IT Security Training @ CSMD?

[happyappygirl]

Didn't i see CSMD had a new IT security training course being offered? I can't seem to find it on the website.
I'm looking for CISSP type training being offered locally. Any ideas?
TIA

 

[BadGirl]

I've got a CISSP book and the Shon Harris "talking head" DVD's that you can use if you want to study independently, or actually find a college class that uses these materials.

But trust me.......this subject is boring as hell.

 

[Christy]

Last I heard the IT Security courses through CSM are extremely outdated. The best "courses" (which I would consider moreso seminars) are by the SANS Institute, but they are VERY pricey. Most people that I know that have their CISSP did it by Independent Study and just years of OJT. :shrug:

 

[marianne]

I don't see anything on the CSMD website.

I've been considering a bootcamp (ISC, Intense, or Global Knowlege) and talking with folks who have gone through them (the latter two were recommended). One of my subcontractors does internal CISSP training for companies. He seems better than the bootcamp instructors, keeping abreast of how the exam has been changing for example, and helps me out a great deal. I've got a huge stack of prep material but have been going through it very slowly - 6 months now and I'm only about half way through. If anyone wants to form a study group in SOMD, meeting once or twice a week, let's do it.

 

[happyappygirl]

Study group idea is awesome!!
I've been looking at the bootcamp thing too, but the only problem with that is they get you ready for the test (which if you fail you're out all that prep and $$), but don't really "teach" you anything. One of them (the ISC maybe?) allows you to take their bootcamp again for free if you fail, but you have to take it again within a year. I have 10 years in security/IT programming and software development, but don't feel I'm ready for the test in any way shape or form no way no how!! I have a study guide I printed off (WHEW that's a lot of stuff) and yes...it's a real snore, i think classroom environment or study group would be much more interesting. Could we meet at the college library? The DVDs would come in very handy BG!! May i borrow them?
I DID see something the college was doing, but can't come up with it now, maybe they cancelled it. I'm going over there Friday morning to meet a counsellor, anyone want to go with?

 

[happyappygirl]

Christy wrote: The best "courses" (which I would consider moreso seminars) are by the SANS Institute, but they are VERY pricey.

My company reimburses up to 5000.00 p/year, but I want to get as much as i can for my $$...and i want to pass the test the FIRST time

 

[marianne]

I was told many of the bootcamps let you take the course as many times as you want until you pass, more or less. That's how they get to say "97% of people who take our class pass the CISSP." I agree with you 100% - the bootcamps don't teach, they just cram the right answers into your head. I might sign up for a bootcamp as a review AFTER I've finished studying on my own. I read an article that was the best way to approach bootcamps.

I've found the CISSP prep books are similar to the bootcamps. They really hit on memorizing - they're like cliff notes and very dry. One of the best books I've found for learning (not cramming) is "Security in Computing" by the Pfleegers (Charles & Shari Pfleeger are both CISSPs). It was written more as a graduate level textbook but covers most of the CBKs in the exam, is very easy to understand, and it's actually enjoyable to read.

I would very much like to meet at the college library for a study group. Similarly, I know a couple CBKs solid but others I'm having a hard time with. What I've heard works well in CISSP study groups is every time you meet you review one CBK. Everyone gets assigned one or more CBKs to present at a study group - so you teach what you know. I can't go to the college Friday morning but would really appreciate knowing what you find out.

 

[cissp]

Studying for the CISSP Exam

Most people that I know that have their CISSP did it by Independent Study and just years of OJT. :shrug:

I would have to agree with that, for the most part. I did have one advantage, though. One month before I took the CISSP exam, I had just finished my last course in a Master of Science in Network Security program. The studying I did for that one month consisted of the Shon Harris All in One book. Additionally, I've been in the industry quite a few years. It's not an easy exam, but it's not designed to be. Also, after you take the exam, you'll probably walk away feeling that you failed. That is normal, and is how most people feel. It takes a lot of studying and dedication, and I don't know of any shortcuts, although some people have luck with the Bootcamps.

