Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«242 »
  • Post
  • Reply
Ahdinko
Oct 27, 2007

WHAT A LOVELY DAY


Woo, i passed ARCH 300-320 today, that was a tough exam but i finally have CCDP and CCNP R&S. Now to try and actually do my CCIE R&S. I sunk like 200 hours into it but at that point things seemed to be falling out of my brain as fast as they were going in

Adbot
ADBOT LOVES YOU

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Docjowles posted:

There's definitely routing protocol stuff on the ICND2, including OSPF. ICND1 seems like it shouldn't have it, unless you were talking about the combined exam.

https://learningnetwork.cisco.com/c...ifications/ccna

Yeah I meant CCNA there.

Matteyo
Jul 19, 2009


Ahdinko posted:

Woo, i passed ARCH 300-320 today, that was a tough exam but i finally have CCDP and CCNP R&S. Now to try and actually do my CCIE R&S. I sunk like 200 hours into it but at that point things seemed to be falling out of my brain as fast as they were going in

Congrats! I actually like that path the best - CCNA->CCNP->CCDA->CCDP then from there you should have an idea where you want to go, whether it be SEC or DC or to an IE track (assuming you aren't too fed up with Cisco technologies at that point).

IMO the CCDP is extremely underrated. I still talk to so many network engineers that don't understand that the logical core of the network is the portion of the environment that links the other portions together (distribution blocks, WAN, Inet Edge, etc.), versus "the core" being some big multi-layer switch like a N7K. Just because it is a big switch doesn't necessarily mean that it is your logical core of that environment. CCDP equips you well to start understanding the nuances of advanced network design and that is an underrated skill.

Good luck with CCIE studies. It is an aging but good curriculum, especially around BGP and OSPF which I believe will be extremely relevant for years to come. Don't rush the lab prep. My plan was too aggressive and I believe it took a material toll on my health (bad diet, low sleep, massive redbull). Also, if you do do a bootcamp, I would spend a huge amount of time preparing for the lab, and do the bootcamp about 1 - 1.5 months before you take the lab because it will expose your weaknesses and you probably will need more than a week or two to remedy them. Those are a couple things I wish someone would have told me before I started so hopefully they are useful.

guppy
Sep 21, 2004

sting like a byob

Is there a respected set of books for the MS Server 2016 exams? Amazon has the Sybex/Wiley one and the MS Press one, and reviews for both are poor.

Darchangel
Feb 12, 2009

Tell him about the blower!



Pulled the trigger and just started the Google IT Coursera stuff. Mainly because I'm bored and would like to have some sort of cert.
I'm already an IT guy, so the beginning is incredibly basic for me. So far today, I've finished the first week, and started on the second. Pretty sure I'll finish the second week, too. That's not to say that they're talking down or anything. They're just starting with the basics. It is and entry-level course after all. They're doing a pretty good job of explaining the basics without being condescending or patronizing.
I know it'll get more difficult for me later - I'm weak on networking and security. I expect to have to write some stuff down by then.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

I think we had some people in the Cisco Cybersecurity scholarship program for their new Cyber Ops cert. How did that turn out? My cohort starts in a few weeks and I'm wondering if I should bother with it.

Vadun
Mar 9, 2011

I'm hungrier than a green snake in a sugar cane field.


rafikki posted:

I think we had some people in the Cisco Cybersecurity scholarship program for their new Cyber Ops cert. How did that turn out? My cohort starts in a few weeks and I'm wondering if I should bother with it.

I have two co-workers who have gotten it, and it seems like a great test if you work or want to work in a SOC, or plan to work in malware analysis down the road.

Way better than CCNA Security

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal

Vadun posted:

I have two co-workers who have gotten it, and it seems like a great test if you work or want to work in a SOC, or plan to work in malware analysis down the road.

Way better than CCNA Security

I have to imagine a lot of poo poo is better and more applicable than CCNA security. You can pick up most security concepts and useful knowledge through a few months of hands-on experience than you can from the cert, which takes a few months to learn enough to pass.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

Yeah, I'm currently a security engineer. I mostly work on firewalls with forays into setting up things like SIEMs, IDS/IPS, etc. It's free, so I can't really think of a reason not to, mostly curious about other people's experience with it. Especially this scholarship program.

OSU_Matthew
Aug 23, 2010


Fan of Britches

rafikki posted:

Yeah, I'm currently a security engineer. I mostly work on firewalls with forays into setting up things like SIEMs, IDS/IPS, etc. It's free, so I can't really think of a reason not to, mostly curious about other people's experience with it. Especially this scholarship program.

