JD, where's your CISSP write up??

cashew

Congratulations on your recent pass JD. Mine is scheduled for 3/14 and I'm quite anxious. I loved your SSCP write up and hope your CISSP one is at the same level!

How does it feel to not have to study a domain at night?

JDMurray

Thanks for the recognition and appreciation. I am working on a very length CISSP blog article right now. And I'm very glad to be studying other things now that don't involve security architectures, CCTV camera, Common Criteria, or ALE calculations.

mamono

Congrats!!! Can't wait to read it also!

UnixGuy

Yes I was just wondering about that !!!

waiting..

Turgon

JDMurray wrote: »

Thanks for the recognition and appreciation. I am working on a very length CISSP blog article right now. And I'm very glad to be studying other things now that don't involve security architectures, CCTV camera, Common Criteria, or ALE calculations.

Well done JD. Feels like you were at this thing almost as long as I have been preparing for CCIE lab (April 2007). Must feel good to get it over with at last. Man I recall someone once saying they cleared this with 60 hours study and very little experience. Mind you they tested back in 2006. Imagine the test is more comprehensive these days. Either way you surely covered a lot of material there so hats off.

JDMurray

Turgon wrote: »

Man I recall someone once saying they cleared this with 60 hours study and very little experience.

It depends on how well you understand the concepts in the CISSP CBK material (not just memorizing facts) and can accurately interpret what the exam items themselves are asking. And pure luck is also an undeniable factor too.

Turgon

JDMurray wrote: »

It depends on how well you understand the concepts in the CISSP CBK material (not just memorizing facts) and can accurately interpret what the exam items themselves are asking. And pure luck is also an undeniable factor too.

I think it was 'Freak' who cleared it that way. If I recall he bemoaned the ambiguity of the questions and that depending on interpretation any number of answers could be chosen. He was far from confident that he had passed because of that. He was also unhappy that there were questions in there that didn't count towards the test result. Although he passed I think he was overall unhappy about the whole experience. Felt like the test takers were doing QA for the test writers which he felt was unacceptable.

RTmarc

Turgon wrote: »

I think it was 'Freak' who cleared it that way. If I recall he bemoaned the ambiguity of the questions and that depending on interpretation any number of answers could be chosen. He was far from confident that he had passed because of that. He was also unhappy that there were questions in there that didn't count towards the test result. Although he passed I think he was overall unhappy about the whole experience. Felt like the test takers were doing QA for the test writers which he felt was unacceptable.

There is some truth to his arguments but I'm fairly sure they are being addressed.

JDMurray

Turgon wrote: »

If I recall he bemoaned the ambiguity of the questions and that depending on interpretation any number of answers could be chosen.

The answers will only seem ambiguous if you don't know the material well and don't have enough InfoSec process experience.

Turgon wrote: »

Felt like the test takers were doing QA for the test writers which he felt was unacceptable.

This opinion is caused by a lack of self-confidence in one's ability to take the exam. If you know the material it doesn't matter how many research questions there are, you will pass the exam. Whining about non-scored questions is a sign that the candidate is relying more on luck and trying to game the system rather than using knowledge and skill to pass the exam.

cisco_trooper

JDMurray wrote: »

This opinion is caused by a lack of self-confidence in one's ability to take the exam. If you know the material it doesn't matter how many research questions there are, you will pass the exam. Whining about non-scored questions is a sign that the candidate is relying more on luck and trying to game the system rather than using knowledge and skill to pass the exam.

+1

The unscored questions are the questions they don't remember being in their "Study Guides"....

Turgon

JDMurray wrote: »

The answers will only seem ambiguous if you don't know the material well and don't have enough InfoSec process experience.


This opinion is caused by a lack of self-confidence in one's ability to take the exam. If you know the material it doesn't matter how many research questions there are, you will pass the exam. Whining about non-scored questions is a sign that the candidate is relying more on luck and trying to game the system rather than using knowledge and skill to pass the exam.

