I have passed the CISSP exam few month back. I have almost 14 years
experience in the IT field, support, networking, and routing. I
thought that adding security to this profile will be cool. . I
prepared for it just like any other exam; I read the right books,
studied well and passed. The problem is that now few months later I
feel that I have forgot everything. I want to apply for a security
consultant position, but I feel that I lack the confidence to fulfill
this position. What went wrong????
I am willing to devote time and effort to bridge the gap and rebuild
this "Security skill set" but I don't know where to start or what book
to read. Please guys advice!

["Followup-To:" header set to alt.computer.security.]
On 2005-09-08, John MacLean <jmaclean@toshiba.ca> blabbed:
A piece of paper isn't a substitute for experience. Unless you are
actively using a piece of knowledge you're not going to remember it.
Security isn't something that is learnable by just reading a book and
taking a test, like most things people do well it's something you gain
by sweat perserverence in the field, applying good security procedures
and methodology, and evolving with the field as it grows. Get a low end
job in security (eg: a job where you have someone else backing you up,
since you're not an expert)-- you've got your paperwork, find out what
specifics you want to follow and learn what you need to know. Once you
do that you'll be able to apply your knowledge in the field with more
confidence and know that you're not blowing smoke up a future employeers
ass.

Shadus wrote on 9/8/2005 10:09 AM:
Amen. It's not 1995 where you could have pulled a $100k job just for
filling out the application.

If you want to make a lot of money with no experience or knowledge, get
a sales job.

Jim

Why not ask these guys http://www.cissp.com/ ?

"John MacLean" <jmaclean@toshiba.ca> wrote in message
news:t6gvh1de55uj162r24o4ads7ic7p31qujs@4ax.com...

Apply your new skills on your job.
Take advantage of your security departments knowledge base.
If you have no security department, start doing the work and
checking behind your self. Test your own security on your own
computers, either in a closed LAN or at home.
Start talking to other people in your area that are experts.

Mr.G

In article <BbrVe.9351$4P5.6094@newsread2.news.pas.earthlink. net>,
Mr.G <mikelg@remove.yahoo.com> wrote:
If you decide to "test the security" at your job, make sure
that you get some sort of written permission from someone
of proper authority before you do so.


Claude

John,

First of all, congrats on passing your CISSP. One thing that I found after
passing my CISSP exam is that now that all this studying and preparing is
done, and passed the exam... can't stop now.

There are so many resources that I've found useful since getting the cert.
Lots of documents that were helpful before the exam such as the NIST 800
series docs come in very helpful. I recently attended a Vulnerability
Assessment course and two documents that were pointed out of great
significance were the Open Source Systems Testing Methodology Manual
(OSSTMM) and the Information Security Forum Standard (ISF). These two
documents deal with VAs, but even so are a valuable read to the security
professional. The ISO17799 is a good document, but rather costly. Websites
of interest: The Reading room at SANS, SecurityDocs.com,
searchsecurity.techtarget.com, the Cisco Learning Connection (CPE credits!),
and another that I kinda like is firewall.cx. That's off the top of my head.

I find myself watching quite a few webcasts lately. Frequently I'll attend
SANS and SearchSecurity webcasts. The beauty about these are that they
contain good material, you can get live feedback, and they're worth 1CPE per
hour of webcast.

Don't stress. There are piles of free resources out there to keep your skill
set up to date, it just depends on you how far you want to go.

Sheldon Handcock, CISSP®

"John MacLean" <jmaclean@toshiba.ca> wrote in message
news:t6gvh1de55uj162r24o4ads7ic7p31qujs@4ax.com...