October 21, 2012 12:49 PM   Subscribe

Just finished taking the SANS training course SEC401 in prep for the GSEC exam. Can I take the CISSP using the GSEC training course as prep?

I just finished taking the 6 day SANS training bootcamp (SEC401) in prep for the GSEC exam.
I am now considering taking both the GSEC and CISSP now while the information from the training course is fresh in my mind. The goal is to maximize my training dollars and not have to wait until next year for the CISSP and take another bootcamp/spend more time studying. Are the tests similar enough to get both certs off of one bootcamp or is the CISSP different enough to warrant additional training/studying?
posted by nineRED to Computers & Internet (4 answers total) 1 user marked this as a favorite
Best answer: I haven't done anything with SANS just yet but I do have a CISSP. A quick look tells me GSEC is much more technical than the CISSP, which tends to cover a wider spread of general topics as well as technical and policy topics. You may want to look around for sample CISSP exams (there are quite a few available online) to get an idea of what kind of questions you'll get. If you do choose to do both, I'd suggest you sit for the GSEC, review any material for the CISSP that isn't covered by it as soon as possible afterwards, and then take the CISSP.
posted by zombieflanders at 1:25 PM on October 21, 2012 [2 favorites]

Best answer: I agree with zombieflanders - the CISSP is more of a management exam - a lot of ground to cover, but not particularly deep in any one place. Any SANS class you'll take (with one or two exceptions) will be much more technical and specific than what you'll study for the CISSP. I think you'd get a lot of out of going through the SANS class, taking the GSEC and then studying with books/quizzes for the CISSP.

I will say that a bootcamp class specific to CISSP may give you insight into how to prepare for the test itself - because it's not a straight technical exam, there is a method and madness to how to get in the right frame of mind for the CISSP exam. However, if you are fresh off a SANS bootcamp and are able to go straight to a review of the CISSP concepts, it may be the best time for you to take the exam.

Just as an aside - the CISSP exam does require that you have 5 years of security experience in two of their domains (I believe you can substitute a year of that experience with other certifications/education.) If you don't have the 5 years of experience, you can become an Associate of ISC2 until you have the required years of experience.

Best of luck!
posted by carmenghia at 2:37 PM on October 21, 2012

CISSP (is) not a straight technical exam

Not at all. I want to say that I had maybe 30 technical questions with a clear right/wrong answer, and all the rest were debatable policy decisions that need to be made according to how ISC2 thinks things should be.

Take the practice exams and if you're clearing 85% then you should be fine. Shon Harris (who wrote the main CISSP book) has another book of just CISSP questions and answers. I found those to be more difficult than those on the actual test.
posted by anti social order at 7:43 AM on October 22, 2012

Response by poster: Thanks, all. I will follow zombieflanders' and carmenghia's advice and take the GSEC as planned and then focus on filling in the gaps for the CISSP.
posted by nineRED at 5:26 PM on October 24, 2012

« Older What do you mean you don't have any formal logic...   |   My sister is separating and likely divorcing her... Newer »
This thread is closed to new comments.