Joe, If you want top-notch training, look into SANS/GIAC. I've taken a number of their courses, and held several certifications (Essentials, Firewalls, Incident Handling, and Windows, now lapsed - I simply didn't have the time to renew them). IMO, the SANS 'Security Essentials' is the rough equivalent of the CISSP in breadth of coverage, but is much more focused on actually DOING the work. It's more practitioner focused, whereas the CISSP is more manager focused.
SANS training is not cheap, and is not easy. Most courses are 6 full days. And their instructors are incredibly talented. I'd recommend trying to take essentials from Eric Cole, though that course is so popular and delivered so often in different venues that they need to have multiple instructors. See http://www.youtube.com/watch?v=bpoep3Dskb0 If your goal is to get a credential with broad visibility and mindshare, go for the CISSP. If you want to actually be able to implement InfoSec, look at the Security Essentials from SANS. If you have the need for both, do both. It's not that the CISSP has less value, it's just that its purpose is different. And if you do mostly Windows/Microsoft, I would highly recommend Jason Fossen's Securing Windows course, as well. Beyond that, they deliver training in just about any aspect of InfoSec, and are an accredited, degree-granting institution. Frank Ress From: [email protected] [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, October 16, 2014 8:53 AM To: NT System Admin Issues Discussion list Subject: [NTSysADM] Security training There's a new position being created in my organization that is "supposed" to be an infosec type of position. My manager had told me to look into CISSP training/certification. I know that's the pinnacle, and beyond the normal day-to-day stuff of being a systems administrator, working with a Windows domain, etc, I don't have a lot of hands-on in the trenches type of experience with security like I think they look for at that level. But, I was thinking that the SSCP may be a good way to get my feet wet, and start working towards CISSP. Any thoughts/advice/tips on that idea? I've been working with networks since 1999, was CNE for Intranetware 4.11, and upgraded that to 5, but haven't touched Novell since. I was MCSE for NT4, and never upgraded certs after that. I've worked with Microsoft products from NT4 and up, we're currently upgrading our servers to 2012R2 now. I've been the one-man shop, doing networking, and servers, and I've been part of a team doing just servers. Anyway, I'm going to keep digging into requirements, etc, and looking for training materials, so if anyone has thoughts on that stuff as well, I'd be very appreciative. Thanks, Joe Heaton Enterprise Server Support Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 323-1284 ________________________________ This communication is for the use of the intended recipient only. It may contain information that is privileged and confidential. If you are not the intended recipient of this communication, the disclosure, copying, distribution or use hereof is prohibited. If you have received this communication in error, please advise me by return e-mail or by telephone and then delete it immediately.
