Need input... from current CISSP's

holysheetman

Ok, here's the deal... I'm preparing for the CISSP... how long will it take me... well, I was hoping to ask you guys. ISC2 says typically spend 1 month per domain (which there are 10) and I have seen where it has taken most up to 6 months. I am active duty AF and have had the last 2 years dealing with securing workstations, installing PKI CAC readers, hardening our network, upgrading etc... I'm stationed overseas and it was recommended I should go for the top cert and so I saw an interest in the CISSP.

I already have Sec+ and just recently passed the CEH (which was rather difficult to me; 125 questions) - those are the only two certs security related I have plus 5 years proven experience as a network administrator.

The question is this... given my experience, how long do you think it will take me to schedule an exam? (I need to let my higher-ups know a figure) and should I concentrate only on the CISSP OR filter in some of which I was currently studying for (windows xp 70-270) ?

Thanks in advance for your input!

Phil

keatron

holysheetman wrote:

Ok, here's the deal... I'm preparing for the CISSP... how long will it take me... well, I was hoping to ask you guys. ISC2 says typically spend 1 month per domain (which there are 10) and I have seen where it has taken most up to 6 months. I am active duty AF and have had the last 2 years dealing with securing workstations, installing PKI CAC readers, hardening our network, upgrading etc... I'm stationed overseas and it was recommended I should go for the top cert and so I saw an interest in the CISSP.

I already have Sec+ and just recently passed the CEH (which was rather difficult to me; 125 questions) - those are the only two certs security related I have plus 5 years proven experience as a network administrator.

The question is this... given my experience, how long do you think it will take me to schedule an exam? (I need to let my higher-ups know a figure) and should I concentrate only on the CISSP OR filter in some of which I was currently studying for (windows xp 70-270) ?

Thanks in advance for your input!

Phil

I would suggest putting the others aside and focusing on just CISSP.

If you found C|EH diffcult, then multiply that by about 10 and you get CISSP difficulty level. As far as I'm concerned, C|EH "lightly" covers only 2 domains at the most. Also read the experience requirements carefully and make sure you qualify at https://www.isc2.org/cgi-bin/content.cgi?category=539 pay close attention to the language and make sure you understand that the requirements for sitting the exam are not the same for actually being awarded the certification. I've talked with a number of people who sat the exam, passed then found out they didn't meet the experience requirements, and ended up being an ISC2 Associate. This is not a bad thing, as it gives you the opportunity to get the exam out of the way. 'But it can be discouraging to think you're going to be a CISSP and end up with that not being the case.

1 month per domain is reasonable, however, if you have no experience with any of the domains other than network and telecom security then don't be surprised if it takes longer for things to start to sink in. This will depend on a number of things including but not limited to your individual study habits, ability to absorb and retain information, and experience base.

Also depending on where you are, you might have to register pretty far out from the exam date as some areas don't have test dates very often.

Also the following is crucial to your success. You'll get advice from people telling you to use Shon Harris series, Krutz and Vines, ISC2 official guide etc. First, I'd say use all three. Now, the most important part is this. Use those as a frame of reference. DO NOT think that any of these or even the combination of all three will give you all you need to pass. Combined they DO give you what you need to pass from the perspective of "this is the information you need to know" but you WILL need to get other resources for areas you don't have experience in, or even for areas you do have experience in but have some knowledge gaps. For example, neither of these writings will actually "teach" you encryption, however they will let you know whether or not you know it. If you have absolutely no experience with it, then for example you might read Shon's cryptography chapter and finish with a feeling of "something's still missing" or "i read a lot and absorbed a lot, but I still don't really understand encryption". At this point, I would go to a book store, check out books that deal with just encryption. I did this myself and spent about $12 on a book titled something like "basic cryptography" and guess what!!!! that did it!!!!! So I suggest, to always be open to supplementing the most popular or most recommended writings with what YOU need as an individual to bridge the gaps. Do this and you will greatly improve your chances of passing on the first try (which does not happen very often). Don't think of it as another cert, think of it as a project and attack each domain in increments, then when you've mastered one of em, reward yourself!! Keep doing this until you've completed them all. You will enjoy the experience more, and you'll become a more solid and complete security professional too.

Also make sure you stay here on techexams as much as possible, I'm here on a daily basis (which sadly is much more than I'm home ) to help answer your questions as well as others such as Webmaster, JD, Mike, Kenny and many other experienced people. The last time I checked we had about 6 CISSP's pretty active on this forum, so this resource might and very possibly will end up being your greatest asset in preparing for this exam.

Good luck man. You can do this!!