Related Posts
More Posts
This is my first time working with a client using the COSO framework. Before elevating my inquiry to my seniors, I would like to confirm my understanding of how this exercise works.
Prior working papers are telling me that client should establish its compliance with the five components of the framework, correct? How rigid should I be in performing this?
To be fair, I was provided with a reading material but it’s a pretty hefty read.
Thanks for any responses!
Deloitte
Sounds about right
Like Donald Trump, I need attention. Feed meeeee
Additional Posts in Cyber Security Bowl
Tryhackme vs. Hackthebox?
New to Fishbowl?
unlock all discussions on Fishbowl.
Yes, get it! It helps you understand cyber concepts, RM, etc. Signed non-technical Cyber Strategy SM with CISSP.
"The CISM certification is solely management-focused, while CISSP is both technical and managerial and designed for security leaders who design, engineer, implement and manage the overall security posture."
https://www.isc2.org/Landing/CISSP-or-CISM
In terms of certs listed here, the Sec+ is probably the 'easiest' with an abundance of free resouces. The CISSP, CISM require 5+ years of work experience or you become an Associate/not have the full cert until you have the work experience.
If you can’t even get through security +, CISSP is gonna be a lot harder…
I am studying for it now. It is a lot. I started reading the All In One by Shon Harris and got stuck halfway through (about 700 pages out of 1300). Watched a bootcamp and am halfway through another, before I dive back into the book. Literally doing things every day (or every other if work goes long). It is just a lot of material and it took me a while to find a consistent rhythm. Goal is to take it by the end of the year.
CISSP is a good starting point
Starting point? Makes it sound like the CISSP is an entry level cert. I'd start with SEC+
Appreciate all the comments / feedback. May just retake SEC + first
Subject Expert
Retake the security+
CISSP is a good starting point once you have enough exp. It’s like a drivers license for cybersecurity governance - it shows that you know the basics. Then, your experience speaks for you.
Usually when people talk about technical skills within cybersecurity, they mean some form of coding. Security+ and CISSP are both non-technical. However like others have mentioned if you can’t pass Security+ first, you don’t stand a chance at the CISSP.
Sec+ is so basic. You need to learn more just to be able to have things explained to you.
Get. The. CISSP.