How hard is the CISSP compared to the Security+?

abefromanabefroman Posts: 278Banned
How hard is the CISSP compared to the Security+?

TIA
Next certs:
CCNA 99.9999999999999999999999999999999% Ready

There are /31 types of people in this world, those who understand subnetting, and those who don't
«1

Comments

  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    I'm not sure what kind of scale I can use to express the difference. Maybe a comparison of an 8th-grade education to a Masters degree.

    The CISSP has a much greater degree of difficulty because it requires having a practical understanding of InfoSec concepts and not just the rote memorization of facts. There are also more concepts covered by the CISSP CBK than in the objectives of the Security+ cert. And the pencil-and-paper CISSP exam is a very long and grueling process, while the Security+ exam is pretty much like any other computer-based cert exam that you've taken.
  • abefromanabefroman Posts: 278Banned
    JDMurray wrote: »
    I'm not sure what kind of scale I can use to express the difference. Maybe a comparison of an 8th-grade education to a Masters degree.

    The CISSP has a much greater degree of difficulty because it requires having a practical understanding of InfoSec concepts and not just the rote memorization of facts. There are also more concepts covered by the CISSP CBK than in the objectives of the Security+ cert. And the pencil-and-paper CISSP exam is a very long and grueling process, while the Security+ exam is pretty much like any other computer-based cert exam that you've taken.

    Sounds like at least 3-4 times harder than.

    Pencil and paper exam?

    Is the test all multiple choice? Are are there other formats of questions too?

    TIA
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • abefromanabefroman Posts: 278Banned
    Yes, its all multiple choice.

    Does anyone know what percent of people pass the CISSP?
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    abefroman wrote: »
    Does anyone know what percent of people pass the CISSP?
    Many of the testing statistics of the (ISC)2 exams are not officially published, but I have heard speculation that the pass rate may be as high as 66-70%.
  • abefromanabefroman Posts: 278Banned
    JDMurray wrote: »
    Many of the testing statistics of the (ISC)2 exams are not officially published, but I have heard speculation that the pass rate may be as high as 66-70%.

    That doesn't sound too too bad.

    I tried some of the practice questions from the Shon Harris book a lot of them seem rather easy, should I prepare for a lot harder questions on the actual test?
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • WilliamK99WilliamK99 Posts: 278Member
    abefroman wrote: »
    That doesn't sound too too bad.

    I tried some of the practice questions from the Shon Harris book a lot of them seem rather easy, should I prepare for a lot harder questions on the actual test?

    As with any Certification exam, I would use more than one source. I use at least 3 or 4 different sources when I study for an exam, and the CISSP is no different.

    I have not found a certification study book yet that has the entire exam covered. So it's your best bet to find other sources...
  • tpatt100tpatt100 Posts: 2,989Member ■■■■■■■■□□
    The only thing I found hard about the CISSP was staying focused for so many questions.
  • UnixGuyUnixGuy Are we having fun yet? Posts: 3,867Mod Mod
    tpatt100 wrote: »
    The only thing I found hard about the CISSP was staying focused for so many questions.

    Can you share with us your experience and background ? It'll be helpful because I want to take CISSP but I lack direct InfoSec experience, I'm wondering if it'll make my studying time very difficult.
    Goal: MBA, March 2020
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    UnixGuy wrote: »
    ... I want to take CISSP but I lack direct InfoSec experience, I'm wondering if it'll make my studying time very difficult.
    Every InfoSec professional has problems studying for the CISSP exam because no InfoSec professional has significant experiences in all ten domains covered by the CISSP CBK. Therefore, having no InfoSec experience at all makes understanding the entire CISSP CBK all the more difficult.
  • UnixGuyUnixGuy Are we having fun yet? Posts: 3,867Mod Mod
    JDMurray wrote: »
    Every InfoSec professional has problems studying for the CISSP exam because no InfoSec professional has significant experiences in all ten domains covered by the CISSP CBK. Therefore, having no InfoSec experience at all makes understanding the entire CISSP CBK all the more difficult.

    interesting...I hope by next year I can start with this cert :)
    Goal: MBA, March 2020
  • veritas_libertasveritas_libertas Posts: 5,728Member ■■■■■■■■■■
    @JDMurray: I thought you had to have InfoSec experience to be able to take the exam?
    Currently working on: Linux and Python
  • kimanydkimanyd Posts: 103Banned
    No, you can take it whenever you want. You'll just be an associate until you meet the eligibility requirements (if you pass, of course).
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    @JDMurray: I thought you had to have InfoSec experience to be able to take the exam?
    Anyone can take the CISSP (or SSCP) exam anytime and as many times as they want. To become fully CISSP-certified you must both pass the exam and have verifiable InfoSec work experience (and have an endorser...and pass the audit...and pay the money...).
  • veritas_libertasveritas_libertas Posts: 5,728Member ■■■■■■■■■■
    So I could take the exam and then later down the line just send in paperwork showing I meet all the requirements?
    Currently working on: Linux and Python
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    So I could take the exam and then later down the line just send in paperwork showing I meet all the requirements?
    Yes. When you pass the CISSP exam, you become an "Associate of the (ISC)2 for CISSP." As an (ISC)2 Associate, you are not a fully-certified CISSP (or SSCP) and may not market yourself as such until you meet all of the qualifications.
  • abefromanabefroman Posts: 278Banned
    JDMurray wrote: »
    Anyone can take the CISSP (or SSCP) exam anytime and as many times as they want. To become fully CISSP-certified you must both pass the exam and have verifiable InfoSec work experience (and have an endorser...and pass the audit...and pay the money...).