I just looked into it and it looks like the scholarship program is closed now... Are you just looking at taking the test?

Would the cyber ops cert be a good pathway to the CISSP?

3D GAY WORLD
May 15, 2007


Darchangel posted:

Pulled the trigger and just started the Google IT Coursera stuff. Mainly because I'm bored and would like to have some sort of cert.
I'm already an IT guy, so the beginning is incredibly basic for me. So far today, I've finished the first week, and started on the second. Pretty sure I'll finish the second week, too. That's not to say that they're talking down or anything. They're just starting with the basics. It is and entry-level course after all. They're doing a pretty good job of explaining the basics without being condescending or patronizing.
I know it'll get more difficult for me later - I'm weak on networking and security. I expect to have to write some stuff down by then.

I posted here a few months ago about the Google IT Professional certification, back when I was part-way through it, and now that I'm done with it and looking for my first IT job I thought it might be helpful for others if I talked a bit about my thoughts on it. I haven't found any reviews from people who completed the program with the intent of using it to get a job (one guy reviewed it, but he was already an IT veteran and only completed it out of curiousity).

So overall, I really think the certificate is worthwhile for people looking to break into the IT field. The first and third courses are very basic and might not be very useful for you, but the 2nd and 4th-6th were pretty substantial and very well presented, I thought. The videos were largely informative and a lot of the analogies used to explain things like the OSI model helped me get a more practical understanding of the material.

My main issue regarding the way the program is structured relates to the grading of assignments and the way tests are administered. Assignments are peer-graded, which makes sense from an "avoid having to pay people to go over thousands of assignments" perspective, but means that feedback is usually sparse and not given by a professional.

Overall, if you're driven to learn for the sake of actually being able to use the knowledge in your work/life, you'll probably benefit quite a bit from the certification. If you have any specific questions about the material, let me know.

In terms of the certification's usefulness in my job search, my results are purely positive. I've applied for a number of positions, and although I didn't hear back from most, I've got a promising final interview with an IT contracting agency lined up. Everyone who's talked to me about my resume has mentioned that the certificate looked impressive in combination with some Python and Linux shell scripting classes I took.

No one's dismissed it as being too new, or not rigorous enough (though that's not to say that certain people wouldn't). If you're worried that people will see it and think "Me not trust new certification, me shred resume!!", it certainly doesn't seem like it's happened to me. I just included the name of each course along with the overall certification, so that they understand what it covered.

But here's the most exciting part for me.

You know how Google says that it will submit your resume to up to 50 companies, including Google, once you complete it? Well, Google certainly filled their end of that promise, because about 10 days after completing my last course, a Google recruiter reached out to me about whether I was interested in opportunities at Google. I said "Hell yes" (not literally), and after an informal chat with her, she scheduled a technical interview for their 26-month Internal Technology Residency Program (ITRP). It's a fixed-term job meant to jump-start your IT career by exposing you to a number of different roles within Google. A major selling point is that you're able to choose what team/area you want to work with/in for a portion of the program, so that you can figure out what you want to do and them get experience doing that.

It pays $70,000 a year if you go to the Mountain View HQ, or $60,000 (I think) if you do Ann Arbor. Apparently a substantial portion of people who get hired for the ITRP program end up working full-time for Google, although many also go work for other companies.

I'm a few weeks away from my first phone technical interview, and after that there are two Google Hangouts interviews before you find out if you're being hired, and I've never wanted anything so bad in my entire life. I'm spending literally every free second of my life studying for it and trying to prepare, so we'll see how it goes.

Basically, even if I hadn't learned anything from it (I did), and hadn't received interviews because of it (I did, at least partially because of it), it would be worth it for the fact that it basically let me slip past 99% of the 5 million applications Google gets per year (not exaggerating that number) and go directly to the interview process. Obviously it's still unlikely that you'll get the job, statistically speaking, but I'll tell you about it if I find out that spending every waking second of your life studying/practicing for it for three weeks is enough to get you the job.

So if you're interested in getting your application to Google (possibly) fast-tracked, and think the material the course covers would help you, I think you should do it, definitely.

3D GAY WORLD fucked around with this message at May 24, 2018 around 07:27

Schadenboner
Aug 15, 2011



3D GAY WORLD posted:

I posted here a few months ago about the Google IT Professional certification, back when I was part-way through it, and now that I'm done with it and looking for my first IT job I thought it might be helpful for others if I talked a bit about my thoughts on it. I haven't found any reviews from people who completed the program with the intent of using it to get a job (one guy reviewed it, but he was already an IT veteran and only completed it out of curiousity).

