Is Security+ for Cyber Warriors a good baseline?

2014-12-30T19:16:03-05:00

I have seen most of the new jobs for cybersecurity (25D and 17C) asking for Sec+ as a pre-req but I am wondering if it's actually a good baseline. It provides a basic overview of Security technologies but not much else. As someone who has taken courses in cryptography and securing applications and databases, I personally think we should be looking at CISSP as a baseline if we want to really get the best for this growing mission.

Response by COL Private RallyPoint Member made Dec 30 at 2014 7:32 PM

2014-12-30T19:32:28-05:00

CISSP would be good, but I think there needs to be a combination of certifications as a baseline. Then looking at the positions you think these warriors will fill, you will have to figure out if in fact these are really the best.

Response by TSgt Joshua Copeland made Dec 30 at 2014 7:56 PM

2014-12-30T19:56:00-05:00

Few comments. As of right now, anyone with elevated (ie admin) privileges on the DoD network has to have a certification that meets the DoD 8570 mandate. These certs range from A+ on the low end to CISSP on the high end. Sec+ is a good "middle ground" with regards to cost and attainability. CISSP is great, but the test is 1. Expensive. 2. Hard. 3. Requires a good chunk of time in the field. 4. Requires someone with a CISSP to sponsor you.

Now moving forward, the DoD is moving away from commercial certs towards a DISA hosted position based certification under the DoD 8140 program. This process will require someone to re-cert every time they change positions. Think upwards of 50 modules. You are going to do server admin, you have to do these 15 modules to get certified. You are going to work routers and switches, that is these 20 modules. There may be some overlap between positions, but it would standardize the training/cert across all the branches.

Now for certs, I think for the Net-A certs in coding, CEH, and similar would be most appropriate.

Response by CMSgt James Nolan made Dec 30 at 2014 8:25 PM

2014-12-30T20:25:34-05:00

I just realized that I am in fact a dinosaur.

Response by SSG Private RallyPoint Member made Jan 23 at 2015 11:29 PM

2015-01-23T23:29:15-05:00

Well in my opinion I think they should have someone with a strong baseline so they can "mold" them into a strong cyber warrior. CISSP is more of a upper management cert. In my experience people with CISSP are stuck in their ways and knowledge skill set and cannot learn the way they want them to learn.

Response by Cpl Tou Lee Yang made Apr 7 at 2015 11:46 PM

2015-04-07T23:46:21-04:00

Anyone with a decent amount of intellect can get any certification. However, knowing how to do the job is a totally different story altogether. I've see people who never occupied a network security position achieve a cissp just because they had the time to study.

I've also seen people with their CCNA and have no idea how to configure a router ACL. Does a cert make you better? No, it doesn't, it just makes the boss comfortable that you should be able to perform at your job.

Now day, the S+ CE is high in demand if you want a job in the DoD. Regular S+ doesn't cut it. And the amusing thing about this is that it's a repetitive course, but CompTIA has to make money somehow.

Response by CPT Private RallyPoint Member made Dec 20 at 2015 11:02 PM

2015-12-20T23:02:09-05:00

I would say CISSP, not SEC+. SEC+ is a fundamentals certification. I would even suggest CASP and/or CCNA-S. Since you have taking classes before, when you see the SEC+ exam... you'll be like... this is it? CISSP will make you want to cry during the exam, but everything is better than nothing. I would suggest other combinations too such as CISM, CASP, CCNP-S, and other top certs. You'll be surprised how much your mind opens up when you cross them all.

Response by MAJ Private RallyPoint Member made Dec 22 at 2015 1:08 PM

2015-12-22T13:08:44-05:00

The DoD as a whole need to revamp the pre-reqs when it comes to cyber security. At least have a CISSP like CPT Dunn stated above.

Response by SSG Derek Scheller made Jun 6 at 2016 12:36 PM

2016-06-06T12:36:03-04:00

CISSP is great for management for the technical aspect I would look more into OSCP, CEH, and the GIAC certs.

Response by SGT Private RallyPoint Member made Oct 17 at 2016 3:08 PM

2016-10-17T15:08:14-04:00

To answer your question. Yes it is a good baseline to cyber security. Im going to assume that everyone on this thread is part of the cyber force in one way or another. Asking for it as a pre-req is perfect. That at least tells the person reviewing your packet that you have some knowledge. Maybe not a lot but some. CISSP, GIAC, "CASP", CCNP, CCNA-S, etc. should be what the schoolhouses go over. We need to remember that we are taking in new soldiers. But the issue is we don't have the time to train new soldiers to cyber because the threat is always growing. That's why we hire contractors and civilians. They have experience in the field and have been vetted.

Response by TSgt Private RallyPoint Member made Feb 2 at 2017 4:11 PM

2017-02-02T16:11:01-05:00

Security+ is only a good baseline for beginners coming into the cyber career field. I found it to easy to get through without really having to learn. After a few years experience studying for a CISSP definitely is better.

Response by Capt Private RallyPoint Member made Aug 30 at 2017 4:08 PM

2017-08-30T16:08:27-04:00

CISSP is largely an overkill for most jobs. If I'm a Network Threat Analyst do I need to know how high a wall should be or what material to make it out of? No, but I should understand network architecture and security practices.

I've seen CISSP as a requirement for basic IT troubleshooting. The certificate requirements should be reasonable to the position.