On approaching the CISSP after the Security+

Hi, all. I'm a defense contractor working in part of the DoD where security certs matter as far as billable rates are concerned (i.e. they can directly impact my salary), although for my specific job as a java developer, they don't carry a much else beyond that. (I've checked with others, and my work history does meet the pre-reqs for the exam)

Over the past month, I recently passed the Security+ exam. Next, I'd like to tackle the CISSP.
I used the Syngress book and studied one chapter per week, so it took 4 months or so, and then crammed through a handful of exams and re-read the chapter outlines / key points before exam day.

From only a night or two of skimming the CISSP's 10 domains, it looks like there is some considerable overlap, and I thought that I should continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind.

Like I mentioned, I'm a software guy, so for the majority of technologies involved in these exams, I have nothing more than academic and "pedestrian IT professional" knowledge. (I do hold an MS in Comp Sci and had about 3 graduate-level networking classes and a OS security course, for what that's worth).

I'm interested in knowing how big the gap in material and knowledge is between the two exams, what kind of approaches I might want to take to study, how much time I should expect to study, what books are good, what practice exams are good, etc.

(I gave a brief background description so people could hopefully see what my goals are, my knowledge base, and my efficiency (or lack thereof, haha) of getting throught the CompTIA exam.)

Thanks!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

tpatt100

I got my CISSP for the IAT level 3 requirement also. I failed the test last year because I got cocky thinking since it was not that technical I could pass it with ease. I passed it recently mainly by reading the Shon Harris book and finding what ever practice questions for free I could find. I used the questions to find what areas I was weak in and focused on that.

My biggest issue for the test was the amount of questions not how hard they were or easy. I have problems sitting still for such a long period of time

Keith83

How long did you prepare for the exam?

JDMurray

Don't underestimate the contents of the CISSP CBK. Sayting that you will "continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind" is like saying that you are going for your Masters degree while the knowledge of 9th grade is fresh in your mind. The Security+ does not cover the depth or breadth of information that the CISSP CBK does, and it is quite a jump from one to the other.

tpatt100

Keith83 wrote: »

How long did you prepare for the exam?

I prepared solidly for about two months the second time I took it. I felt if I spent too long I would forget what I read in the beginning domains.

Depending on your background some sections might be pretty easy.

amestd4066

If you're in the telecommunications theater, specifically within the DoD scope, there is very little study required for this exam. I just passed after 1 week of studying, using the Kruntz & Vines study guide. I reviewed ********* in order to identify week areas (note: there is a 0% hit rate for ********* questions to the actual exam), and that helped a lot.

Tim

WilliamK99

amestd4066 wrote: »

If you're in the telecommunications theater, specifically within the DoD scope, there is very little study required for this exam. I just passed after 1 week of studying, using the Kruntz & Vines study guide. I reviewed ********* in order to identify week areas (note: there is a 0% hit rate for ********* questions to the actual exam), and that helped a lot.

Tim

So you basically braindumped your way to a cert? Great advice there....

Keith83

JDMurray wrote: »

Don't underestimate the contents of the CISSP CBK. Sayting that you will "continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind" is like saying that you are going for your Masters degree while the knowledge of 9th grade is fresh in your mind. The Security+ does not cover the depth or breadth of information that the CISSP CBK does, and it is quite a jump from one to the other.

James, I never stated that it would be a simple transition. The OP of this thread was to gauge - based on what experience / education I do have - how much effort I should expect to be required to get through this exam.

I just finished an MS degree this spring, and got through the Sec+ this summer. My "continue straight..." comment was that I still have good scholastic mentality and that I am in a good position to dedicate time into this exam.

Hopefully I can get some useful responses from the OP that can give advice on some good approaches to taking this test...

amestd4066

WilliamK99 wrote: »

So you basically braindumped your way to a cert? Great advice there....

Yes, clown... That's exactly what I didn't say, since my post indicates a 0% hit rate on the test using brain ****.

The message I'm trying to convey with my posting here is that while the CISSP is dificult, it's much easier than advertised. Thanks!

JDMurray

amestd4066 wrote: »

The message I'm trying to convey with my posting here is that the CISSP is overblown. It's much easier than advertised. Thanks!

This may come as a shock, but not everyone has the obvious intelligence and sophistication that you possess, so some people might actually have a more difficult time with the CISSP exam than you experienced.