So overall, I really think the certificate is worthwhile for people looking to break into the IT field. The first and third courses are very basic and might not be very useful for you, but the 2nd and 4th-6th were pretty substantial and very well presented, I thought. The videos were largely informative and a lot of the analogies used to explain things like the OSI model helped me get a more practical understanding of the material.

My main regarding the way the program is structured relates to the grading of assignments and the way tests are administered. Assignments are peer-graded, which makes sense from an "avoid having to pay people to go over thousands of assignments" perspective, but means that feedback is usually sparse and not given by a professional.

Overall, if you're driven to learn for the sake of actually being able to use the knowledge in your work/life, you'll probably benefit quite a bit from the certification. If you have any specific questions about the material, let me know.

In terms of the certification's usefulness in my job search, my results are purely positive. I've applied for a number of positions, and although I didn't hear back from most, I've got a promising final interview with an IT contracting agency lined up. Everyone who's talked to me about my resume has mentioned that the certificate looked impressive in combination with some Python and Linux shell scripting classes I took.

No one's dismissed it as being too new, or not rigorous enough (though that's not to say that certain people wouldn't). If you're worried that people will see it and think "Me not trust new certification, me shred resume!!", it certainly doesn't seem like it's happened to me. I just included the name of each course along with the overall certification, so that they understand what it covered.

But here's the most exciting part for me.

You know how Google says that it will submit your resume to up to 50 companies, including Google, once you complete it? Well, Google certainly filled their end of that promise, because about 10 days after completing my last course, a Google recruiter reached out to me about whether I was interested in opportunities at Google. I said "Hell yes" (not literally), and after an informal chat with her, she scheduled a technical interview for their 26-month Internal Technology Residency Program (ITRP). It's a fixed-term job meant to jump-start your IT career by exposing you to a number of different roles within Google. A major selling point is that you're able to choose what team/area you want to work with/in for a portion of the program, so that you can figure out what you want to do and them get experience doing that.

It pays $70,000 a year if you go to the Mountain View HQ, or $60,000 (I think) if you do Ann Arbor. Apparently a substantial portion of people who get hired for the ITRP program end up working full-time for Google, although many also go work for other companies.

I'm a few weeks away from my first phone technical interview, and after that there are two Google Hangouts interviews before you find out if you're being hired, and I've never wanted anything so bad in my entire life. I'm spending literally every free second of my life studying for it and trying to prepare, so we'll see how it goes.

Basically, even if I hadn't learned anything from it (I did), and hadn't received interviews because of it (I did, at least partially because of it), it would be worth it for the fact that it basically let me slip past 99% of the 5 million applications Google gets per year (not exaggerating that number) and go directly to the interview process. Obviously it's still unlikely that you'll get the job, statistically speaking, but I'll tell you about it if I find out that spending every waking second of your life studying/practicing for it for three weeks is enough to get you the job.

So if you're interested in getting your application to Google (possibly) fast-tracked, and think the material the course covers would help you, I think you should do it, definitely.

Weíre starting to actually hire people to build out the Service Desk at my work and a lot of the guys have ...limited... prior experience. Iíll have to take a look at this and see if we could use anything from it to train off of.

3D GAY WORLD
May 15, 2007


Schadenboner posted:

We’re starting to actually hire people to build out the Service Desk at my work and a lot of the guys have ...limited... prior experience. I’ll have to take a look at this and see if we could use anything from it to train off of.

I can say that anyone who actually tries to learn will come away from it with a surprisingly deep understanding of networking, popular Sys Admin tools/software in Linux and Windows, some rudimentary Ruby programming ability and regular expressions, and a pretty broad overview of cybersecurity. The networking course is arguably the most difficult, and it's the second course (the first is trivial for most people, since it's making sure people know how computers work, and how to use them). It may not be intended as such, but it definitely seems like it would weed out people who weren't actually willing to put in some effort. It goes through a 5-layer OSI model on the packet level (IP Datagrams, encapsulation, flag fields, payloads, TCP vs UDP, SYN/ACK, etc.)

You could brute force your way through most of the tests, but I actually don't think that's as much of an issue in terms of the certificate's credibility as some would think, since I would assume that most employers would feel confident in their ability to quickly verify that candidates have basic knowledge in an interview. Plus, there are actual projects and lab assignments that, while not enormously difficult, aren't as easy to fool. I would like to imagine that no one would be dumb enough to devote their efforts to cheating through all six courses instead of actually trying to learn, but I'm sure a small subset of people will.

