Quote:
Originally Posted by zx10guy
I don't see why CompTIA security would be required to work in any classified environment (to include DoD) even if you're on the IT staff. I've never run across this requirement in the long career I've had working at various Federal agencies. One of the security certifications I've seen that has value depending on your job role is a CISSP. If you want a security certification, the CISSP would be the one to get.
I worked on, designed, implemented, and O&M'd some highly secure systems/networks in my time as a Federal contractor cleared passed a TS/SCI. I don't possess a CompTIA security cert. If there are security policy questions or concerns, you're trained to go to someone on the IT security staff. In my case, this individual is called an ISSM. But when you're designing or making changes to an existing system, you're supposed to board these things anyway for review.
|
Not sure how long it has been since you were a Federal contractor, but this has been pretty standard since 2010. If you want to touch the network (routers/switches/servers) you need at least a Sec+. This is part of the DoD 8570 initiative.
Links for reference:
https://www.isc2.org/dod-8570-cap-certification.aspx
http://www.giac.org/certifications/dodd-8570
If you have a CISSP, you can pretty much work on anything.
So, yes, you are correct a CISSP would be nice, but you are definitely missing the point of the discussion. If I was using your logic, I would tell the guy to not bother with a CCNA and go straight for a CCIE. There is no pre-req to get a CCIE.
Also, the chances of him actually getting a CISSP are zero. You can pass the test, but you need someone to sponsor you and you need to show employment relevant to the certification - which OP doesn't have. Without these, you aren't getting certified.