    If my work is not strictly security do I qualify?

    I am responsible for securing about 100 linux servers, as well as setting the companies security policy and procedures, but I do tech support, sys admin stuff and some other things too. (I have been doing this for 8 years) Will I qualify?

    Whats the best way to get endorsed if I don't know another CISSP or SSCP?

    TIA
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • kimanydkimanyd Posts: 103Banned
    They specifically state you need full-time experience in two of the ten domains.

    Some members here might be willing to endorse you, or you can apply directly to (ISC)2 if you can't find anyone.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    abefroman wrote: »
    If my work is not strictly security do I qualify?

    I am responsible for securing about 100 linux servers, as well as setting the companies security policy and procedures, but I do tech support, sys admin stuff and some other things too. (I have been doing this for 8 years) Will I qualify?
    The CISSP certification is meant for people working directly in the Information Security profession. However, many sysadmins, netadmins, and software engineers/architects also have the CISSP cert because InfoSec is an inseparable part of their work. CISSP CBK domains like access control, telecommunications, and application security are usually the experience claimed by these types of professionals.
    abefroman wrote: »
    Whats the best way to get endorsed if I don't know another CISSP or SSCP?
    Ask around to check if anyone familiar with your work history has a cert from the (ISC)2 and is in good standing (i.e., current on their CPEs and AMF). If not, after passing the CISSP exam, you can apply to be endorsed (and audited) by someone at the (ISC)2 itself.
  • Hyper-MeHyper-Me Posts: 2,059Banned
    If its all multiple choice then what is this "pencil and paper" bs?
    I got a fortune cookie that said "Outlook not so good" and I thought to myself "Yeah...but Microsoft sells it anyway."
  • abefromanabefroman Posts: 278Banned
    Hyper-Me wrote: »
    If its all multiple choice then what is this "pencil and paper" bs?

    I think he means like a scantron test, rather than on a computer.
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • abefromanabefroman Posts: 278Banned
    kimanyd wrote: »
    They specifically state you need full-time experience in two of the ten domains.

    Some members here might be willing to endorse you, or you can apply directly to (ISC)2 if you can't find anyone.

    By full time, if they mean 40 hours per week on security stuff, I have that covered :) I work a good 80-100 hours a week, if I'm lucky.

    I should qualify then, correct?

    TIA
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    Hyper-Me wrote: »
    If its all multiple choice then what is this "pencil and paper" bs?
    You've never taken a multiple choice using only pencil and paper? Then you're in for a treat! :)
    abefroman wrote: »
    I think he means like a scantron test, rather than on a computer.
    Yes, and a paper exam booklet too. ;)
  • veritas_libertasveritas_libertas Posts: 5,728Member ■■■■■■■■■■
    This is very interesting. Associate of the (ISC)2 for CISSP could probably help with getting a job in security I would think. What do you guys think (in particular Dynamik and JDMurray)? I actually may seriously consider doing this after I knock off my B.A.
    Currently working on: Linux and Python
  • abefromanabefroman Posts: 278Banned
    JDMurray wrote: »
    You've never taken a multiple choice using only pencil and paper? Then you're in for a treat! :)


    Yes, and a paper exam booklet too. ;)

    A large paper exam booklet from what I've hear ;)
    Next certs:
    CCNA 99.9999999999999999999999999999999% Ready

    There are /31 types of people in this world, those who understand subnetting, and those who don't
  • kimanydkimanyd Posts: 103Banned
    I think even being an associate would help you stand out from the crowd and make you appear knowledgeable in regards to security. Now that I've landed a security-focused gig, I'll be knocking this out shortly. Probably early 2010 after I do CCNA:S and CEH later this year.

    They give you six years to fulfill the requirements, and a qualifying cert or degree will knock your required experience time down to four years. Therefore, you'll have two years from the time you pass to get a full-time security position.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    kimanyd wrote: »
    Probably early 2010 after I do CCNA:S and CEH later this year.
    Are you close to taking the CCNA exam? And weren't you planning on doing the OSCP cert before the CEH?
  • kimanydkimanyd Posts: 103Banned
    I'm going to try to shoot for ICND2 by the end of Sept, and CCNA:S by the end of Oct. We'll see how that goes with the move and the new job though.

    I'd definitely do the CEH first; the OSCP sounds insane. I'm a bit intimidated TBH.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    The program I'm on at work wants us all to do the 30-day OSCP course. It'll be a group of us studying together with our BT3/4 laptops and attacking Offensive Security's servers. I've started looking at the tutorial videos on the Web site and it doesn't too scary, but I've got a few "pros" around me to lean on.

    Good luck on the CCNA & Security. I'm hoping to do the CCENT myself in November.
  • kimanydkimanyd Posts: 103Banned
    Awesome! When are you starting that?

    I might do CEH in Nov (am really close to testing as it stands), and maybe the OSCP will be a Christmas present to myself.

    I guess this is what makes me a little nervous: http://www.techexams.net/forums/ec-council-ceh-chfi/35603-c-eh-v6-security-experts-monkeys-tool-exposure.html#post252742

    It seemed pretty intense for him, and it seems like he knew his stuff pretty well before taking it on.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,087Admin Admin
    Not before mid-October. Too many tight work deadlines before then. I'd prefer taking the 60-day course to have more time to learn new things and to practice for the OSCP exam. Right now the only thing I have the mental stamina to do for 18-hours straight is MMOs and TF2. :D



    Oh--sorry all for hijacking this thread. icon_redface.gif
«1
Sign In or Register to comment.