Charliegrs
Aug 10, 2009


Dumb question: My CCNA expires soon. If I get a CCNA Wireless Cert, will that renew my CCNA for another 3 years?

Vadun
Mar 9, 2011

I'm hungrier than a green snake in a sugar cane field.


Yes, as long as it's a full cert of the same level, and not just the first exam. The final exam of a cert path your eligible to take also works

guppy
Sep 21, 2004

sting like a byob

Vadun posted:

Yes, as long as it's a full cert of the same level, and not just the first exam. The final exam of a cert path your eligible to take also works

This reminds me, I'm not especially near expiration, but if I start working on my CCNP R/S, do I have to do all three tests (ROUTE, SWITCH, TSHOOT) within the three-year window to renew my CCNA, or just one? (This is a regular CCNA R/S, if that wasn't clear.)

Bigass Moth
Mar 6, 2004

I joined the #RXT REVOLUTION.

he knows...


Pretty sure one test on the CCNP level renews your CCNA.

guppy
Sep 21, 2004

sting like a byob

Okay cool that's what I thought, just wanted to make sure I wasn't misunderstanding the situation. Thanks.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

OSU_Matthew posted:

I just looked into it and it looks like the scholarship program is closed now... Are you just looking at taking the test?

Would the cyber ops cert be a good pathway to the CISSP?

I was accepted into the scholarship program nearly two years ago. They told me after I was accepted that I was randomly assigned to a cohort for summer 2018, so I promptly forgot about it until they sent me a reminder this week. I doubt there's a ton of overlap with the cissp, since that one is focused more on high level policy making type material. There will likely be some common material but I wouldn't necessarily look at it as a jumping point.

OSU_Matthew
Aug 23, 2010


Fan of Britches

rafikki posted:

I was accepted into the scholarship program nearly two years ago. They told me after I was accepted that I was randomly assigned to a cohort for summer 2018, so I promptly forgot about it until they sent me a reminder this week. I doubt there's a ton of overlap with the cissp, since that one is focused more on high level policy making type material. There will likely be some common material but I wouldn't necessarily look at it as a jumping point.

Ok, thanks! I'm trying to work towards getting in at a SOC, so I've been talking to a recruiter and several companies that are planning on opening positions in the next several months. I'm just trying to figure out how to best position myself to be the best candidate when they do open up that entry level analyst position.

From what I've been told, a CISSP isn't necessary to start, it's something they want you to get after coming on. It sounds like the cyber ops cert might be worthwhile to pursue in advance though?

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

A CISSP requires a minimum of 5 years experience in infosec, so it's definitely not something you should be looking at right away. I haven't actually done this new cert yet, so I can't say for sure, but from what the other guy said previously in the thread it sounds like this has a lot of good material for someone looking to work in a SOC.

Diva Cupcake
Aug 15, 2005



I'm not familiar with the new Cisco and CompTIA stuff but this is my comprehensive list of worthwhile sercurity certs with recognition. Some of them, their worth is entirely as a box checker for DoD and HR.

General
Sec+
CEH

Management/Risk Management
CISM
CISSP

Offense
OSCP
OSCE

Any GIAC - $$$
Some better than others.

Darchangel
Feb 12, 2009

Tell him about the blower!



3D GAY WORLD posted:

I can say that anyone who actually tries to learn will come away from it with a surprisingly deep understanding of networking, popular Sys Admin tools/software in Linux and Windows, some rudimentary Ruby programming ability and regular expressions, and a pretty broad overview of cybersecurity. The networking course is arguably the most difficult, and it's the second course (the first is trivial for most people, since it's making sure people know how computers work, and how to use them). It may not be intended as such, but it definitely seems like it would weed out people who weren't actually willing to put in some effort. It goes through a 5-layer OSI model on the packet level (IP Datagrams, encapsulation, flag fields, payloads, TCP vs UDP, SYN/ACK, etc.)

You could brute force your way through most of the tests, but I actually don't think that's as much of an issue in terms of the certificate's credibility as some would think, since I would assume that most employers would feel confident in their ability to quickly verify that candidates have basic knowledge in an interview. Plus, there are actual projects and lab assignments that, while not enormously difficult, aren't as easy to fool. I would like to imagine that no one would be dumb enough to devote their efforts to cheating through all six courses instead of actually trying to learn, but I'm sure a small subset of people will.

