On approaching the CISSP after the Security+
Hi, all. I'm a defense contractor working in part of the DoD where security certs matter as far as billable rates are concerned (i.e. they can directly impact my salary), although for my specific job as a java developer, they don't carry a much else beyond that. (I've checked with others, and my work history does meet the pre-reqs for the exam)
Over the past month, I recently passed the Security+ exam. Next, I'd like to tackle the CISSP.
I used the Syngress book and studied one chapter per week, so it took 4 months or so, and then crammed through a handful of exams and re-read the chapter outlines / key points before exam day.
From only a night or two of skimming the CISSP's 10 domains, it looks like there is some considerable overlap, and I thought that I should continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind.
Like I mentioned, I'm a software guy, so for the majority of technologies involved in these exams, I have nothing more than academic and "pedestrian IT professional" knowledge. (I do hold an MS in Comp Sci and had about 3 graduate-level networking classes and a OS security course, for what that's worth).
I'm interested in knowing how big the gap in material and knowledge is between the two exams, what kind of approaches I might want to take to study, how much time I should expect to study, what books are good, what practice exams are good, etc.
(I gave a brief background description so people could hopefully see what my goals are, my knowledge base, and my efficiency (or lack thereof, haha) of getting throught the CompTIA exam.)
Thanks!
Over the past month, I recently passed the Security+ exam. Next, I'd like to tackle the CISSP.
I used the Syngress book and studied one chapter per week, so it took 4 months or so, and then crammed through a handful of exams and re-read the chapter outlines / key points before exam day.
From only a night or two of skimming the CISSP's 10 domains, it looks like there is some considerable overlap, and I thought that I should continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind.
Like I mentioned, I'm a software guy, so for the majority of technologies involved in these exams, I have nothing more than academic and "pedestrian IT professional" knowledge. (I do hold an MS in Comp Sci and had about 3 graduate-level networking classes and a OS security course, for what that's worth).
I'm interested in knowing how big the gap in material and knowledge is between the two exams, what kind of approaches I might want to take to study, how much time I should expect to study, what books are good, what practice exams are good, etc.
(I gave a brief background description so people could hopefully see what my goals are, my knowledge base, and my efficiency (or lack thereof, haha) of getting throught the CompTIA exam.)
Thanks!
Comments
-
tpatt100
Member Posts: 2,991 ■■■■■■■■■□
I got my CISSP for the IAT level 3 requirement also. I failed the test last year because I got cocky thinking since it was not that technical I could pass it with ease. I passed it recently mainly by reading the Shon Harris book and finding what ever practice questions for free I could find. I used the questions to find what areas I was weak in and focused on that.
My biggest issue for the test was the amount of questions not how hard they were or easy. I have problems sitting still for such a long period of time -
JDMurray
Admin Posts: 13,092 Admin
Don't underestimate the contents of the CISSP CBK. Sayting that you will "continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind" is like saying that you are going for your Masters degree while the knowledge of 9th grade is fresh in your mind. The Security+ does not cover the depth or breadth of information that the CISSP CBK does, and it is quite a jump from one to the other. -
tpatt100
Member Posts: 2,991 ■■■■■■■■■□
How long did you prepare for the exam?
I prepared solidly for about two months the second time I took it. I felt if I spent too long I would forget what I read in the beginning domains.
Depending on your background some sections might be pretty easy. -
amestd4066
Member Posts: 3 ■□□□□□□□□□
If you're in the telecommunications theater, specifically within the DoD scope, there is very little study required for this exam. I just passed after 1 week of studying, using the Kruntz & Vines study guide. I reviewed ********* in order to identify week areas (note: there is a 0% hit rate for ********* questions to the actual exam), and that helped a lot.
Tim -
WilliamK99
Member Posts: 278
amestd4066 wrote: »If you're in the telecommunications theater, specifically within the DoD scope, there is very little study required for this exam. I just passed after 1 week of studying, using the Kruntz & Vines study guide. I reviewed ********* in order to identify week areas (note: there is a 0% hit rate for ********* questions to the actual exam), and that helped a lot.
Tim
So you basically braindumped your way to a cert? Great advice there.... -
Keith83
Member Posts: 11 ■□□□□□□□□□
James, I never stated that it would be a simple transition. The OP of this thread was to gauge - based on what experience / education I do have - how much effort I should expect to be required to get through this exam.Don't underestimate the contents of the CISSP CBK. Sayting that you will "continue straight into the CISSP while I have momentum and Sec+ knowledge fresh in my mind" is like saying that you are going for your Masters degree while the knowledge of 9th grade is fresh in your mind. The Security+ does not cover the depth or breadth of information that the CISSP CBK does, and it is quite a jump from one to the other.
I just finished an MS degree this spring, and got through the Sec+ this summer. My "continue straight..." comment was that I still have good scholastic mentality and that I am in a good position to dedicate time into this exam.
Hopefully I can get some useful responses from the OP that can give advice on some good approaches to taking this test... -
amestd4066
Member Posts: 3 ■□□□□□□□□□
WilliamK99 wrote: »So you basically braindumped your way to a cert? Great advice there....
Yes, clown... That's exactly what I didn't say, since my post indicates a 0% hit rate on the test using brain ****.
The message I'm trying to convey with my posting here is that while the CISSP is dificult, it's much easier than advertised. Thanks! -
JDMurray
Admin Posts: 13,092 Admin
This may come as a shock, but not everyone has the obvious intelligence and sophistication that you possess, so some people might actually have a more difficult time with the CISSP exam than you experienced.amestd4066 wrote: »The message I'm trying to convey with my posting here is that the CISSP is overblown. It's much easier than advertised. Thanks!
