.

I want your advice : SSCP or CISM

<<

Abdul

Newbie
Newbie

Posts: 3

Joined: Fri Sep 05, 2008 3:49 pm

Post Fri Sep 05, 2008 4:05 pm

I want your advice : SSCP or CISM

Hi guys

I want your advice.
I have a master degree in information and network security and I don't any previous experince in security field.

Could you guys recommend me a training center , in chicago if possible, to take courses in CEH and SSCP.

last question:
I have been thinking of CISM but it require previous experience, is there I can take it without experience as Associate CISM ?

thank u guys
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Sep 05, 2008 7:38 pm

Re: I want your advice : SSCP or CISM

Pardon the bias, but look at ChicagoCon. We offer CEH and a number of other security related boot camps with exams on site. See the course offerings here:
http://www.chicagocon.com/content/view/97/7/

Security Certified is the group that runs SSCP, and they are right here in the Chicagoland area. PM me your contact info, and I'll be sure they get you in a course if you choose not to go with CEH.

If there are questions about CISM that can't be answered on their site, try contacting them directly:

Email: exam@isaca.org
Tel: +1.847.660.5660
Fax: +1.847.253.1443

Welcome to EH-Net, and I hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

silxp

Newbie
Newbie

Posts: 15

Joined: Thu Sep 04, 2008 7:46 pm

Post Fri Sep 05, 2008 8:14 pm

Re: I want your advice : SSCP or CISM

Abdul wrote:Hi guys

I want your advice.
I have a master degree in information and network security and I don't any previous experince in security field.

Could you guys recommend me a training center , in chicago if possible, to take courses in CEH and SSCP.

last question:
I have been thinking of CISM but it require previous experience, is there I can take it without experience as Associate CISM ?

thank u guys



Firstly, what is it you intend on doing in the long run. A CISM is a managerial cert while the C|EH is geared towards (wants to be) a pentesting like certification which introduces you to tools used in hacking/pentesting.

Its akin to you asking "I want to be a Registered Nurse should I take a nurses assistant class" if you will. CISM's differ from those who possess the C|EH, OSCP, OPST, etc., in the sense it tends to be more hands on with a lot of emphasis on "hacking" ethical for corporations/business. While the CISM, CISSP is geared more towards managing the information policies, etc.

SSCP is nothing more than a mini CISSP for those who don't really have enough years of experience, or enough knowledge of all CBK's to complete the SSCP. It's more of an associates with the CISM being more of a masters.

My advice, determine what it is you want to do. Want to push papers, read, tell others what to do, focus on the CISSP, CISM, CISA. Want to play with tools, do penetration testing, I would go with the following:

Pentester / Master Hacker route
Security+ (for starters)
CCNA - to learn / understand networking
Do a SANS course if you can, focusing on a specific, e.g., GPEN for Pentesting, GCIH for Incident Handling, etc.
OSCP - for a thorough overview of penetration testing
OPST - For expert level pentesting

Security Manager
CISA + CISM studies (they both can be done, they're both different certs though)
CISSP
CISSP - ISSEM
NSA IAM/IEM

Super Network Ninja / Pentester
Wait for us to finish the OWASP cert http://www.owasp.org/index.php/Category:OWASP_Certification_Requirements
OSCP
OPST
CCNP

Again, there seems to be a lot of misinformation/clarity between what certs will get you to which route you want to be at the end of the day. You mention two completely separate scenarions (CEH of SSCP) so figure out what you want to do and maybe re-ask the question.

J. Oquendo
sil at infiltrated dot net
OSCP, C|EH, CNDA, CHFI, SGFA, SGFE
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Sep 05, 2008 9:21 pm

Re: I want your advice : SSCP or CISM

Well for the CEH I am about to do it with InfoSec
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Abdul

Newbie
Newbie

Posts: 3

Joined: Fri Sep 05, 2008 3:49 pm

Post Sat Sep 06, 2008 2:17 pm

Re: I want your advice : SSCP or CISM

Thank you guys for your responds, and I really appreciate it

don:
Thank you don, and I'll be contacting you soon and I'm looking forward to get more information about SSCP because it looks like they don't offer this course.


silxp:
man, I enjoyed reading your comments, it's was so clear and it was really helpful. Thank you so much slixp

My final destination is to be in the management side with some understanding of the technical side (not to be completely dump)

My point of taking CEH is to get some understanding of the current tools and this is what CEH is all about, it won't teach me about infosec anything. In term of management I thought about CISSP but I was afraid that I might need more time to study so I went to, baby CISSP, SSCP.
I knew that I can take the exam and be CISSP associate and once I have the required experience I'll be certified.

many people have told me that if you want to get to the management level, you should have some background in the technical side, not to mention that I don't have any previous experience and I think it's kind of impossible to be hired in Information security or security management or Risk Management field without experience so I'm doing CCNA + CEH to help me accomplish my goal.

