Since this is a *higher education* security list, I have to chime in here. Don't
get me wrong, I see value in technical training such as SANS provides. But the
CISSP has never been about certifying technical knowhow. It's about a broad
awareness of the field, the kind you need if you're going to be talking security
both to network/system folks and to management/finance/legal as well. It's about
breadth, of the kind you get in a Master's degree. When there *were* no MS
programs in infosec, taking boot camps and the like for the CISSP was the best
way to get that kind of knowledge (other than live experience).
But now there are a number of great degree programs at all levels, and we ought
to be encouraging our peers -- the ones who want to get into security in some
depth -- to be acquiring academic credentials. After a master's program, you can
walk in and take the CISSP exam with no further preparation and not break a
Some of these high-quality programs are online, and can be done from the comfort
of your gaming console (I mean, PC) while working full-time. I happen to be
partial to the program at Norwich University, where I got my MS and have taught
from time to time. My classmates are all out working in the field, and I've had
many doors open to me (including a PhD program) because of the knowledge and
contacts I made there.
So I won't bash SANS and all the rest... I just don't think they're the
appropriate answer to every question.
Steven Lovaas, MSIA, CISSP
IT Security Manager
Academic Computing & Network Services
Colorado State University
Steven.Lovaas () ColoState EDU
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doug Markiewicz
Sent: Monday, December 08, 2008 12:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] recommendation for a cissp bootcamp
All of the bootcamps are just CBK reviews.
Eh, good point. I would recommend one of the 3-5 days @ 8-hours/day variety
over a 6-7 days @ 10-12 hours/day variety where your
brain is total mush afterwards.
There is no way for someone to pass this exam without the prerequisite
Well if you can memorize a book, you can pass the test. I've seen plenty of
that. If you don't have the experience, you can still
sit for the test and become an Associate of ISC2. Whether you have the
experience or not, I think the prep and testing taking are
an interesting experience.