Thanks for all that. The stuff you highlight is exactly what I'm trying to strengthen. I've spent all of my IT career as a computer janitor/toucher, so I'm very weak on servers and networking aside from what I practically needed to know in deskside support.
As an aside, the course just updated, and they dropped one of the modules, the section on Automation, citing feedback that it wasn't necessary in an entry-level position. They gave me the option of switching to the new curriculum, or continuing with the old, including the Automation module. I want to learn about automation stuff, so I stuck with the original curriculum.

Just as an update, day 3, and I'm halfway through Week 3 of the course. Still in computer basics, so I expect it to get more difficult later.

OSU_Matthew
Aug 23, 2010


Fan of Britches

rafikki posted:

A CISSP requires a minimum of 5 years experience in infosec, so it's definitely not something you should be looking at right away. I haven't actually done this new cert yet, so I can't say for sure, but from what the other guy said previously in the thread it sounds like this has a lot of good material for someone looking to work in a SOC.

Right, but you can take the test and get the cert provisionally, and then they'll give you six years to actually obtain the full endorsement front an ISC2 member, or at least that's my understanding.

I was originally just going to go for the SCCP since that's only 1 year experience, which i can probably get signed off on, but after going to the Infosec conference it seems like I might as well just go straight for the CISSP (unless there's a better pathway)

3D GAY WORLD
May 15, 2007


Darchangel posted:

Thanks for all that. The stuff you highlight is exactly what I'm trying to strengthen. I've spent all of my IT career as a computer janitor/toucher, so I'm very weak on servers and networking aside from what I practically needed to know in deskside support.
As an aside, the course just updated, and they dropped one of the modules, the section on Automation, citing feedback that it wasn't necessary in an entry-level position. They gave me the option of switching to the new curriculum, or continuing with the old, including the Automation module. I want to learn about automation stuff, so I stuck with the original curriculum.

Just as an update, day 3, and I'm halfway through Week 3 of the course. Still in computer basics, so I expect it to get more difficult later.

Yeah, it probably isn't necessary, but I've definitely already had the software it touches on mentioned in postings/interviews (Puppet, Chef, Apache), plus some exposure to Ruby programming is definitely nice to have, even if it's super basic. Honestly, that course might be harder than the networking one, it's a little bit of a slog but it's worthwhile. Definitely one of the courses I learned the most from, and exposes you to the mindset of productive laziness.

Edit: Plus, the instructor for that class is definitely the best at sounding enthusiastic without it seeming too forced. One or two of the other ones can sound a bit awkward, though it's never a distraction for me.

Pro-tip for anyone doing the Google cert, or anyone learning through videos: If you're good at absorbing information through audio, I'd recommend experimenting with setting the playback speed to 1.25. It doesn't affect their pitch or the perceived speed of their speaking, but it helps if some of the instructors speak a little slow for you. I even bumped it up to 1.5 speed for things I already had a good grasp on. Plus, you'll finish the certificate between 15-35% faster (since you can't speed up tests, readings or projects).

3D GAY WORLD fucked around with this message at May 24, 2018 around 22:34

Darchangel
Feb 12, 2009

Tell him about the blower!



3D GAY WORLD posted:

Yeah, it probably isn't necessary, but I've definitely already had the software it touches on mentioned in postings/interviews (Puppet, Chef, Apache), plus some exposure to Ruby programming is definitely nice to have, even if it's super basic. Honestly, that course might be harder than the networking one, it's a little bit of a slog but it's worthwhile. Definitely one of the courses I learned the most from, and exposes you to the mindset of productive laziness.

Hey, all the greatest inventions are from people trying to avoid working harder.

quote:

Edit: Plus, the instructor for that class is definitely the best at sounding enthusiastic without it seeming too forced. One or two of the other ones can sound a bit awkward, though it's never a distraction for me.

Pro-tip for anyone doing the Google cert, or anyone learning through videos: If you're good at absorbing information through audio, I'd recommend experimenting with setting the playback speed to 1.25. It doesn't affect their pitch or the perceived speed of their speaking, but it helps if some of the instructors speak a little slow for you. I even bumped it up to 1.5 speed for things I already had a good grasp on. Plus, you'll finish the certificate between 15-35% faster (since you can't speed up tests, readings or projects).

I do that on a lot of YouTube videos, since most everyone talks a lot slower than I comprehend. Or just too much to begin with.

edit: Also, the videos have selectable subtitles, and there's an interactive transcript below each video that actually highlights along with the speaker AND you can click to jump to that spot in the video. Both pretty handy if you can't use sound or headphones, or you just learn better by reading. You can also download the videos, subtitles, and transcripts for offline use.

