Passed Exam!

I just received an email informing me that I passed the CISSP exam.

The results came 10 days after sitting. Next is the endorsement process.

I used CBT Nuggets and the CISSP All-in-One Exam Guide.

I'm looking at taking the Certified Ethical Hacker exam as a follow-on cert since there is a lot of crossover material.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dynamik

Congratulations and good luck with the endorsement!

How did you like the CBT Nuggets? I believe I've seen others say they were kind of weak.

JDMurray

Congratulations!

tampabayboy wrote:

I'm looking at taking the Certified Ethical Hacker exam as a follow-on cert since there is a lot of crossover material.

Where did you hear that? The CEH is about using tools for pen testing and vulnerability assessments. You might get two questions on those topics on the CISSP exam. You need to get some first-hand opinions from people that have taken both exams as to their similarity of subject material.

ajs1976

congrats

keatron

JDMurray wrote:

Congratulations!

tampabayboy wrote:

I'm looking at taking the Certified Ethical Hacker exam as a follow-on cert since there is a lot of crossover material.

Where did you hear that? The CEH is about using tools for pen testing and vulnerability assessments. You might get two questions on those topics on the CISSP exam. You need to get some first-hand opinions from people that have taken both exams as to their similarity of subject material.

There are many differences here, the first and most obvious is depth. CISSP mentions ethical hacking or penetration testing in passing. CEH actually focuses on you doing it. The contrast would be similar to that of someone having read a one page article on how Navy Seals have penterated the mountains of Afghanistan versus spending two months in the mountains with those Navy Seals and helping carry out these missions. CISSP (and actually most security certifications), is primarily presented from a defensive security posture, whereas the CEH is approached from a more offensive posture. Having passed both the CISSP and all versions of the CEH exam, i can tell you for certain they are much different. I do CISSP prep classes on a somewhat regular basis, and the same for official CEH classes.

Let me put it into perspective for you;

My CISSP classes usually run from 9 am to 8 pm for 6 days. Wanna guess what percentage of time we spend actually doing labs and getting hands on? None.

CEH classes (the ones where I give them the actual CEH exam on the last day), runs from 9 am to 8 pm 5 days. (usually just review and test on the sixth day). We spend about 85% percent of that time doing labs, capture the flag exercises, and other hacking challenges. Out of the 15% of time that's left, I use about 5% of it doing demonstrations before each major lab or challenge to massage the creative juices of the students and get them into hacking mode mentally.

Now, knowing what I've just posted; How similar do they sound?

Slowhand

Congratulations on the pass, hopefully the rest of the process will go well for you. Whether or not there's crossover material, I'm not one to say, but I wish you luck on C|EH as well.

tampabayboy

keatron wrote:

JDMurray wrote:

Congratulations!

tampabayboy wrote:

I'm looking at taking the Certified Ethical Hacker exam as a follow-on cert since there is a lot of crossover material.

Where did you hear that? The CEH is about using tools for pen testing and vulnerability assessments. You might get two questions on those topics on the CISSP exam. You need to get some first-hand opinions from people that have taken both exams as to their similarity of subject material.

There are many differences here, the first and most obvious is depth. CISSP mentions ethical hacking or penetration testing in passing. CEH actually focuses on you doing it.

I understand where you're coming from. What I'm saying is that there's a lot of material covered on this test that was covered in the CISSP exam. The CEH is more in-depth for sure but there are several areas or topics that are covered on both exams. You take what you have learned from one area and build on it, right?? Let me take a look at the CEH book real quick..... it covers honeypots, viruses, wireless technology, firewalls, databases, DoS attacks, forensics, pen testing, encryption, etc., etc. All of this was covered in the CISSP. Now instead of a briefly touching on each subject, the CEH goes into the specifics. So, how is this not considered crossover material?

snadam

congrats! I wouldn't worry too much on what they said. Its more or less them helping you out than anything else.

nanga

hey tampabayboy,
Congrats on ur cert. I agree with what both the opinions.

I have cleared the SSCP ( Associate) and am gathering stuff to get the CEH done. CEH deals with lots of hand on...but clearing the SSCP / CISSP for us ..the material is still fresh in our minds and the confidence is boosting with the cert under the belt.

Tampaboy....would u like to share resource for CEH...what are u using as a material

JDMurray

tampabayboy wrote:

Let me take a look at the CEH book real quick..... it covers honeypots, viruses, wireless technology, firewalls, databases, DoS attacks, forensics, pen testing, encryption, etc., etc. All of this was covered in the CISSP. Now instead of a briefly touching on each subject, the CEH goes into the specifics. So, how is this not considered crossover material?

If you consider what kids learn in Little League to be a crossover to the skills used in Major League baseball, then I guess you are correct.

As keatron pointed out, it's the experience of the material that's that real difference. For example, for the CISSP you had to learn what a honeypot is and what it is used for, and that information can be easily summed up in two paragraphs without ever touching a honeypot. For the CEH, you will need to know not only the theory behind honeypots, but also how to install, configure, maintain, identify, and thwart them. The fact that both exams may contain the word "honeypot" does not make it crossover (overlapping) material.

dynamik

Just because I know that electricity comes from a power plant, and I have the ability to plug a lamp in, doesn't make me an electrical engineer. I'm not sure how appropriate that analogy is, but I'm going to pretend like it's absolutely fantastic.

I believe Keatron was just making a point that there is an appreciable difference between theory and practice. I don't think he was saying that the concepts are mutually exclusive.

nanga

I agree with you. Absolutely.

The major differnece between CEH and CISSP would actually be the experince.

CEH demands more on hands on and experince in terms of config/managing ( using ) the stuff.

Thanks for your opnions and steering us in the right direction

tampabayboy

snadam wrote:

congrats! I wouldn't worry too much on what they said. Its more or less them helping you out than anything else.

I agree and appreciate any insight members are willing to offer, especially from trainers and subject matter experts. In my opinion, that's what this site is all about, helping others prep for exams without violating NDAs.

keatron

tampabayboy wrote:

snadam wrote:

congrats! I wouldn't worry too much on what they said. Its more or less them helping you out than anything else.

I agree and appreciate any insight members are willing to offer, especially from trainers and subject matter experts. In my opinion, that's what this site is all about, helping others prep for exams without violating NDAs.

And we appreciate you coming here! My main goal is just to give you a heads up so you'll be ready mentally. I think that what catches people by surprise most often is that they'll say "well yeah I've used nmap before, so I know it pretty well". Then they might see a question on the test that gives something like...

nmap -sO 10.10.10.10 --packet-trace -p 22-1000 accomplishes which of the following?

A. Operating system detection scan while sending packets ranging from 22-1000 in size
B. Protocol Scan against ports 22 through 1000 with OS packet trace detection.
C. Protocol Scan against ports 22 through 1000 with with visual feedback of packets sent.
D. OS scan only using packets 22-1000.

While this is an easy example, you should still get the point, that you have to actually read the syntax and decipher what each switch means before answering the question. It's not as simple as "nmap is a port scanning and network scanning tool" kind of questions/answers.

nanga

Kearton,
Thanks for giving us a headsup. I agree with what you say...Completly agree with you.

I have had this cerrifications CCNA/Network+/Security+/SSCP ( associate).....all hard study and less **** dependent.....but i fell they are of no use unless I dont know the practical hands on with tools.....I cannot say I am a security professional...This sometimes leads me to think I am in the wrong field.

Could you please chop out a plan of action for self study of CEH. I am a student doing my internship which involbves more of security documentation ( risk and vulnerability reports) but no actual hands on....

I cant afford to take clasess and would prefer to do self study.