Who took CISSP test after April 15th so far?

barman

Please share your thoughts, although you probably do not have the results yet.
I haven't heard from anyone here who took the exam. Does it really mean that nobody actually took it or actually everyone is awaiting for the results to appear?
Although you haven't been given the results yet, please tell us how it was. Specifically, if you started learning before April 15th - how far was it from the "old" material?

I'll probably take the exam on May 20th. I'm not sure yet if that's too early for me.

Thanks.

melvinfz

Hi Barman,

Me too planning to answer this month . which materials are you referring too ? i am using shon harris and cccure questions ..Did not get the new ISC2 version 4 book.

flipflop4567

I'm scheduling my test for next month. I have the new IC2 CISSP book on the way along with using material from the boot camp I went to in March. If anyone has anything else, please share. I will share what I can when I get it. I have seen minimal information about the new exam.

abelamorales

Hi Barman,

There are quite a few posts on people that have taken the exam post April 15th. Run a search and you'll find a few.

barman wrote: »

Please share your thoughts, although you probably do not have the results yet.
I haven't heard from anyone here who took the exam. Does it really mean that nobody actually took it or actually everyone is awaiting for the results to appear?
Although you haven't been given the results yet, please tell us how it was. Specifically, if you started learning before April 15th - how far was it from the "old" material?

I'll probably take the exam on May 20th. I'm not sure yet if that's too early for me.

Thanks.

melvinfz

Hi Flipflop , Do you have a soft copy of the ISC2 book fourth edition ? if yes could you send it to me please ..

cyberguypr

Melvinfz, any particular reason why you don't go the legal/ethical way and purchase the electronic version of the book?

beads

(*LOL!*)

cyberguypr wrote: »

Melvinfz, any particular reason why you don't go the legal/ethical way and purchase the electronic version of the book?

Thank-you for making my Monday morning. There no reason not to trust security people with an ethos as above.

I need a tissue to wipe my eye...

- b/eads

E Double U

cyberguypr wrote: »

Melvinfz, any particular reason why you don't go the legal/ethical way and purchase the electronic version of the book?

You don't have to be ethical until after you are certified.

renacido

My thoughts from taking the exam 2 days ago:

I have 15+ years experience in infosec and 9 years doing it as my primary role. I'm a Sr Security Analyst for a large company in the energy industry. Didn't need CISSP to get or keep my job or anything but CISSP is the grand-daddy security cert so for credibility with peers and to eliminate any HR hurdles for future promotions I took the exam.

Took an ISC2 "boot camp" that was essentially a 5-day CBK review to finish up my exam prep. Aside from the CBK (new 2015 version) I used the standard array of 3rd party study material to bone up on a couple of domains I don't deal with much.

I didn't find the exam to be too difficult in terms of the content you are tested on, though of course you have to deal with tons of questions that are, "Choose the BEST/WORST ANSWER or MOST/LEAST IMPORTANT FACTOR" which is basically, "Choose the least shitty answer from the following options".

The new CBK is poorly edited, my colleagues from the boot camp found more than a few errors not in grammar but even worse in content. There is repetition throughout and tons of irrelevant/outdated material (for example, token ring topology gets more coverage than 802.1x or next-gen firewalls) and the flashcards that come with the CBK book were almost definitely produced by sending a list of vocabulary to the cheapest non-native-English speaking guys on Elance to produce some flashcards for $3. If anyone would like a free deck of ISC2 flashcards, they're in a trashcan at the San Antonio Airport Marriott.

Unfortunately for us taking the new exam up to this point, we didn't get our results immediately after and may have to wait up to 6 weeks until ISC2 has sufficient subjects for psychometric analysis of the new test. So we're stuck in limbo wondering if we are good to go or need to retest. I felt good after taking the exam but with all of the "choose the least shitty answer" questions I can't count my chickens until they hatch.

My last thought on this is about the cert in general. I've observed a trend of entry-level or non-security-focused IT folks testing for CISSP as if it were an entry-level security cert. I know some of this is due to HR ignorance of other security certs and also the value of other IT certs for security pros. This is not good for anyone. It puts pressure on unqualified candidates to get this management-level cert by whatever means necessary, it produces "paper CISSPs" who managed to pass the test with little or no security experience, and as such devalues the certification for all. It also is the WRONG CERT to use to qualify applicants for the MAJORITY of infosec jobs so it serves against the best interests of the employers as well. Why would a hiring manager prefer a CISSP over CEH, GPEN, or OSCP for a pentester? Or prefer CISSP over SSCP, Sec+, or GISF for an entry-level SOC analyst? Or CISSP vs CISA for their IT auditor? Or ESCA/GCIA/GCIH for their heavy hitter network defenders? Why is GSEC not equally accepted (or preferred)?

