EC-Council C|CISO Exam - Experience Anyone?

wauger

Hi All,
I am new the forums and am interested in anyone's feedback or experience in sitting for the EC-Council's C|CISO (Certified Chief Information Security Officer) exam. Personally I have the necessary professional skills and feel I am well experienced already to take the exam without the need to purchase EC-Council's expensive instructor led or self-study training options. Has anyone take this exam? Any thoughts as to the difficulty level of the questions for someone who has 10+ years as an active leader in the IT Security domain?

Thanks all!

SaSkiller

You couldn't pay me to take it.

Its a direct money grab from the CISSP. CISSP provides name recognition. I dare you to find anyone who knows what this cert is.

Ecc spent unneded effort developing this cert rather than improving the issues with their other certs, or dealing with dissatisfaction within their membership program.

wauger

Thanks SaSkiller. I know that the EC-Council certs (like CEH) are not very well regarded from those that know better, and I presumed that the CCISO would not be much different. Still, I would like to add this cert to my portfolio as I am aware of some recruiters (who might know better) looking for this as credential as a qualifier for security management positions.

So, anyone who has sat for the CCISO exam - appreciate your advice on the nature and degree of study required for a seasoned InfoSec professional!

steveukozus

Hi there,

I don't share the negativity of the previous poster, IMHO the quality and intent of this course has nothing to with perceived failings in their other certs.

i studied for this certificate earlier in the year and took the exam in March after getting my career experience validated. I felt that the online course videos were well put together and tightly aligned with the official text book and exam syllabus. My only criticism was intermittent content streaming interruptions which meant I had to keep stopping and starting the feed (but possibly this was just my ISP connection rather than the EC Council hosting/delivery server setup).

The supporting text book is excellent, and I found it extremely coherent and educational. For me it was a pleasure to read and I kept thinking to myself this is fantastic as the viewpoints and explanations consistently mapped onto my own work experience and opinions.

The exam itself was reasonably difficult and there were scenario questions where you had to apply your broad knowledge on how to lead and sustain security programs in politicised corporate environments. I would place the difficulty of the material and the exam questions at CISSP-ISSMP level.

I would highly recommend this certification, it is a great knowledge booster for candidates with the right experience and you should remember that the principal author is a well renowned CISO himself.

My recommendation is to buy the online course and the official text book/BOK.

I'm far prouder to have this cert on my CV anything from (ISC)2 or ISACA (and I have a few). Further, the experience/validation process is more rigorous than any of those two plus there is a very active C|CISO community to network with, especially in the US.

Best of luck with it (definitely money and time well spent if you have a true CISO mindset or want to give yourself every advantage to be successful in that position),

S

wauger

Thanks Steve for the guidance. Congrat's to you for passing the exam! Did you assess your pre-study skills by taking the EC-Council's official practice exam? I have many years experience in running an Information Security program and fared well. In your experience would you say that the online courses and the course work book are necessary? They are both fairly expensive in their own right and would rather not waste my money if the practice test is indicatitve of the real thing. Appreciate your further advice!

steveukozus

Thanks for the congrats. In retrospect, I don't think the online iClass streaming videos are worth the investment. With your 10+ years of security program and leadership experience I would suggest to just buy the course book and read that over a say 2 week period depending on study time available.

The course book's written style is good and it really nails the subject very succinctly by roping in and consolidating a huge amount of Infosec material (it's like a selective CISM/CISA/CGEIT/CRISC/CISSP-ISSMP rolled into one). it provides an excellent recap and journey across the whole SDLC. The principal author was/is involved with the CGEIT and the CISSP-ISSMP exam boards and that shows. You will be able to combine your practical expertise with refreshers on common regulatory/industry compliance frameworks and risk management models etc.

I did not take the practice exam. I went through a work experience validation process with nominated referees. I initially looked at the grandfathering scheme back in 2013 but I decided against it as I prefer to get a qualification by being tested. It was the same with the CRISC, I opted to sit the exam on that as well rather than take the the easier grandfather route in 2010.

The exam is multiple choice with some scenarios thrown in as I recall.

Don't underestimate the peer networking enabler of this exam; the C|CISO community is very active. Like all certifications it could be made harder but they do verify your experience as having held a security leadership position over x years and in x domains which adds more legitimacy to this cert.

