["Followup-To:" header set to alt.computer.security.]
On 2005-09-08, John MacLean <jmaclean@toshiba.ca> blabbed:
> I have passed the CISSP exam few month back. I have almost 14 years
> experience in the IT field, support, networking, and routing. I
> thought that adding security to this profile will be cool. . I
> prepared for it just like any other exam; I read the right books,
> studied well and passed. The problem is that now few months later I
> feel that I have forgot everything. I want to apply for a security
> consultant position, but I feel that I lack the confidence to fulfill
> this position. What went wrong????
> I am willing to devote time and effort to bridge the gap and rebuild
> this "Security skill set" but I don't know where to start or what book
> to read. Please guys advice!

A piece of paper isn't a substitute for experience. Unless you are
actively using a piece of knowledge you're not going to remember it.
Security isn't something that is learnable by just reading a book and
taking a test, like most things people do well it's something you gain
by sweat perserverence in the field, applying good security procedures
and methodology, and evolving with the field as it grows. Get a low end
job in security (eg: a job where you have someone else backing you up,
since you're not an expert)-- you've got your paperwork, find out what
specifics you want to follow and learn what you need to know. Once you
do that you'll be able to apply your knowledge in the field with more
confidence and know that you're not blowing smoke up a future employeers
ass.