Passed CISSP This Morning
O... M... G... It was a roller coaster ride today.
Background
I have been in IT forever and a day, from back when dinosaurs roamed the earth and bugs were always things with wings. Work history includes everything except building/managing WANs - business and systems analysis, programming, operations management, project management, strategic IT planning... Been there, done that, survived various disasters, still learning. Currently working full time as part of an enterprise security team.
Quantitative
Started exam at 8:00. Finished first pass around 9:30, took a quick bio break, reviewed all 250 questions and answers a second time as a sanity check to assure I did not miss key words (Most, Not, Advantage/Disadvantage, etc.) Finished and received results by 10:40. Shocked I passed.
Qualitative
So, how did my morning really go? I got up early, like a normal work day, and dropped into a local Starbucks around 5:00 for my normal early breakfast, a latte and croissant. I hung out there until 6:30, reviewing key concepts. I drove to the testing center, parked and reviewed a few last definitions, waiting for the door to open at 7:30. I was a little nervous, but not too bad. I thought I was fairly well prepared.
Check in went smoothly, and I was seated in the testing room. The first two or three questions seemed clear and easy... Then I crested the top, and dropped over the edge... In the next 10 minutes, I became sure that I was not going to pass, and decided that I would never attempt this crazy exam again. Shaky, running hot and cold from nerves, I made myself stop several times, close my eyes for a few seconds, wipe my sweaty mouse hand on my jeans, and breathe before continuing.
The exam alternated between two polar opposites when it came to questions. There would be several questions in a row that were clearly stated, and with some understanding of the given situation, could be analyzed, assessed and answered. Then I would drop off another edge into a group of questions which were "ambiguous".
Now I've read others talk about this, but I thought they meant the question was ambiguous in relation to which answer was best for a scenario. What I experienced is that the questions I found frustrating were often expressed with ambiguous English wording. I grew up speaking (American) English, love to read and have strong reading comprehension. However, I am still puzzled over one question where I had trouble determining whether "attacks on" meant "attacks against" or "attacks within". (I am trying to give an example without violating the terms, so please don't ask for any details on this.) One of the skills I value most is the ability to talk with people in terms they understand, to gather relevant information, and provide effective recommendations. No chance for that on an exam.
When I finished and was escorted out of the testing room, I was literally sick with dread (queasy). The proctor asked if I was supposed to receive printed results, and I told him yes, so that I would know if I passed - or what my worst areas were, if I didn't. He checked my ID again, printed one page, and handed it to me face down, saying he wasn't allowed to look at it. When I turned it over and read the first word, "Congratulations", I was shocked, still shaky, and my eyes teared up. I couldn't read the rest of it. I sat in my car for 5 minutes to regain my composure before driving home. This was by far the strangest, craziest testing experience.
Preparation
ISC2 and AIO - with all due respect, bought both and could not read either one
SANS 414 Online - went through several times, lots of notes taken in workbooks
GISP Practice Exams/Exam - harder questions, better written, not ambiguous
Eric Conrad Study Guide 2nd - well written, used for life cycles and as reference
Eric Conrad 11th Hour - condensed version of study guide; used study guide more
Real Life Experience - sometimes, it was the deciding factor in my choosing an answer
Other Practice Quizzes
SANS 414 domain quizzes - good for drilling
Elsivier/Eric Conrad Study Guide 2nd Edition online practice exams - also good, but a little easier
The people who share their comments on this forum are an invaluable support group, and have provided much advice and encouragement along the way. Thanks so much!
Background
I have been in IT forever and a day, from back when dinosaurs roamed the earth and bugs were always things with wings. Work history includes everything except building/managing WANs - business and systems analysis, programming, operations management, project management, strategic IT planning... Been there, done that, survived various disasters, still learning. Currently working full time as part of an enterprise security team.
Quantitative
Started exam at 8:00. Finished first pass around 9:30, took a quick bio break, reviewed all 250 questions and answers a second time as a sanity check to assure I did not miss key words (Most, Not, Advantage/Disadvantage, etc.) Finished and received results by 10:40. Shocked I passed.
Qualitative
So, how did my morning really go? I got up early, like a normal work day, and dropped into a local Starbucks around 5:00 for my normal early breakfast, a latte and croissant. I hung out there until 6:30, reviewing key concepts. I drove to the testing center, parked and reviewed a few last definitions, waiting for the door to open at 7:30. I was a little nervous, but not too bad. I thought I was fairly well prepared.
Check in went smoothly, and I was seated in the testing room. The first two or three questions seemed clear and easy... Then I crested the top, and dropped over the edge... In the next 10 minutes, I became sure that I was not going to pass, and decided that I would never attempt this crazy exam again. Shaky, running hot and cold from nerves, I made myself stop several times, close my eyes for a few seconds, wipe my sweaty mouse hand on my jeans, and breathe before continuing.
