Appeared for CISSP EXAM - Did not Pass

Dear Friends,
I have been following the forum for a long time and have benefited from the various tips offered. I appeared for the CISSP exam 2 weeks back. My score was 600. I think a lot of you will laugh when i tell you that I have Zero experience in the security industry. I do have an Engineering degree and an MS in Telecommunications. I have been working at a recruiting company in a sales and recruiting role for a number of years.
I had a course in my Masters program in information security that I found very interesting. A growing dissatisfaction with my current career led me to pursue something that is closely related to my skills, education and potential. I started studying for the CISSP in Jan and appeared for the exam on 24th May. I completely gave up my social life in April and May. The sources I used are Sybex 7th Edition, Kelly's videos, Eric Conrad 11th Hour. I also did 1200 questions from CCCure and the Sybex exams. My average score was about 70% on all of them. I believe I was well prepared. I worked extremely hard. I also spoke to people who are already in the industry and are CISSP certified.
Contrary to what every one says, I believe there were a reasonable number of very technical questions. I could also tell that someone who is already from within the industry would be in a better position to answer some of the questions.
I request you'll to share your inputs with me. I would like to continue on this path but maybe experienced folk like you'll can guide me to the next steps. I was disappointed for the first 24 hours but I was able to put this behind me.
Thanks very much in advance.

Find more posts tagged with

Comments

636-555-3226

Best next step is to not take a security certification that states right on the website "Candidates must have a minimum of 5 years cumulative paid full-time work experience [...]" The test assumes you have that background and it tests you on that background. If you don't have that background then it's no surprise you're not doing well on it.

Generally speaking infosec is the culmination of all things IT. to be any good at infosec you really should at least have a 101-level of knowledge in all IT fields and preferably 201/301 IT knowledge and 101 business knowledge.

My advice is to try to find an internship or something to get more hands on experience before tackling the CISSP. Go for Security+ or something first my man. You need to have that foundation, not just for the cert itself but if you're going to be any good at the security job you're hoping to get with it. Infosec jobs aren't something you can just sort of wing and BS your way through.

Ertaz

636-555-3226 wrote: »

Generally speaking infosec is the culmination of all things IT. to be any good at infosec you really should at least have a 101-level of knowledge in all IT fields and preferably 201/301 IT knowledge and 101 business knowledge.

My advice is to try to find an internship or something to get more hands on experience before tackling the CISSP. Go for Security+ or something first my man. You need to have that foundation, not just for the cert itself but if you're going to be any good at the security job you're hoping to get with it. Infosec jobs aren't something you can just sort of wing and BS your way through.

This. I had 20 years of experience in JOAT IT. The test is no joke. There are not shortcuts to the top.

Danielm7

The above poster is dead on, the test is very wide on topics and they expect you to be able to rely on past experience to be able to answer questions. I know you feel there were very technical questions, but compared to actual technical exams it's more on the surface level, not very deep on details. Also, 70% average on quizzes isn't nearly good enough in my opinion, that means if you did exactly the same you might pass by the skin of your teeth, add totally different questions, exam stress, etc, you need to give yourself some breathing room to feel more comfortable with the material.

ZzBloopzZ

I agree, start with a 101 Security certification like Security+. I've been doing IT stuff since I was 12 years old so with that experience I felt that I hardly had ANY technical questions on this exam or perhaps I did but it was such common sense to me that I don't remember?

There is a natural harmony to life my friend, you can't have a beautiful flower without planting a seed and watering it. Also, you said it your self that you have ZERO experience so if you did pass you would be an Associate. Meaning you would have 6 years to obtain that 5 years of required experience otherwise you would have to retake the exam. It just sounds too risky from the beginning because what if you don't find a job that would give you the relevant experience? What if that contract/job ends and takes few months to find the next one. It just seems like too much of a chance at least have 1-2 years of experience before you tackle it IMHO.

I do respect you tackling it this early and trying your best. Most people don't even get that far but I am afraid you were over confident for this particular task with your background.

gespenstern

That's because you should bring together both what is said and who said it.

Many wannabes come with very technical background, years spent in software development, networking or systems administration. Therefore they perceive technical stuff as easy and struggle with BCP, DR, GRC, risk assessments, etc. Then they advise to wear that stupid 'manager's hat'.

Your situation is different and you simply should cover everything. Yes, some questions on the exam could be on a very deep technical level, like AES rounds, what they consist of and in what sequence they get executed, or details on how kerberos authentication works.

Just go back to studies and leave no stone unturned. 70% on cccure is low, your failure to pass shouldn't surprise you. Some folks can do it with 70% or you could have done it on a lucky day. But you don't want to depend on luck and thus you'd better get 80%+. I had 90%+ when I decided to sit for the exam.

thexfactor

One simple step you can take is to try and take the IAPP exams (ie. CIPT CIPM CIPP).

They seem so be shorter and much easier.

danny069

I concur with the above 70% on the cccure means you weren't ready yet. 90% and higher range will get you where you need to be. Keep training and go over sections that you don't fully understand.

beads

I dislike the "management hat" analogies. The exam has been much more about understanding the technologies, how they are applied and how to best understand the scenario at hand. With that I will say that I took my exam many years ago on paper and a few changes have taken place since then.

CCCure is OK to start with but by no means anything like the real test written by professional question writers. I myself have written questions for CCCure over the years.

Start with Security+, get some real experience as we have far too many credentialed posers out there without any real experience cluttering the market. Will you find a job having a CISSP and no real experience? Possibly. Will you last very long as an employee? Probably not. Run into the wrong CISSP and he or she will have an obligation to protect the organization and turn you in for review, punishable by banishment for life.

Happens often enough. Maybe not often enough.

- b/eads