CISSP: Self study, bootcamp?

Hello,

Even though I've worked in InfoSec projects in the past, I believe I will have to tosy (hard) to get a CISSP certification. While I understand that you can't get away with not reading the CBK, and one bootcamp thread I've found is from 2009, I'd like to ask:
1 - Self study: what books are recommended, that also cover the 2015 changes? I've put on my Amazon cart the following:
- CBK (of course!!)
- Eleventh Hour CISSP, Second Edition: Study Guide by Eric Conrad
- CISSP All-in-One Exam Guide, 6th Edition by Harris, Shon 6th (sixth) Edition (2013) by McGraw-Hill Osborne
- CISSP Practice Exams, Third Edition by Shon Harris
- CISSP Exam ExamFOCUS Study Notes & Review Questions 2015 (No Frills Exam Prep Books) by ExamREVIEW

2 - Bootcamps: I'm pursuing my certification without my company's sponsorhip (and knowing about it - want to move to a different area there later). ISC2's website lists a bunch of companies, and they pretty much charge the same: $2495 - Training Camp is $3695. Do you know whether the companies charging $2495 also include the exam fee? Any feedback on TrainingCamp and what the extra money is for? I was checking into SANS, but it's almost $5K.

3 - Any opinions about self study vs. bootcamp? I can put a good 20 hours/week of self study (including weekends) to avoid a bootcamp. But when i got my PMP certification, a bootcamp I attended was well worth the money (and of course, it was $1.5k).

Thanks!

Find more posts tagged with

Comments

TheFORCE

megablue wrote: »

Hello,

Even though I've worked in InfoSec projects in the past, I believe I will have to tosy (hard) to get a CISSP certification. While I understand that you can't get away with not reading the CBK, and one bootcamp thread I've found is from 2009, I'd like to ask:
1 - Self study: what books are recommended, that also cover the 2015 changes? I've put on my Amazon cart the following:
- CBK (of course!!)
- Eleventh Hour CISSP, Second Edition: Study Guide by Eric Conrad
- CISSP All-in-One Exam Guide, 6th Edition by Harris, Shon 6th (sixth) Edition (2013) by McGraw-Hill Osborne
- CISSP Practice Exams, Third Edition by Shon Harris
- CISSP Exam ExamFOCUS Study Notes & Review Questions 2015 (No Frills Exam Prep Books) by ExamREVIEW

2 - Bootcamps: I'm pursuing my certification without my company's sponsorhip (and knowing about it - want to move to a different area there later). ISC2's website lists a bunch of companies, and they pretty much charge the same: $2495 - Training Camp is $3695. Do you know whether the companies charging $2495 also include the exam fee? Any feedback on TrainingCamp and what the extra money is for? I was checking into SANS, but it's almost $5K.

3 - Any opinions about self study vs. bootcamp? I can put a good 20 hours/week of self study (including weekends) to avoid a bootcamp. But when i got my PMP certification, a bootcamp I attended was well worth the money (and of course, it was $1.5k).

Thanks!

Having attended a 1 week Bootcamp/seminar (paid for the company, which costed them 3K) I would say if you are going to self study 20 hour a week to not go for the bootcamp. It is a waste of money and you will get the same knowledge by asking questions in this forum or searching on google. What they emphasize a lot is techniques on taking the exam and preparing you mentally. If you have already taken exams, then you have some experience. Go with self study.

NetworkNewb

SANS, only $900 with work study program. https://www.sans.org/work-study/

(I feel like I post this info alot)

riyan

It sounded like unpaid assistant. i.e. you will pay to SANS to be class assistant.
May be good for students or interns but not for employed persons.

Yup boot-camps will not be of much assistance to you.

NetworkNewb

Its pretty much $4000 off the course and exam... I'll take that as "unpaid assistant". I'm employed and the only way my company would pay for the SANS training was if I got in the work-study program. They are also paying me for the week I'm taking off to do this as well.

kiki162

Mega - I've done the bootcamp route for CISSP, and I think you can do it on your own. Some people are really good test takers, and some take a few times before they pass, so it really depends on you. The hard part is sitting down and commiting yourself and preparing properly for it.

I've also used CCCure and Transcender for testing engines, along with the Harris and Conrad Books.

For SANS, go ahead and apply for the work study program, especially if you can't afford it. There are lots of ppl that have taken that route on here. I've signed up for 2 this year.

cyberguypr

Not unpaid assistant. More like a chance to take a $5000+ class and the corresponding cert for $900 and helping out a bit. Any decent employer will recognize the value of SANS training and more so the Work Study Program. I've done it twice on my dime and once on the company's. Even when I paid for it my employer gladly gave me the time to attend the training. Again, any decent employer will do this. It's a two-way street.

renacido

I recently (post April 15) went through a CISSP boot camp with TrainingCamp. My thoughts...

The boot camp was a cursory review seminar of the CBK study guide, which needs a lot of revision to eliminate repetition, fluff and content errors (off-the-cuff examples of errors: incorrect definition for non-repudiation; incorrect information on advantage of RAID 6 vs RAID 5). I got little if anything from this particular boot camp honestly, only those new to security would have learned anything there and those folks should not be taking the CISSP.

Boot camps can be great for an immersive hands-on experience right before an exam, and one advantage of TrainingCamp is they include the exam fee and to my knowledge always have a Prometric testing facility on-site, so you cram for a week then immediately take the exam with all the info fresh in your brain. This can be very advantageous, but not in this case IMO. This exam is not well suited for 5 days of cursory review of a 800+ page book covering 8 domains that are essentially over a dozen topics on security. Even spending 12 hours a day in the classroom is not enough time to cover the material in any significant detail especially when you consider the time you lose in off-topic stuff or fellow students bringing in their marginally-relevant work anecdotes into it. Our instructor was energetic and well-meaning but honestly it was apparent that he'd been a full-time instructor and tech writer for many years and therefore had no recent relevant security experience of his own to bring to the lecture. This was not the case when I took a Microsoft boot camp at TrainingCamp, in that session the instructor was a master of the profession who taught and consulted 50/50 so he had tons of real-world experience that added lots of depth and dimension to his lecture. Unfortunately a guy can get his CISSP (or C|EH, CISM, whatever) years and years ago, keep up with the minimum CEUs to keep his cert, and teach boot camps full-time for years and years afterward even though they haven't done the job in years. From my experience and that of my junior analysts who I've sent to boot camps, the experience and the results gained are hit-or-miss.

My recommendation is self-study until you feel you are ready for the exam, and if you want to take a boot camp just to polish or fill gaps or get away from everything right before the exam, go for the boot camp. But if you are already a security pro and just need to work on some weak areas where you haven't done much work in, your time will be much better used with study guides, practice exams and Google.

I love boot camps for hands-on skills but CISSP is for creating and managing an enterprise security program/organization, not for hands-on ethical hacking/network defense in the trenches.

megablue

Thanks everyone - all good information!

I'll buy some books (any comments re: the list I publish at the top??) and study on my own. If I'm not getting good results using sample tests, I may sign up for the work/study from SANS, but that'd be spending 2 vacation weeks: one for the "work" and one on their bootcamp. Still, I will check that later if needed, thanks again for the info!

As far as experience with bootcamps, the one I did for PMP 10 years ago was really on how to cram information in sufficient level and detail ***to pass*** the PMP exam, which I took a couple of weeks later. Good thing is that I was already doing lot of PM work and had read their book of knowledge 5 times before the bootcamp.