I think maybe we as a profession need to educate hiring managers and new infosec guys both on what skills and knowledge are needed and for which role at what level. We don't need 100K more guys who can regurgitate a few factoids about twisted pair cabling or exterior lighting but can't identify and contain an infection, harden a network, find exploitable vulnerabilities before the blackhats do, prevent an intrusion from becoming a breach, or ensure that the pissed off ex-sys-admin doesn't steal the crown jewels from the Starbucks across the street after he cleaned out his desk.

Good luck to all taking this challenge on.

joshmadakor

renacido wrote: »

My thoughts from taking the exam 2 days ago:

I have 15+ years experience in infosec and 9 years doing it as my primary role. I'm a Sr Security Analyst for a large company in the energy industry. Didn't need CISSP to get or keep my job or anything but CISSP is the grand-daddy security cert so for credibility with peers and to eliminate any HR hurdles for future promotions I took the exam.

/snip

Thank you for the post. Do you feel the bootcamp prepared you well for this exam? I'm trying to figure out the best way to prepare for the exam, as I'm finding reading the CBK 4th Edition to be incredibly difficult.

renacido

joshmadakor wrote: »

Thank you for the post. Do you feel the bootcamp prepared you well for this exam? I'm trying to figure out the best way to prepare for the exam, as I'm finding reading the CBK 4th Edition to be incredibly difficult.

FWIW, you are not alone. We all found the new CBK to be a hot mess. ISC2 is currently working on a revised edition but that is several months away from seeing the light of day.

The good news is that since the CISSP doesn't test on anything cutting-edge, the majority of testable content from last year to this year hasn't changed. You can use commercial study guides from last year for the bulk of studying and use the 2015 CBK to fill in the gaps. Take advantage of online video presentations and practice exams and break the domains into chunks to ease the boredom.

Book camps IMO are hit or miss in general based on the quality of the instructor and the material they use, and they are better suited for hands-on material with labs and exercises than for reviewing a book of almost 900 pages in just 5 days. The one I went to was with trainingcamp dot com and honestly for me the time would have been better spent on my own with a good study guide or two and some practice exams.

The boot camp approach can be a good way to put the final polish on self study right before the CISSP exam but it is certainly no substitute for a reading the books and having significant experience in at least a few of the domains. Your background in IT will of course get you through the basic networking stuff, but this is not a cert to walk into the boot camp cold and pass the exam a week later. Even very experienced guys would need to spend significant time with it because it is so broad in scope and the questions often test how well you know the references, not just your ability to explain best practices or identify right vs wrong in a problem-solving scenario.

Good luck, hope this helps.

beads

Redacted quote:

"My last thought on this is about the cert in general. I've observed a trend of entry-level or non-security-focused IT folks testing for CISSP as if it were an entry-level security cert. I know some of this is due to HR ignorance of other security certs and also the value of other IT certs for security pros. This is not good for anyone. It puts pressure on unqualified candidates to get this management-level cert by whatever means necessary, it produces "paper CISSPs" who managed to pass the test with little or no security experience, and as such devalues the certification for all. It also is the WRONG CERT to use to qualify applicants for the MAJORITY of infosec jobs so it serves against the best interests of the employers as well. Why would a hiring manager prefer a CISSP over CEH, GPEN, or OSCP for a pentester? Or prefer CISSP over SSCP, Sec+, or GISF for an entry-level SOC analyst? Or CISSP vs CISA for their IT auditor? Or ESCA/GCIA/GCIH for their heavy hitter network defenders? Why is GSEC not equally accepted (or preferred)?"

Second to last thought, by the way. Its cool. Done it myself. If your not going to be all rainbows and peach sherbert about the exam you might end up next to me in the CISSP exam doghouse. Best to watch yourself as to what you say around these parts but you are absolutely correct in the above assessment. Unfortunately, these people's resume's end up on my desk or screen in spite of my best efforts to educated my IT recruiter, HR staff and various outside recruiters.

Thar she blows, mateys! The fail whale is in sight!

-b/eads

joshmadakor

renacido wrote: »

FWIW, you are not alone. We all found the new CBK to be a hot mess. ISC2 is currently working on a revised edition but that is several months away from seeing the light of day.

The good news is that since the CISSP doesn't test on anything cutting-edge, the majority of testable content from last year to this year hasn't changed. You can use commercial study guides from last year for the bulk of studying and use the 2015 CBK to fill in the gaps. Take advantage of online video presentations and practice exams and break the domains into chunks to ease the boredom.

