Alright, back in the cert game. This time for real. Boss is pushing me on this one. Basically the division of the company I am in is very ISC2 oriented on the politics and friends side of things.
Domain 1. Security and Risk Management
- I been a member of our internal security operations management team for near 7 years.
Domain 2. Asset Security
- I personally have managed our OS and network security automation for 3 data centers for 7 years.
Domain 3. Security Architecture and Engineering
- I have run/managed our SIEM operations for over 5 years.
Domain 4. Communication and Network Security
- My previous job I worked doing SMB office security for about 4 years and considerable more experienece misc tacked on at my current job working with F5 , Juniper and network automation.
Domain 5. Identity and Access Management (IAM)
- two jobs ago I did 3 years working with access management, then another 2-3 years consulting on AD design and security for SMB.
Domain 6. Security Assessment and Testing
- I have been apart of our Qualys, Red/blue team and compliance audits for near 6 years.
Domain 7. Security Operations
- Over a decade here and the last few jobs
Domain 8. Software Development Security
- Honestly, I kinda suck here. I have dont some light tests on the sites I support, I have never really been a direct owner of the software development lifecycle. Problaby my weakest area. Looking at completing this program to support closing my gaps here https://app.pluralsight.com/paths/certificate/certified-secure-software-lifecycle-professional-csslpr
Beyond meeting the requirements for the time of training I also hold "Approved Credential on the (ISC)² Approved List"
1) Cloud+ materials and cloud Essentials
2) cbtnuggets.com for the overview of the concepts, it's the 2015 version, but its just for on the treadmill.
3) (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
4) CISSP Official (ISC)2 Practice Tests, 2e
5) CISSP Exam Prep Questions, Answers and explanations from SSI Logic
6) Official CISSP Bootcamp from Quickstart.com
7) CEH Bootcamp from Quickstart.com
Video series on CASP Concepts from pluralsight.com
9) Video series on SDLC concepts from pluralsight.com
Generally I like to keep dive into certifications deeper than is required for the pass. So also branching into Cloud+ and a few other things as supporting materials. But traditionally I don't bother with most certs unless I see real value on dice.com etc. But this one the boss is pushing me hard to get active in ISC2.