This looks like a terrific book. I've got my fingers crossed that I'll win - again. Only this time I'll check the winners notice in time to claim my prize .
I notice that author Christopher Steel is a CISSP. Do you have any thoughts to share on the value of preparing for and attaining this certification? How much weight would you give this qualification when considering a candidate for a job as a security professional? For what sort of position(s) would it be most relevant?
Bridget, unlike many of the other certifications out there today, the CISSP is still regarded very highly throughout the security industry. If you are looking for a security related job or if you are a consultant looking to get security related contract positions, I would highly recommend it. The CISSP requires a broad range of security knowledge and you have to continuously earn credits through training, seminars, etc. to maintain it. The downside is that the certification in general is very broad. I would not weight the certification too highly when hiring a developer for example. While it is a good indication that a person has studied hard for the exam and performed the pre-requisites, it does not reflect any coding or design experience. If you decide to take the CISSP, I would recommend one of several ceritication study guides as well as an online test,