The exam alternated between two polar opposites when it came to questions. There would be several questions in a row that were clearly stated, and with some understanding of the given situation, could be analyzed, assessed and answered. Then I would drop off another edge into a group of questions which were "ambiguous".
Now I've read others talk about this, but I thought they meant the question was ambiguous in relation to which answer was best for a scenario. What I experienced is that the questions I found frustrating were often expressed with ambiguous English wording. I grew up speaking (American) English, love to read and have strong reading comprehension. However, I am still puzzled over one question where I had trouble determining whether "attacks on" meant "attacks against" or "attacks within". (I am trying to give an example without violating the terms, so please don't ask for any details on this.) One of the skills I value most is the ability to talk with people in terms they understand, to gather relevant information, and provide effective recommendations. No chance for that on an exam.
When I finished and was escorted out of the testing room, I was literally sick with dread (queasy). The proctor asked if I was supposed to receive printed results, and I told him yes, so that I would know if I passed - or what my worst areas were, if I didn't. He checked my ID again, printed one page, and handed it to me face down, saying he wasn't allowed to look at it. When I turned it over and read the first word, "Congratulations", I was shocked, still shaky, and my eyes teared up. I couldn't read the rest of it. I sat in my car for 5 minutes to regain my composure before driving home. This was by far the strangest, craziest testing experience.
Preparation
ISC2 and AIO - with all due respect, bought both and could not read either one
SANS 414 Online - went through several times, lots of notes taken in workbooks
GISP Practice Exams/Exam - harder questions, better written, not ambiguous
Eric Conrad Study Guide 2nd - well written, used for life cycles and as reference
Eric Conrad 11th Hour - condensed version of study guide; used study guide more
Real Life Experience - sometimes, it was the deciding factor in my choosing an answer
Other Practice Quizzes
SANS 414 domain quizzes - good for drilling
Elsivier/Eric Conrad Study Guide 2nd Edition online practice exams - also good, but a little easier
The people who share their comments on this forum are an invaluable support group, and have provided much advice and encouragement along the way. Thanks so much!
Comments
-
Robicus
Member Posts: 144 ■■■□□□□□□□
Congratulations! I can totally relate!
Well deserved,
Cheers,What's Next? eLearnSecurity's eCIR
MSISE, CISSP, GSE (#202), GSEC, GCIA, GCIH, GPEN, GMON, GCFE, GCCC, GCPM, eJPT, AWS CCP -
RiverLiver
Member Posts: 14 ■■■□□□□□□□
Lot of tests were taken today. Congrats! It's great when all the hard work pays off. -
Codyy
Member Posts: 223 ■■■□□□□□□□
Congrats, I passed on the 14th as well and completely agree on the ambiguous wording of some questions. That was extremely frustrating and needs to be changed, the exam is challenging enough without having to decipher their wording.
-
mjsinhsv
Member Posts: 167
Congrats on the pass and great review.
The ambigulities does make your head spin.
You smoked that test at completing your first pass in 1.5 hours. -
LionelTeo Member Posts: 526 ■■■■■■■□□□
Congrats for passing the CISSP! Hope that taking the GISP route helps you on that! -
RiverLiver
Member Posts: 14 ■■■□□□□□□□
The ambiguity issue is made worse by the fact that it's possible those type of questions are part of the 25 that don't count. I was trying to keep track of the 'ringers' by writing down the question number on my scratch pad. I was able to identify about 10 that I would say for sure were ringers. Not only was the content of the questions referring to things that I never heard of but the way the questions and the answers were written looked like they were a work in progress. That left at least 15 that I didn't identify as ringers so I may have been struggling over ambiguous questions that didn't count anyway. Interesting concept that 10% of the test are ringers and possibly not up to the same standard as the rest of the test.
-
GForce75
Member Posts: 222
Congrats!Doctoral Candidate - BA (33/60hrs) ~ MBA/Project Management ~ BA/Business-IT -
justjen
Member Posts: 77 ■■□□□□□□□□
For my exam, the 'ringers' were mostly pretty easy to pick out of the crowd. The ones I noticed generally covered best practices/security concerns for technologies that I had not encountered in any of the study materials I used; some I recognized from previous SANS courses/GIAC exams. I answered them all anyways, as best as I could, as there are no guarantees which are which.RiverLiver wrote: »The ambiguity issue is made worse by the fact that it's possible those type of questions are part of the 25 that don't count. I was trying to keep track of the 'ringers' by writing down the question number on my scratch pad. I was able to identify about 10 that I would say for sure were ringers. Not only was the content of the questions referring to things that I never heard of but the way the questions and the answers were written looked like they were a work in progress. That left at least 15 that I didn't identify as ringers so I may have been struggling over ambiguous questions that didn't count anyway. Interesting concept that 10% of the test are ringers and possibly not up to the same standard as the rest of the test. -
justjen
Member Posts: 77 ■■□□□□□□□□
Thanks! I typically only do one fast pass on exams, and don't flag anything, as I either know it or I don't.Congrats on the pass and great review.
