Introduction to the CISSP
Hello everyone and welcome to The Net Sys Admin. I’m excited to introduce you to this new series I will be doing. As you can tell from the title this series has to do with the CISSP certification. The full name being Certified Information Systems Security Professional. I will be releasing a associated podcast episode and website article that reviews the learning objectives contained in the CISSP cert. They are designed to be a quick study for the cert or just a general review of cyber security concepts. Any network or systems administrator will agree that security is a huge part of the job and the better you can address security in your role as an administrator the more valuable you will be. Not to mention that cyber security jobs are slated for some serious growth in the coming years. An article published by https://www.cybrary.it/ titled “Employers, “The Industry,” and You: The 2019 Cyber Security Job Outlook” has the following to say: ——————————————-
An article by Dark Reading published earlier this year states that “Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, according to the ‘Cybercrime Report’ by the editors at Cybersecurity Ventures. That’s up from $3 trillion in 2015, which is fueling a burgeoning market, with cyber security spending expected to reach more than $1 trillion cumulatively from 2017 to 2021.” The article goes on to note a familiar stat: in 2014 there were 1 million unfilled cyber security jobs globally, according to Cisco. However, did you know that by 2021, that number will grow to 3.5 million openings? And, more tough news for companies indicates that the labor crunch has intensified over the past year, with more than 200 cybersecurity startups raising venture capital — much of that intended for new hires. It also seems that VC funding shows no signs of slowing in the foreseeable future.
Link: https://www.cybrary.it/0p3n/employers-industry-and-you-2019-cyber-security-job-outlook/
The Weekly CISSP: Introduction to the CISSP
So every article I’m going to start with a cyber security related quote. Feel free to send me your favorite quote or make one up and then I’ll quote you! (I’ll even link to your social media and/or website also)
Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”– Chris Pirillo
Now after the quote I’ll tell you the domain and objective the given topic covers, but today will be an overview of the certification. 1) What is the CISSP? And why should you care? As an IT professional I know you spend a lot of time studying new technologies and staying up-to-date in your career fields. So you’ve most likely heard about the CISSP at some point. It is after all considered one of the IT industry’s top security certifications. If you don’t believe me just look at the salaries of professionals who carry this certification. The certification is developed by ISC(2) “squared” full name being International Information System Security Certification Consortium. The exam divides up topics into areas that are called domains. Each domain has related objectives. The domains & objectives are based on what the ISC(2) calls the CBK or “common body of knowledge”. The CBK is developed based on research into the actual working knowledge that security professionals need to have. This is referred to as job task analysis. It has been said that the CISSP material is a mile wide and an inch deep. Or for those using the metric system a kilometer wide and centimeter deep. In essence the exam covers a very large variety of topics but more on a surface level without going into extreme detail. I would say the goal of the CISSP is to provide a solid foundational knowledge in IT security, and is amazing for those in management or positions that have the ability to shape the information systems landscape of their organization. There are 8 domains:
1.SECURITY AND RISK MANAGEMENT
2.ASSET SECURITY
3.SECURITY ARCHITECTURE AND ENGINEERING
4.COMMUNICATION AND NETWORK SECURITY
5.IDENTITY AND ACCESS MANAGEMENT (IAM)
6.SECURITY ASSESSMENT AND TESTING
7.SECURITY OPERATIONS
8.SOFTWARE DEVELOPMENT SECURITYI want to point out that each and every one of those 8 domains can be an entire specialized career within cybersecurity. So you can imagine the breadth of topics. This is by no means a walk in the part certification. Now I ‘m not going to go into the specific process of taking the exam just yet. That will end up being its own article in the future. My goal in this inaugural article for the CISSP series is to get you familiar with the certification and help you decide if it is worth pursuing. My opinion is that regardless if you want to become certified it is worth gaining the knowledge. Now for more in-depth information of this certification you can visit the ISC(2) website and sign up to receive their ultimate CISSP guide. Link to the ultimate guide by ISC(2): https://www.isc2.org/Certifications/Ultimate-Guides/CISSP?utm_campaign=H-HQ-CISSPultimateguide&utm_source=isc2web&utm_medium=button&utm_content=cissppagebottom But in case you don’t feel like doing that I’ll tell you some of the info right now. Again the following information comes from the Ultimate CISSP guide found on the ISC(2) website. Some job positions that can make use of the certification are:
•Chief Security Officers
•Chief Information Officers
•Systems and Network Administrators
•Chief Technology Officers
•Security Managers
•Systems Integrators
•Chief Risk Officers
•Systems EngineersSome quick facts about the CISSP:
•Introduced in 1994
•United States Department of Defense approved
•Most required security certification on LinkedIn
•Exam available in 8 languages at 882 locations in 114 countries
•More than 129,000 professionals currently hold the CISSP certification
•Average CISSP Salary: US $131,030I’ll wrap this up for now. I hope you found the information useful and keep an eye out for future articles. If you are super-duper interested in following The Weekly CISSP series then please subscribe to my email list.