My question concerns the ten areas of the CISSP Common Body of Knowledge. I have my CISSP and CCNA certificates,...
but my actual "hands-on" security experience comes mostly from 8-9 years of performing systems and network administration in very small, heterogeneous NT and Unix environments.
Is there any information available that will provide significant detail as to what the duties and responsibilities would be in any one of the ten areas of the CISSP? I'm trying to figure out what area of security would be of the greatest interest to me, as well as whether I have the right aptitude for that particular area.
I'm leaning toward intrusion detection and definitely want to direct my time, expenses and efforts toward the SANS certifications that would be the most appropriate for me.
The parent organization for the CISSP, (ISC)2, is pretty quiet on the subject of how job duties and responsibilities map to each of the 10 areas in the CBK. Since you already have a CISSP, forgive me for observing that point should be nearly moot, except obviously that you're trying to figure out how to put your knowledge to work in the workplace. But having obtained the CISSP, you have been able to convince them that you had at least three years of relevant work experience, as well as passing the test. I might therefore ask you to revisit your application and see how you made the case to qualify to meet the on-the-job experience requirement.
SearchSecurity CISSP Security Essentials School
Visit our CISSP exam training course featuring nearly 10 hours of free video instruction, plus articles explaining each domain in the CBK.
That said, it's probably best to let your technical interests guide further work and training. If IDS are what excite you, you are correct in observing that SANS offers training and certification on that subject (as do numerous vendors, including ISS, Computer Associates, Network Associates and many others).
I'm sorry I can't point you to specific lists of job duties or aptitude tests or self-assessments to help you figure where to specialize. My advice is to continue to read widely in the field, and to concentrate in those areas where your interest and enthusiasm are highest. With a 13-to-1 ratio of jobs to qualified candidates, the security field is one where you can try out various roles before settling into the one you like best.
Ask the Expert!
Do you have a question for one of our security experts? Email your questions today! (All questions are anonymous)
Dig Deeper on CISSP certification
Related Q&A from Ed Tittel
Microsoft offers different tools to assign Windows 10 PCs to servicing channels. Learn how to assign desktops to servicing channels using a ... Continue Reading
When Windows Update malfunctions, IT must follow this four-step process to fix the problems. Be sure to have admin privileges before getting started. Continue Reading
Without the latest Windows Defender updates, your users' desktops won't be completely protected. When update problems occur, there are several ... Continue Reading