Look at it this way. If they make the exam easier, then soon everyone and their brother will have the certification, become diluted, and wouldn't be as in demand as it is now. I remember something like that happening with the MCSE back in the late 90s before the dot com bust. Prior to that, anyone that had the certification was often hired on the spot by people desperate to fill many vacant positions. The MCSE has regained some stature, but it did go through some hard times. Good luck.

 

[happyappygirl]

CISSP, if you wre to get the cert now, what classes/course of study would you recommend? I'm in the Federal arena and my first degree is in Computer Info Tech. Thanks for the input!!

 

[cissp]

CISSP, if you wre to get the cert now, what classes/course of study would you recommend? I'm in the Federal arena and my first degree is in Computer Info Tech. Thanks for the input!!

Someone else mentioned the SANS courses, and I would agree that they offer some of the better CISSP exam preparation. Personally, I would also become very acquainted with Shon Harris' book. As a more long range approach, you might want to consider Security/IA programs at the Graduate level, which could give you a good foundation for the exam (as it was in my case). Captiol College and Norwich University are two schools that come to mind that have excellent programs. Beyond that, a good resource is the ISC2 web site:

https://www.isc2.org/cgi-bin/index.cgi

I would also say to not wait too long to take the exam. There are several people (most actually) in our Security & IA group that have been studying for the exam for almost a year. One individual also took a SANS course along the way, but did not schedule himself for the exam. I think a lot of them haven't taken the course out of fear of failing. They formed a study group and hyped it up so much that I think it has made many adverse to actually taking the exam. I did have one person that I previously worked with, smart as a whip and an MS in EE, but she failed the exam. To her credit though, she retook it a couple of months later and passed. I think prior to the first exam, she really didn't think the exam would be as difficult as it was. I also saw that when I took my exam, as evidenced by a few individuals getting up and leaving in a huff only an hour or so into the exam (you're allowed up to six hours).

Hey, even if a person fails the first time, the good thing is you'll be given your score, so you can use that as a gauge of how close you were to passing (if you pass, you aren't given your score, just that you passed).

I'd be glad to pass on advice to anyone else that is interested. By the way, I'm surprised to see so many Security/IA types here, who I'm assuming support a mission on PAX. I've been trying to get a job there since late Spring but nothing has materialized yet. I did get an offer from one company, and although they included basic relocation, the salary would have been exactly what I am already getting here in Central Florida (Space Coast), which is still a lower cost area than Lexington Park. Another company brought me in for an interview, but they did not have funding for a position (then why did they interview me?). And another company was interested in interviewing me, but told me up front that they could not offer relocation.

Anyway, good luck to all of you that are determined to pass the CISSP exam!

 

[marianne]

you might want to consider Security/IA programs at the Graduate level, which could give you a good foundation for the exam (as it was in my case). Captiol College and Norwich University are two schools that come to mind

George Mason in NoVA & Perdue were a couple of the first schools to offer NSA accredited IS security program. Now, IA training is popping up all over the place. For example, the US Dept of Agriculture graduate school in DC has quite a few IA classes and even a relatively inexpensive 5-day CISSP bootcamp at $1500.

I would also say to not wait too long to take the exam.

One of the reasons I want to take it sooner rather than later is because the exam keeps changing. About six months ago, the focus of exam questions changed quite a bit. Not that the studying I'm doing now would be worthless if the exam changed, but I don't want to have to keep up with it.

 

[happyappygirl]

I'm going to CSMD today, will follow up later. OTJT is certainly the best way and my mentor is a great guy, but I want to really learn the stuff in depth. I'm taking a 2 day course on the NIST stuff in VA late August (1000.00 for two days ), but i don't really have a lot of trouble with getting the controls straight...it's some of the technical stuff, I hate to miss a thing, and in my environment, we have new stuff being added almost on a daily basis. It's so hard to keep up :LOL: No, I'm not at Pax, I'm in DC, contractor for DOJ (LOVE it!!). In fact, we will be looking for someone else in the coming months - they're adding a new division, if you want to send me your CV, PM me and I'll give you my email addy - I can forward it on if you want to be in DC - money's pretty good.
Seems to be a good avenue for sharp WOMEN to go....but the field is still quite dominated by men. SANS doesn't offer classroom training locally, but has a self paced study program. I have the harris book, and several study guides, I'll prolly use for training myself rather than fork out the 2500$ for them. See if i can go that route first.