Book camps IMO are hit or miss in general based on the quality of the instructor and the material they use, and they are better suited for hands-on material with labs and exercises than for reviewing a book of almost 900 pages in just 5 days. The one I went to was with trainingcamp dot com and honestly for me the time would have been better spent on my own with a good study guide or two and some practice exams.

The boot camp approach can be a good way to put the final polish on self study right before the CISSP exam but it is certainly no substitute for a reading the books and having significant experience in at least a few of the domains. Your background in IT will of course get you through the basic networking stuff, but this is not a cert to walk into the boot camp cold and pass the exam a week later. Even very experienced guys would need to spend significant time with it because it is so broad in scope and the questions often test how well you know the references, not just your ability to explain best practices or identify right vs wrong in a problem-solving scenario.

Good luck, hope this helps.

Thanks for the response and info

jumezurike

I am planning to take CISSP. Anyone with a clue of how to go about it. Any idea will help thanks.

Lesrec

I've taken the ISC2 course based on the new CBK and we were provided a Student's Guide, which I believe is similar to the official text 4th edition. Unfortunately, as stated above it contains quite a few errors and doesn't read well. It really feels all over the place. For example, encryption is spread amongst the domains and as a result it dives into technical details first...then history later on, then further applications are scattered about. As I knew the material it wasn't so bad, but it'd be a nightmare for those new to it.

Anyway, I've only used the new guide to learn the added parts, technologies, etc. Anyone taking this exam now is up against it...

jt2929

jumezurike wrote: »

I am planning to take CISSP. Anyone with a clue of how to go about it. Any idea will help thanks.

Check out the entire forum you are currently on. that should give you a start...

dustervoice

jumezurike wrote: »

I am planning to take CISSP. Anyone with a clue of how to go about it. Any idea will help thanks.

this might help. https://www.isc2.org/cissp-how-to-certify.aspx

renacido

beads wrote: »

Redacted quote:

Second to last thought, by the way. Its cool. Done it myself. If your not going to be all rainbows and peach sherbert about the exam you might end up next to me in the CISSP exam doghouse. Best to watch yourself as to what you say around these parts but you are absolutely correct in the above assessment. Unfortunately, these people's resume's end up on my desk or screen in spite of my best efforts to educated my IT recruiter, HR staff and various outside recruiters.

Thar she blows, mateys! The fail whale is in sight!

-b/eads

Are you saying you get censured by ISC2 if you say anything negative about CISSP? Seems far fetched.

Either way, I don't think there is anything "bad" about ISC2 or the CISSP certification, just that the materials are not polished and the cert is not a one-size-fits-all credential for all things cyber security.

beads

Naw, I complain every year to the (ISC)2 about being little more than a marketing agency with little else to show for there efforts and never been chastised in the least. Behind the scenes I have gotten a number of "your right but I can't say that in public" comments. No worries.

Now, there are people posting on this board who probably consider me to be a world-class ***** extraordinaire over the past several years - maybe that's true! These folks often equate effort with taking the exam and passing as the end goal. While skipping any ethical considerations in the process. I don't need these people as pseudo-peers and neither do you. You want to work with people who admit to regularly lying? What else are you capable of making up to get ahead?

Much as you, yourself expressed above, I tire of those who seek out a mid level certification without meeting any of the requirements but demand the respect that the cert once had. Its become a bit middling now and I'd rather hire people who are honest about not having the CISSP for the right reasons and train them myself, rather than taking a chance with a newly minted CISSP that I later find to be full of hot air. Actually, I did just hire an engineer without the CISSP and he'd better not fib anymore or he's gone. I say fib as he didn't know what he didn't know, kind of thing. Be wary of those who believe themselves to be experts with just a couple of years of experience with anything. Hence my "fail whale" comment.

No, I generally do not immediately trust security people. Trust is earned not dropped out like a snack from an on demand coin vending machine. Analogy needs a little polish but you get the idea.

-b/eads

renacido

I hear ya. I'm of the philosophy that most people who have the skills and deserve the respect that a cert is supposed to bestow don't need the cert to prove anything. We hired 2 analysts last year, neither of whom had any security specific certs. They are excellent, both have home labs, they love the work, they innovate and solve problems on their own. I'd so much rather take no cert guys who want to learn everything about our field than guys who have credentials out the wazoo but isn't someone I can rely on or have to micromanage.

renacido

Our hiring philosophy is hire the right people and build the skills they need into them.