Comments on: GSEC vs CISSP

Question: GSEC vs CISSP

nineRED — Sun, 21 Oct 2012 12:49:40 -0800

Just finished taking the SANS training course SEC401 in prep for the GSEC exam. Can I take the CISSP using the GSEC training course as prep?

I just finished taking the 6 day SANS training bootcamp (SEC401) in prep for the GSEC exam.
I am now considering taking both the GSEC and CISSP now while the information from the training course is fresh in my mind. The goal is to maximize my training dollars and not have to wait until next year for the CISSP and take another bootcamp/spend more time studying. Are the tests similar enough to get both certs off of one bootcamp or is the CISSP different enough to warrant additional training/studying?

By: zombieflanders

zombieflanders — Sun, 21 Oct 2012 13:25:01 -0800

I haven't done anything with SANS just yet but I do have a CISSP. A quick look tells me GSEC is much more technical than the CISSP, which tends to cover a wider spread of general topics as well as technical and policy topics. You may want to look around for sample CISSP exams (there are quite a few available online) to get an idea of what kind of questions you'll get. If you do choose to do both, I'd suggest you sit for the GSEC, review any material for the CISSP that isn't covered by it as soon as possible afterwards, and then take the CISSP.

By: carmenghia

carmenghia — Sun, 21 Oct 2012 14:37:32 -0800

I agree with zombieflanders - the CISSP is more of a management exam - a lot of ground to cover, but not particularly deep in any one place. Any SANS class you'll take (with one or two exceptions) will be much more technical and specific than what you'll study for the CISSP. I think you'd get a lot of out of going through the SANS class, taking the GSEC and then studying with books/quizzes for the CISSP.

I will say that a bootcamp class specific to CISSP may give you insight into how to prepare for the test itself - because it's not a straight technical exam, there is a method and madness to how to get in the right frame of mind for the CISSP exam. However, if you are fresh off a SANS bootcamp and are able to go straight to a review of the CISSP concepts, it may be the best time for you to take the exam.

Just as an aside - the CISSP exam does require that you have 5 years of security experience in two of their domains (I believe you can substitute a year of that experience with other certifications/education.) If you don't have the 5 years of experience, you can become an Associate of ISC2 until you have the required years of experience.

Best of luck!

By: odinsdream

odinsdream — Sun, 21 Oct 2012 19:17:49 -0800

You may want to check out some previous AskMe CISSP study questions.

The non-technical management aspects are likely to catch you if you don't pick up some more materials.

By: anti social order

anti social order — Mon, 22 Oct 2012 07:43:13 -0800

CISSP (is) not a straight technical exam

Not at all. I want to say that I had maybe 30 technical questions with a clear right/wrong answer, and all the rest were debatable policy decisions that need to be made according to how ISC2 thinks things should be.

Take the practice exams and if you're clearing 85% then you should be fine. Shon Harris (who wrote the main CISSP book) has another book of just CISSP questions and answers. I found those to be more difficult than those on the actual test.

By: nineRED

nineRED — Wed, 24 Oct 2012 17:26:17 -0800

Thanks, all. I will follow zombieflanders' and carmenghia's advice and take the GSEC as planned and then focus on filling in the gaps for the CISSP.