requirement.

SearchSecurity CISSP Security Essentials School

Visit our CISSP exam training course featuring nearly 10 hours of free video instruction, plus articles explaining each domain in the CBK.

That said, it's probably best to let your technical interests guide further work and training. If IDS are what excite you, you are correct in observing that SANS offers training and certification on that subject (as do numerous vendors, including ISS, Computer Associates, Network Associates and many others).

I'm sorry I can't point you to specific lists of job duties or aptitude tests or self-assessments to help you figure where to specialize. My advice is to continue to read widely in the field, and to concentrate in those areas where your interest and enthusiasm are highest. With a 13-to-1 ratio of jobs to qualified candidates, the security field is one where you can try out various roles before settling into the one you like best.

Ask the Expert!
Do you have a question for one of our security experts? Email your questions today! (All questions are anonymous)

This was last published in February 2002

Dig Deeper on CISSP certification