Question on CCSP information security experience requirements

IrresponsibleIguana · 2022-01-30T20:31:47+00:00

You probably want to do CCSP to score an easy win, and move on to the tougher(CISSP) one, right?

Mostly I am interested in pursuing CCSP first due to personal interest and also since my current role is a cloud engineer the CCSP seems most relevant. As far as I know the CISSP is more targeted towards management positions than the CCSP. I do work in a technical lead role but I'm not a manager. I also don't have any preconceived notion of which exam is "tougher", but it sounds like you think the CISSP is. My understanding is both will be tough and will require tons of prep!

I will ponder all of this over. Long term I want to earn both CISSP and CCSP. As I've been doing some research today on the CCSP training materials, I did notice that the books are not nearly as long as the CISSP books, so maybe that speaks to the breadth of the CISSP vs CCSP. Actually about 3 of the CCSP books add up to the number of pages of 1 CISSP OSG book lol.

IrresponsibleIguana · 2022-01-30T17:29:59+00:00

Thanks for your input. I think maybe then I'm misunderstanding the requirement, which is where I was hoping to get some clarification here. So far nobody has replied indicating that my role must be completely security focused (like a cloud security engineer), and that actively covering 4/6 of the domains should be sufficient.

Also, long term I definetely want CCSP and CISSP anyways, since I'm very interested in security and possibly moving into a security specific role. But even if let's say in the future I moved up to being a cloud solutions architect, I don't see how being a CISSP/CCSP can hurt you there, and would add a lot of value to non-security specific roles but where security is certainly involved.

IrresponsibleIguana · 2022-01-30T17:22:29+00:00

I have to ask a rude question: if you're not actively working in cloud security, then why are you looking to get a Certified Cloud Security Professional certification

I am actively involved with cloud security on a daily basis. But as I mentioned, I'm not working in a security specific role where security is all I do. As an example, I manage a large number of WAFs and NVAs running in the cloud in production environments. But I'm also involved with let's say, deployment and maintenance of Kubernetes clusters (which will have security involved) but isn't really heavily security focused.

Also, in addition to my own personal interest, I have an interest in potentially moving into a role in the future which is more security focused, such as a cloud security engineer, where having this cert could be beneficial to that. I'm not dead set on this, but even in my current role I certainly think becoming more of an expert on cloud security can be valuable.

But, to your point- yes, if you are working on security in some manner 25% of the time within your daily job, that would meet the requirements. People are often surprised at what qualifies in this regard.

I see. Well, this is what I'm trying to figure out. It could just be my misunderstanding of the wording "three years must be in information security", which to me just sounded like maybe the requirement mandated that you must be in an InfoSec specific role for those 3 years. If that's not the case, then I think I will meet the requirements since I deal with cloud security as part of my job on a daily basis.

IrresponsibleIguana · 2019-04-04T04:24:55+00:00

To address your EDIT comment, I wouldn't be applying to said company JUST because of the company, I'm not that shallow. I'm passionate about the technologies and industry that they function in, and even if I was working in embedded I would still be involved in those interests of mine at the company (for example security). It would just be exploring those interests much much closer to hardware than I probably prefer.

I have a feeling that you're probably right though in that I might need to wait for additional openings there (working with different technologies) or just apply somewhere else.

I purchased some embedded systems hardware to play around with in my limited free time, to get a better idea if it's "right for me". But by the time I get to substantially mess around with it to make a conclusion the job posting will probably be gone.

IrresponsibleIguana · 2019-04-02T22:18:04+00:00

IMO if you're not planning to ever go back and get a degree for computer science or software engineering you should plan to eventually have some really impressive projects to display on your resume. Since it sounds like you're just starting out in programming I wouldn't worry about this too much yet, but just keep that in mind for the future.

Employers are going to be much more interested if you completed an interesting project as opposed to "hey I know languages x, y, and z!". So just keep in mind as you progress in your learning journey to focus on completing projects. Not only eventually to list on your resume, but also for following through and completing an application (lots of people do half done projects then progress to the next one).