 

[cissp]

I'm going to CSMD today, will follow up later. OTJT is certainly the best way and my mentor is a great guy, but I want to really learn the stuff in depth. I'm taking a 2 day course on the NIST stuff in VA late August (1000.00 for two days ), but i don't really have a lot of trouble with getting the controls straight...it's some of the technical stuff, I hate to miss a thing, and in my environment, we have new stuff being added almost on a daily basis. It's so hard to keep up :LOL: No, I'm not at Pax, I'm in DC, contractor for DOJ (LOVE it!!). In fact, we will be looking for someone else in the coming months - they're adding a new division, if you want to send me your CV, PM me and I'll give you my email addy - I can forward it on if you want to be in DC - money's pretty good.
Seems to be a good avenue for sharp WOMEN to go....but the field is still quite dominated by men. SANS doesn't offer classroom training locally, but has a self paced study program. I have the harris book, and several study guides, I'll prolly use for training myself rather than fork out the 2500$ for them. See if i can go that route first.

You are wise to study the various NIST regulations in depth, as they are commonly the baseline for many Federal agencies. The program that I'm C&A'ing from here in Florida is for a new FAA program, and it's NIST guidance all the way. As for DOJ, I'm familiar with their processes, too. Prior to relocating here, I was a contractor at the FBI Academy. Great bunch of people to work for, and with. They don't follow NIST, DITSCAP, or DCID guidance, but like a lot of agencies, what they follow has similarities across the board. If you've C&A'd one system using, say, DITSCAP, you can easily C&A other systems with other guiding regulations, because the guidance is very similar.

I'll take you up on your offer to PM you and forward my CV to you. Working out of Quantico would be geographically undesirable to my relocation plans, but I wouldn't mind working out of headquarters.

 

[marianne]

Seems to be a good avenue for sharp WOMEN to go....but the field is still quite dominated by men. SANS doesn't offer classroom training locally, but has a self paced study program. I have the harris book, and several study guides, I'll prolly use for training myself rather than fork out the 2500$ for them. See if i can go that route first.

I'm also supporting non-DoD clients in DC. It *is* a great area for women with a technical background because so much is based on cost-risk analysis, communication, and good judgement (which women are just naturally good at ). If you're in DC & involved in security auditing, you might want to check out USDA's training. USDA is located at L'Enfant Plaza and recently started a program for gov't auditing. Looks like you can take anything from one class, up to a Master of Science in it. I know NIST is looking to certify ST&E companies/ persons and wonder how their criteria will coincide with USDA's program...

 

[happyappygirl]

Link?? (USDA)
The college has a class starting in the fall (late August) for one semester (credit/non credit). Will find the link tomorrow and send it along. I called the adviser and she didn't call me back. there are pre-reqs, that can likely be waived, and I don't know what the syllabus for the class looks like, but the fee is relatively reasonable under 1K for the semester if memory serves.

 

[marianne]

courses

Thanks for the info on CSMD. Which campus is that course?

Go to http://grad.usda.gov/ for the USDA graduate school homepage. Click on "courses & programs" on the left side of the screen. At the bottom of the screen you can "search for courses" - type "security".

 

[marianne]

Cap

I'm taking a 2 day course on the NIST stuff in VA late August..

You should look into the Certification & Accrediation Professional certification that ISC2 is starting to give out, especially now that you've taken the NIST course (https://www.isc2.org).

 

[marianne]

After much procrastination and angst, I finally took the CISSP exam last weekend and passed!

If anyone is interested in CISSP study sessions at CSM, the offer is still on the table. I have a lot of review material to share and I believe I get professional credit with ISC2 for leading study sessions.

 

[vanbells]

I think UMUC offers a class that is based on CISSP certification.

 

[happyappygirl]

UMUC has a SUPER IFSM Information Assurance Certificate program. I am just completing it this semester.