Why did you take the CISSP?

Scottdt

I see a lot of journey threads with their passes and failures as well as the resources they used to get to that point. Don't get me wrong, these are absolutely wonderful. I think they are one of the best features of TE. I would absolutely love to hear more about what is/was the driving force behind the decision to take the CISSP? What do/did you expect going in? What do/did you expect coming out? How has it affected your IT career?

I'll start with myself, as Beads amazingly deduced in another URL="http://www.techexams.net/forums/isc-sscp-cissp/114442-why-do-people-hate-cissp.html"]post[/URL I am a freshly minted CISSP.

My driving force was self-validation (Do I know what the hell I'm talking about?), the material (Okay, I know what "that" is, what is the "right" term for it?), and finally some ROI via increased client engagements. I expected a beast of a test. I planned for 6-12 months of studying 4 hours a day 7 days a week. (I ended up studying significantly less) Another colleague of mine (actually my competitor) was also planning to take the test and he mentioned his study time of 1+ year. Holy crap!

Coming out of the test... well, I think I expected a little too much. This was not the shining pinnacle of infosec light that ISC2 had marketed and job searches validated. Instead, I had flashbacks of DR exercises and building hardening docs. Then sitting in front of the steering committee explaining everything while their eyes glaze over... Oh well.

How has it affected my IT career? A very pleasant surprise. The preparation for (not the test itself) really opens your eyes to the breadth of infosec related disciplines. It humbles and excites you knowing that all you "know," really isn't much of anything. Someone had compared the CISSP to taking your medical boards. It's a prerequisite, now you must choose your specialty. My specialty you ask? As "high-level" as I try to be, I have a strong feeling I'm going to keep circling back to technical roots and check out this OSCP-thing everything keeps raving about. (It's probably the BBS-er in me trying to re-live the "glory days.")

I leave this with Einstein's famous quote: "The more I know, the more I don't know sh**" (paraphrased ever so slightly)

dustervoice

Driving Force: Getting pass HR bots. I wanted to take CISSP back in 2007 but kept putting it off based on all the horror stories i've heard. After seeing it in every Job Posting i decided i had to face it.

Coming out of the test: Had a massive headache; Sitting for six hours was really painful. The test was a bit challenging but not as difficult as what people say. Shon Harris book is more than enough to pass. I believe the true value in the cissp is the preparation.

Effects of Passing: I most likely wouldn't have gotten the job i have now without it so i would recommend taking it.

636-555-3226

Driving Force: Job marketability. Nowadays I take tests to expand my knowledge and master new subjects. Back then, it helped land job interviews that I knew I was going to start looking for soon.

Coming out of the test: Angry at myself. Studied for months to memorize so much random technical stuff, esp. from the Shon Harris bible. To me it was an entire waste of time. I had maybe 10 questions relevant to any study materials, the rest was just general knowledge or question-thinking-over skills.

Effects of Passing: Got me in for any security interview I wanted. Nowadays there still really aren't enough security-certified people for jobs, back then it was like a desert full of dying dehydrated people and I was the only bottle of water for miles. Nowadays it's pretty much a prereq for any job in my area, so I'm glad I got it out of the way awhile ago.

Awilliam77

Driving Force - Self validation, also a pre-req for the senior level at my job

Coming out of the test - I think a lot of the study material is a waste of time. I'd really just recommend watching Cybrary or Larry Greenblatt's and supplementing when you need to. 45 days was enough for me.

Effects of passing - Knocking off a milestone and creating more marketability.

Mike7

Here goes.

Driving Force: Had heard of CISSP years ago when the exam was paper based. Decided against it due to all the horror stories and the fact that more than half the chapters in Shon Harris AIO were foreign to me. Was doing programming of internal business apps at that time. Later changed job to one that involves web applications for external customers including government. Security tends to hit you hard when your app is exposed to the internet. Had also moved on from programming to project management and later system network infra.

Was browsing Eric Conrad's CISSP book early this year and realised that CISSP is now computer based and I now have experience in most of the 10 domains. Even asset (physical) security was not new as we had just selected and moved to another data center.

The final driving force was the realisation that ISC2 will change exam outline from mid April. So scheduled exam for end March and started studying from February.

Coming out of the test: Had flu before entering. Despite not feeling well, I did not find the exam really difficult. Guess all the past work experience helps. Finished most of the questions by 2 hour mark and by 3 hour mark, I had reviewed all the questions several times. Click submit, collect result slip and celebrate.

Effects of Passing: The studying helps to consolidate infosec knowledge and open up my mind to the different aspects of security. With the knowledge gained and formalized, I went ahead and took CASP, CISM and CEH exams from April to July. Took the exams to increase knowledge and gain diverse perspectives. How so? Here is an example

gespenstern

Back in Russia I was an established professional with right connections. Since moving to the US I felt that I have to prove myself. And CISSP isn't particularly popular in Russia, there are something like 180 CISSPs compared to 60,000 in the US.

Test is tricky with logical traps, other than that it's a regular computer-based test, too long though. Passed in first attempt, didn't use any conventional materials for preparation.

Yeah, it allowed me to land a security consultant position with better pay, but I'm looking for more.

g33k3r

I am taking it for the learning experience. I'd say about %25 is new material for me (Governance, Software Development, and some legal). We just hired a new security manager and honestly certifications didn't really come into play. It was experience, knowledge, and personality were the most critical.

mistabrumley89

Driving Force: It was free. Check the block off on DoD 8750.1. Why not better myself, especially, if it's free?

Coming out of the test: Unsure if I had passed. The exam didn't feel difficult, but I was just uncertain. Huge sigh of relief getting the print-off from the proctor that I had passed.

Effects of Passing: Much more "compliant" as far as the 8750.1 baseline goes. Not really much of an effect other than that. I learned a few things.

paul78

Good thread - it's always interesting to read.

Driving Force: I always wondered about certifications and I was curious about it.
Coming out of the test: I felt a sense of accomplishment. But it was tough to wait the 6-8 weeks for the results.
Effects of passing: Having a better grasp of the common vocabulary used when describing security and risk controls.

Expect

Driving Force:I always heard good things about the CISSP and its' prestige, even though a lot of people claim differently the last few years.
Coming out of the testI felt confident, it wasn't as hard as I expected, and I finished with 2 hours to go after questions review.
Effects of passing: Not sure, I haven't looked for another job since I got it, but I switched to a better role within the same company. so it didnt hurt for sure