Regards,
Steve

wauger

Great insight Steve! Thank you very much, it is very helpful!

jaayw1

Thank you for you insight. I am currently reading the CISO BOK as well as the ISC2 CISO Leadership: Essential Principles for Success book, written by the same instructor who teaches the EC-Council CISO course. My employer purchased the iLearn Course, so I can study for the exam. I am currently the ISO for my organization and hopefully this will validate my experience.

Thanks for the feedback.

jaayw1

After submitting the required application for eligibility and waiting about 3 weeks, my former CEO, CIO, and Sys Admin Director emailed me to inform me they returned a request for validation of my experience. I got my email for approval to sit and my voucher number, so I am more anxious to study hard and sit for the exam.

Anyone sit for this exam this year??....looking for any information on the possible content of the exam. I feel I am overthinking it due to the 250 questions in 4 hours (240 minutes) less than a min per question, so I'm thinking they are straight forward multiple choice with a few scenario based questions thrown in the mix.

Mike7

Have you tried http://ciso.eccouncil.org/cciso-assessment/

jaayw1

UPDATE: Took the C|CISO exam and passed, the content was pretty straight forward based on my security management experience. Not as many technical questions on the exam, a lot of knowledge comprehension questions.

I'm going to continue reading CISO books and looking to get my CRISC in June 2016 to get a better handle on Risk Management.

Stay Tuned....

Mike7

Congrats.

EasyPeezy

Congrats... I might do this next based on the recommendation.

mubashir@engineer.com

Congratulations Dear, I am also filling up application so I can write CCISO Exam in April 2016.

TK1799_st

wauger wrote: »

Hi All,
I am new the forums and am interested in anyone's feedback or experience in sitting for the EC-Council's C|CISO (Certified Chief Information Security Officer) exam. Personally I have the necessary professional skills and feel I am well experienced already to take the exam without the need to purchase EC-Council's expensive instructor led or self-study training options. Has anyone take this exam? Any thoughts as to the difficulty level of the questions for someone who has 10+ years as an active leader in the IT Security domain?

Thanks all!

There is a competitor out there as well -- geared more so for Govt/Military entities: Mile2® - Cyber Security Certifications - Penetration Testing, Digital Forensics - C)ISSO

The guy who developed CISSP - developed this as an alternative.

C)ISSO Certified Information Systems Security Officer

colemic

Mike7 wrote: »

Have you tried C|CISO Assessment - EC-CouncilEC-Council

Interesting, I scored a 68. Questions were actually written by someone with a good command of English, unlike their other certs.

Overall I am not convinced of the value of this cert, compared to CISSP and CISM, and other ISC(2)/ISACA certs. I literally know of one person in real life who has this cert. I don't see the advantage of this one especially given its lack of name recognition.

Kind of a shame that ECCouncil lets the crappiness of their other offerings taint this one (at least to me.)

colemic

Mike7 wrote: »

Have you tried C|CISO Assessment - EC-CouncilEC-Council

Interesting, I scored a 68. Questions were actually written by someone with a good command of English, unlike their other certs.

Overall I am not convinced of the value of this cert, compared to CISSP and CISM, and other ISC(2)/ISACA certs. I literally know of one person in real life who has this cert. I don't see the advantage of this one especially given its lack of name recognition.

Kind of a shame that ECCouncil lets the crappiness of their other offerings taint this one (at least to me.)

Ghafar123

Many Congratulations to those who has successfully passed the CCISO Exam and also wish the best of luck for those who are seeking the certification.

I have around 2 years of experience in Information Security plus around 5 years in different IT Position, based on my very interest and skills in security, I have planned to take my EC-Council CCISO training in India but I will take the EISM exam because I do not have the required 5 years of experience in at least 3 of that domains.

Now, based on the book which is published on their site (https://ciso.eccouncil.org/) which is for purchase, there is written that covers all the below topics so I would like to know, does the Class training really includes all the following course topics deeply or it is only in the book and just contains some introductory information / topics on following standards.

1- CEH, CHFI
2- ISO 27000, 27001, 27002, 27003, 27004, ISO 15408, ISO 24762, ISO 31000
3- COBIT, ITIL, Risk management, Disaster Recover and ....


Currently, I know the following courses / programs:
1- CEH, Advanced hacking With Kali, CCNA R & S, CCNA Security, CCNP Security, MCSE, MCSA, Network+, Security+, Video, Graphics...
and i have studied computer programs for more than 8 years continuously including topics regarding IT, Video Editing, Graphic Designing which my field of work / experience is IT / Information Security.

Please leave your comments and ideas !

Regards;
Abdul Ghafar