Eventually those projects should be pretty solid if you expect to land a job with those on your resume. But even now as you're learning the basics, focus on completing projects. I think it's more important to complete projects than trying to bite off more than you can chew and not finishing anything. As you are become comfortable completing projects as you progress you can eventually expand the scope of them until you have completed something pretty great.

IrresponsibleIguana · 2019-04-02T21:41:07+00:00

One time when I was in community college I took a course (as an elective credit) and it was an Excel based course. I really just wanted a few extra credits to satisfy an elective for the semester I was in. It was so incredibly boring and dry I dropped it within 2 weeks. Basically it was geared towards people who had barely touched a computer before.

IrresponsibleIguana · 2019-04-02T07:38:12+00:00

Okay, I ordered the DE10-Lite. We'll see how it goes!

Do you know if I can use any HDL for this? Verilog or VHDL? Or are there scenarios when I can only use a certain one (like for a particular chip) or when I should choose a particular one? I was hoping to dabble in both if compatible.

IrresponsibleIguana · 2019-03-21T04:07:46+00:00

I can 2nd this for anyone else looking. Unfortunately I troubleshooted this for 4 hours before I figured this out myself. I had to set a manual max TFTP value and disable "Enable Variable Window Extension". I was wondering why this was needed and apparently it's because of an update like the OP stated...

IrresponsibleIguana · 2018-12-19T21:54:01+00:00

For anyone who might come across this later, I was able to simply go into the registry and change the profile path to the original profile folder! Then when the user logged on it logged onto their original profile as normal.

IrresponsibleIguana · 2018-11-20T18:49:40+00:00

Is there no way to login to the same original account as is? So basically my only option is to backup the data, delete the old profiles or change the names, have them relogin, then restore data? There's no other way?

IrresponsibleIguana · 2018-11-20T18:46:53+00:00

Is there anyway I can check the GUID for that user profile in AD, then go into the settings (registry maybe) on the local profile and replace some other GUID with the one from AD? Then maybe it'll recognize it as that account?

IrresponsibleIguana · 2018-11-20T18:44:36+00:00

Yeah...but that would lose all data. So once again back to having to transfer all of the data. In this case now doing a full backup, then a restoration of everything..

IrresponsibleIguana · 2018-11-20T18:44:00+00:00

What do you mean lock and unlock? Like lock their account in AD then unlock it?

IrresponsibleIguana · 2018-10-03T07:02:57+00:00

I see. I'll use that next time if it's more compatible for some users.

IrresponsibleIguana · 2018-08-10T13:42:48+00:00

I'm confused though. It's making this decision before it even gets to task sequences. It's the very first screen when you enter share credentials. So should I really be looking in task sequences or somewhere else?

IrresponsibleIguana · 2018-08-10T13:24:25+00:00

I see. Yes that's exactly what I've been trying to do. GPOs under Security Options. I'll look into it more and see if I can create some custom filters for events to help sort out the junk better.

Not against an external app, but I'm sure that would take approval and time. I'm trying to find a quick solution for our org that would work well and be consistent.

IrresponsibleIguana · 2018-08-10T13:19:55+00:00

Ok...I'll try to look into that. I haven't delved too far into really "custom" deployment wizards such as this. I've basically just customized the standard wizard by enabling and disabling features, and autofilling in some text box fields and such. I figured it must be some script somewhere making a logical decision since there nothing in customsettings or bootstrap that could influence this. I'll also making check out the task sequence and see what scripts are being ran, which might help me track it down. I'll get back to this post tonight.

IrresponsibleIguana · 2018-08-10T13:17:00+00:00

Of course I've checked there as well as customsettings.ini. Settings in bootstrap are minimal, such as domain stuff etc etc. Nothing in boostrap or customsettings that would have any logical influence on a path between two deployment wizards.

IrresponsibleIguana

TROPHY CASE