Perhaps. I guess he would have to answer that for himself really. He had been working a security role for a little while but relatively speaking not all that long in terms of taking the CISSP. He was formally an MCT. From what I remember he found the questions open ended and poorly worded. He grumbled about the test itself more than the quality of the books he used. I think the Harris guide was one of his resources. I don't know if he was trying to game the system. His position was that he didn't like the fact that research questions were there at all. Then again, he may just have been bugged to have put 60 hours in on preparation only to find he was underprepared. He wrote a couple of articles about his feelings but his site got taken over by cyberquatters so they are no longer available. An ironic security breach in itself.

JDMurray

Turgon wrote: »

His position was that he didn't like the fact that research questions were there at all. Then again, he may just have been bugged to have put 60 hours in on preparation only to find he was underprepared.

It could be a case of shifting the blame to something/someone else. But research questions are a pretty standard in professional exams, and many exam vendors won't even tell you they are there. Keeping such details secret is all part of preserving the exam's integrity.

Turgon wrote: »

He wrote a couple of articles about his feelings but his site got taken over by cyberquatters so they are no longer available. An ironic security breach in itself.

It sounds like he just forgot to renew his DNS registration. That would be a good security problem to use in a CISSP exam item.

Ahriakin

Great work Mr.Murray. Sorry I haven't been following this but did you (or when do you) get your result? I know you have been working hard on this so best if you didn't get the results yet.

JDMurray

I did received my passing email and made the announcement in this thread: http://www.techexams.net/forums/isc-sscp-cissp/34782-cissp-exam-nov-2008-attempt-3.html#post282826

Now I'm waiting to get the results of my endorsement; I expect that to take around two weeks.

Ahriakin

Brilliant, well done and well deserved

JDMurray

The first of my two-part blog article is up: The CISSP Certification Experience

mamono

Sweet!

UnixGuy

I really liked your review, and waiting for part 2. I'm really interested to see how SSCP helped you and how difficult you found the CISSP material.

dynamik

I swear I posted a response already, but I guess it didn't take...

That looks great JD (I'm still reading it). What's part two going to be about? That looks fairly comprehensive at first glance.

JDMurray

dynamik wrote: »

What's part two going to be about? That looks fairly comprehensive at first glance.

Part Deux is my study plan and recommendations for passing the CISSP exam. People aren't so much interested in the cert experience as they are in finding "the trick" to passing. I really don't have any uncommon wisdom to impart other than, "study everything and make sure you really understand what you think you know." All the rest of the stuff is just details.

UnixGuy wrote:

I'm really interested to see how SSCP helped you and how difficult you found the CISSP material.

The SSCP was helpful in that it's a more technical and smaller subset of information than the CISSP, the exam is basically an easier format, and passing the SSCP can also give you more confidence when going for the CISSP. I thought it was very helpful to me.

snadam

congrats JD on the pass. Personally knowing a few relatives that have completed this, I know that it wasn't 'easy' to attain. So my hats off and respect to you!!! Now go indulge yourself in a victory beer

JDMurray

OK, Part 2 is up: The CISSP Certification Experience: My Study Plan

gwamaka

I think this is the BEST and MOST COMPREHENSIVE review I have ever read regarding the CISSP exam. More power to you man and thanks for taking a time to do this write up ! Its definitely very helpful for people like us who are heading the SSCP and CISSP route soon.

JDMurray wrote: »

OK, Part 2 is up: The CISSP Certification Experience: My Study Plan

UnixGuy

Thank you very much JD, you have really motivated me ! This is very helpful

I posted a comment asking you about how much SSCP and Security+ helped you and if you, in general, recommend Security+ --> SSCP --> CISSP path or not

JDMurray

gwamaka wrote:

I think this is the BEST and MOST COMPREHENSIVE review I have ever read regarding the CISSP exam.

UnixGuy wrote: »

Thank you very much JD, you have really motivated me ! This is very helpful

That's pretty much what I'm here for!

UnixGuy wrote: »

I posted a comment asking you about how much SSCP and Security+ helped you and if you, in general, recommend Security+ --> SSCP --> CISSP path or not

That was the path that I followed, although there was a long time between my Security+ and SSCP. If you are not immediately qualified for the CISSP, I do recommend going that way.

UnixGuy

yes I'm not qualified for CISSP at all, so I'm with Security+ now..I will work on my technical background in general, then I will go to security.


Good luck with your job hunt, I'm you sure you won't have a problem getting a job in InfoSec, because you invested in the right direction