Darchangel fucked around with this message at May 24, 2018 around 22:43

Docjowles
Apr 9, 2009



That is a good pro-tip for almost any spoken-word content. I listen to all podcasts at 1.25x plus Overcast's feature that skips dead air. Within a day or two I stopped noticing the difference and it just felt normal. The only time I hear it now is when my wife puts on the same podcast at normal speed and it sounds like everyone is underwater. Also all theme songs sound wrong and bad to me at 1x speed now, so I am broken in that way.

And thanks for the detailed writeup of your experience with the Google cert. As someone hiring very entry level people (interns/coops), that sounds like something I need to be aware of. Either to look for on resumes, or to recommend to them as a resource if they have major gaps.

Doug
Feb 27, 2006

This station is
non-operational.


OSU_Matthew posted:

Right, but you can take the test and get the cert provisionally, and then they'll give you six years to actually obtain the full endorsement front an ISC2 member, or at least that's my understanding.

I was originally just going to go for the SCCP since that's only 1 year experience, which i can probably get signed off on, but after going to the Infosec conference it seems like I might as well just go straight for the CISSP (unless there's a better pathway)

Personally I think the ISC2 certainly are overblown in general. Yes, itís true that having a CISSP will get you past a bunch of HR filters but youíre probably going to end up in jobs that are really not that great. (This is assuming youíre interested in technical roles primarily and not risk management) I think net+/sec+/CCNA CyberOps are way better choices for actually building out a good basis in the fundamentals of infosec and then you can worry about specializing after that. If I were hiring folks for a SOC and all else being equal, Iíd take the person with those 3 over the CISSP every time.

ISC2 has a great marketing department but often this gets listed as a req for jobs where it provides no actual value. I think itís probably telling of a company when they add that into reqs for entry level jobs or make it a requirement for all infosec roles.

I also did the Cisco CyberOps scholarship program and thought both the cert and the program were great. The materials do a good job preparing you for the exams, but I had a good deal of prior experience as well. Thereís a lot of overlap in the two exams and SECOPS exam leans pretty heavily on a couple of NIST documents that are only casually mentioned in the course materials. So thatís worth watching out for. I think they should have made the cert just 1 longer exam like the combined CCNA R&S exam but I think thatís just Cisco doin the Cisco thing.

fordan
Mar 9, 2009

Clue: Zero


Doug posted:

Personally I think the ISC2 certainly are overblown in general. Yes, itís true that having a CISSP will get you past a bunch of HR filters but youíre probably going to end up in jobs that are really not that great. (This is assuming youíre interested in technical roles primarily and not risk management) I think net+/sec+/CCNA CyberOps are way better choices for actually building out a good basis in the fundamentals of infosec and then you can worry about specializing after that. If I were hiring folks for a SOC and all else being equal, Iíd take the person with those 3 over the CISSP every time.

ISC2 has a great marketing department but often this gets listed as a req for jobs where it provides no actual value. I think itís probably telling of a company when they add that into reqs for entry level jobs or make it a requirement for all infosec roles.

Yes, avoiding entry-level jobs postings that require a certification that needs 5+ years of industry experience is a good idea, as is on the other side questioning whether prospective candidates with that much experience would be happy working in an entry-level job youíre offering. For base-level jobs staffing a SOC Iíd go for the CompTIA/CCNA candidates, but for senior people with equivalent experience Iíd be preferring the CISSP.

Doug
Feb 27, 2006

This station is
non-operational.


fordan posted:

Yes, avoiding entry-level jobs postings that require a certification that needs 5+ years of industry experience is a good idea, as is on the other side questioning whether prospective candidates with that much experience would be happy working in an entry-level job youíre offering. For base-level jobs staffing a SOC Iíd go for the CompTIA/CCNA candidates, but for senior people with equivalent experience Iíd be preferring the CISSP.

I canít imagine any scenario in which Iíd prefer CISSP for a technical role. Managerial? Sure. Risk management/ governance? Absolutely. But having CISSP a requirement for any technically focused role is asinine.

Adbot
ADBOT LOVES YOU

Diva Cupcake
Aug 15, 2005



I added my CISSP to LinkedIn and the number of auditing, regulatory compliance, and policy driven job pitches now greatly outweigh the senior level security engineering/architecture jobs I'd be interested in.

I might take it off just as a filter against.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«242 »