The ambigulities does make your head spin.
You smoked that test at completing your first pass in 1.5 hours.
I almost didn't do the second pass, and just 'rolled the dice'. We never know, but I don't think skipping the review pass would have made a difference for me, as I only changed a few answers, where I had obviously read the question too fast the first time around, and missed a key word. -
justjen
Member Posts: 77 ■■□□□□□□□□
The SANS MGT414 Prep for CISSP Exam online/on demand course and the GISP practice exams/real exam definitely helped me out. I just don't have the patience to read lengthy technical books that are not well structured.Congrats for passing the CISSP! Hope that taking the GISP route helps you on that!
I did forget to note my other practice quiz materials, and will add these into my first post:
SANS 414 domain quizzes - good for drilling
Elsivier/Eric Conrad Study Guide 2nd Edition online practice exams - also good, but a little easier -
Spin Lock
Member Posts: 142
Congrats on passing justjen! Well done.
I don't mean to hijack your thread, but you have an impressive list of GIAC certs. I presume that means you've taken the SANS courses in preparation for the certs? If so, I'd love to get your take on SANS. I know the classes are good, but are they worth the money?
I'm asking because I passed the CISSP last week and I'm pondering the GSEC....but $5K? -
justjen
Member Posts: 77 ■■□□□□□□□□
Thanks! I'm still walking on air.Congrats on passing justjen! Well done.
I don't mean to hijack your thread, but you have an impressive list of GIAC certs. I presume that means you've taken the SANS courses in preparation for the certs? If so, I'd love to get your take on SANS. I know the classes are good, but are they worth the money?
I'm asking because I passed the CISSP last week and I'm pondering the GSEC....but $5K?
I think there are a number of people around here with far more than my handful of certs. That being said... Yes, I took the corresponding SANS course for each of my GIAC certs. Two of my SANS courses were paid for by my employer, and the other two I worked for or paid for myself. I transferred laterally into information security in 2008, and these courses have been key in deepening my understanding and shaping my perspective on information security. And - yes, it was worth it for me.
Some of the core GIAC certifications are showing up more often in position announcements, so I am glad that I have the ones I do. I did learn a lot from each course, particularly in areas where I had little hands-on experience. This has been very helpful during my career transition. Have I experienced a huge career bump or pay increase? Not yet, but I enjoy the job I have now, and have little incentive right now to change employers in my area of the country. I plan to start watching for new opportunities in a few months, but expect it to be a slow process.
The free course I earned from SANS involved sending in comments when I found problems in a course's materials. I was offered a free course in exchange for reviewing that course's materials in detail. I provided 100s of review comments to the course author. I am very detail oriented and can be obsessive. My comments included grammatical errors, misspellings, and missing or misplaced text, in addition to technical errors and omissions in the text, command syntax or diagrams. Because SANS updates their courses frequently and the course workbooks are living documents, it's easy for little errors to creep in over time.
I like the online OnDemand training because you can go back over as much as you want, if and when you want, for a four month period. They provide good support for their online classes, so it works well for me. The 'books' are what I consider workbooks, as they provide the basic slides and slide notes, but not the wealth of information provided by the instructors. The online courses also include access to audio tapes captured from a different session, so you do get the benefit of two different instructors covering the same materials, which adds more depth. If you learn better by seeing and hearing, it's great - much easier to absorb, than plowing through reams of paper in printed doorstops on your own.
If you aren't in a great rush, you might try watching their promotional emails. SANS sometimes offers between $400 - $800 discounts on their week-long courses. Also, if you buy the exam when you buy the course (the package deal), then the exam is discounted to $600 as well. -
Spin Lock
Member Posts: 142
Thanks for the advice and the sharing your impressions on SANS. Excellent feedback. Really appreciate your insight
-
papadoc
Member Posts: 154
Congrats and well done. I can relate to having to regain composure after the exam a bit too -- the pass hits you like a ton of bricks when you realize how much you neglected your family (wife and kids) from all the studying.
-
RiverLiver
Member Posts: 14 ■■■□□□□□□□
I didn't think about it until afterwards but the front desk lady who handed me my results paper told me to 'drive safely'. I tried to keep my cool when I read the result but my hands were shaking as I tried to put the paper in my coat pocket and I think she thought I was all discombobulated.
I was.
-
justjen
Member Posts: 77 ■■□□□□□□□□
The relief of passing when I thought I surely had failed... still seems amazing more than a day later.
One pass, done, and out - no flagging and no review. That's my normal style. If I know the material going into the exam, it is usually not difficult for me to complete even an 'open book' exam without using any books; not flipping through and searching multiple books cuts down the time required to finish even more. The less time spent in an exam room, the better. -
EasyPeezy
Member Posts: 111 ■■■□□□□□□□
Congratulations...2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR -
impelse
Member Posts: 1,237 ■■■■□□□□□□
CongratsStop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack.