My plane is to finish within 3-4 months CEH and SSCP or CISSP,and I'm studying 3-4 hours a day , What do you think ??

Since I have a master degree in information security, do I have enough time to study CISSP within 2-3 months or should I stick with SSCP ?? ( encourage me  ;D and Thank you again)


Dark_Knight :
I was going to take the course with trainingcamp but the class in chicago was canceled, I don't know more about infosec.
My prof. told me about global knowledge, any thoughts ???
<<

silxp

Newbie
Newbie

Posts: 15

Joined: Thu Sep 04, 2008 7:46 pm

Post Sat Sep 06, 2008 10:03 pm

Re: I want your advice : SSCP or CISM

Abdul wrote:My plane is to finish within 3-4 months CEH and SSCP or CISSP,and I'm studying 3-4 hours a day , What do you think ??

Since I have a master degree in information security, do I have enough time to study CISSP within 2-3 months or should I stick with SSCP ?? ( encourage me  ;D and Thank you again)


Don't take this the wrong way (anyone for that matter)... A Master's in Information Security doesn't help much in the real world - real world meaning real work. So you study for 4-5 years and by the time you graduate, the information you studied on (concepts) are old and outdated and have real little value where it counts.

Information Security Management - whether you're aiming for the CISSP or CISM or any other of the managerial certs is a broad and bloated arena. There is so much overlap and a lot of (pardon the term but we're all adults) industry ass kissing.

Wait... Did you say CoBIT!? But SABSA, ISO17799, NIST, ITIL, CRAMM, OCTAVE is where it's at!@ Are you ready for terms like Business Impact Analysis, Strategic Alignment, Performance Measurement, Assurance Process Integration? Convergence? Governance Implementation Metrics? Sound sexy? Quantitative or Qualitative... Hrmm... I wonder which fuzzy math vector to abuse first.

Information Security Management is a broad task and requires years of hands on experience, insight, intuition, hands on knowledge, you name it. Successful Information Security Managers are really hard to come by, certified individuals a dime a dozen, no matter what the cert. How do you propose to stand out? In all honesty, if you're coming in with under 10 years experience, you're setting yourself up for a fall.
OSCP, C|EH, CNDA, CHFI, SGFA, SGFE
<<

Abdul

Newbie
Newbie

Posts: 3

Joined: Fri Sep 05, 2008 3:49 pm

Post Sun Sep 07, 2008 4:21 pm

Re: I want your advice : SSCP or CISM

Thank you silxp and I look forward to hear from other guys.
<<

LSOChris

Post Sun Sep 07, 2008 10:47 pm

Re: I want your advice : SSCP or CISM

the advice of figuring out what you want to do first is good, but if you have an idea what industry you want to work in that will help too.

for example, if you want to do any kind of IA work for DoD you need your CISSP, that's just the requirement. 

as far as the CISM, if you dont meet the requirements you can still take the test.  You'll have to check out the ISACA page for details but you can be granted your certification and get your remaining years of experience afterwards.
<<

CMonkeyDO

User avatar

Newbie
Newbie

Posts: 7

Joined: Thu Sep 04, 2008 4:27 pm

Post Mon Sep 08, 2008 9:06 pm

Re: I want your advice : SSCP or CISM

If you're looking for resume fodder the CISSP/CISM will do that but neither will prepare you to provide strategic leadership to an IT shop.  Unless you fall into something (luck), Certs aren't going to compare to years of experience.
<<

LSOChris

Post Mon Sep 08, 2008 11:50 pm

Re: I want your advice : SSCP or CISM

CMonkeyDO wrote:If you're looking for resume fodder the CISSP/CISM will do that but neither will prepare you to provide strategic leadership to an IT shop.  Unless you fall into something (luck), Certs aren't going to compare to years of experience.

can you follow that up with some advice to the original poster?
<<

CMonkeyDO

User avatar

Newbie
Newbie

Posts: 7

Joined: Thu Sep 04, 2008 4:27 pm

Post Tue Sep 09, 2008 8:45 am

Re: I want your advice : SSCP or CISM

I guess as far as Certs go, if your goal is Information Security then I would consider GSEC or Security+ to get a foundation.  From there, you need to figure out the size of org that you want to move into.  For instance, if your goal is to join a small to mid-size company than you'll need to work to increase the breadth of your knowledge.  In large companies roles are specialized so I would consider looking at getting really knowledgeable about a single focused area (this would get you in the door and then you can move around from there).  MIS, SANS, or you’re local training center can usually provide specialized training for UNIX, Windows, or Network security.  Either way, once you get some experience than the mgmt doors should start to open.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software