Exam Objectives hold quite a few similarities with the CISSP CBK's.

 I guess you couldn't wrong with the CISSP All-in-One Exam Guide by Shon Harris:

http://www.amazon.com/CISSP-All-One-Exam-Guide/dp/0072193530

Amazon has two books to be released early next year:

http://www.amazon.com/CompTIA-Advanced-Security-Practitioner-Study/dp/1118083199/ref=sr_1_1?ie=UTF8&qid=1319144831&sr=8-1

http://www.amazon.com/CompTIA-Advanced-Security-Practitioner-Certification/dp/0071776206/ref=sr_1_3?ie=UTF8&qid=1319144831&sr=8-3

Well, I've nailed the ENSA exam from EC-Council, with a 940 out of 1000.

After careful deliberation on my part, I've deceided to start with SSCP after summer and then to go for CISSP.

Recommendations for books, websites etc. are alway welcome!

I haven't got a definitive careerpath laid out yet, I just want to get more involved with (network) security in general for now.

ATM i works as a senior network administrator at a small IT company (in which I hold a minor share) with 15 employees and somewhat under 50 customers ranging from 20 to 350 employees with serveral geographicly dispersed locations.

Our main focus is administering these networks. I spend half of my time designing and implementing the networks, whilst my collegues to the every day administering. Mainly due to the size of our company I spend the other half on petty end-user problems and documentation (one of the more evil parts of the job).

Ideally I would like to spend the majority of my time on the design aspect and balance that out with implementing the nessecary security polices, doing audits and going to security conventions (lol)


There's where the short sightedness (is that a proper English verb?) of most HR departments comes in; they only demand the certifications they *know*, so almost any job that's got the 'security' description in it will demand CISSP and I haven't found a single job that mentions the SANS certifications...


Thank you very much indeed, glad to be here

I've also looked at the SANS courses, but they're outrageously expensive!

Also, I live in the Netherlands and the SANS certificates aren't really known down here, so I'm not sure if these certifications will justify the high price.

Greetings,

A while ago I started to dive into the exciting and thrilling world of network security. I've been a network administrator for quite some time now, but I never had the opertunity to delve into the security aspect of network administration.

I'm currently certified as A+, Net+, Security+, MCSA, MCTIP:SA and JNCIA-FWV and I've enrolled in a 5 day EC-Council ENSA course starting the beginning of May.

Can you give me some advise on the next step?

I would like to focus more on the defensive part of network security (blue team), but I'm not sure which course/certification to pursue next.

The folks at the company where I'm taking the ENSA course, told me to go for CEH next, but that seems to focus more on the offensive aspect. On the other hand, there's more demand in the market for people with a CEH certification than there is for people with (the much lesser known) ENSA certification.

I've looked into SSCP but that one - as with ENSA, doesn't seem to be really valued in the market, due to the demand for CISSP certification.

Because I don't have the necessary work experience for CISSP, CISSP also fall from my shortlist.