Let the wait begin... Exam 6/22

apr911

Hey all,

I thought I would share with you my experience with the CISSP exam. Before I do, I feel it necessary to point out for anyone considering the CISSP exam to take other's opinions (including mine) of the exam with a grain of salt. Your mileage will vary.

Case in point. I expected to use every bit of the 6 hours and to walk out feeling drained and unsure of a passing score. I expected this massive test that could not be passed without extensive preparation and as such I have been putting it off and off and off.

I started my process of becoming a CISSP almost 2 years ago to the day. I had a lot of false starts early on. I would get through the first 2-3 CBK domains before finding some reason not to continue... The top 3 came from worrying about the exam (both cost and difficulty), my lack of anyone within my circle of friends and colleagues who could endorse my certification and a lack of motivation to study/desire to be doing fun stuff.

The 3rd one was the simplest to overcome. I picked an exam date and booked the exam. I then had to be motivated to complete my study or else risk wasting $100 for the reschedule fee or $550 if I failed.

The 2nd one was somewhat more difficult to overcome but through a series of chance occurrences and just keeping in the InfoSec field, I was able to come up with at least 2 people who are willing to endorse me pending a pass on the exam.

The 1st one was the most difficult. I kept being discouraged by the thoughts and opinions of others and well there really was nothing to resolve it. I just had to bite the bullet and take the exam.

Throughout the entire 2 year process, Ive used Testout/LabSim CISSP. The course work hasnt been updated in almost 4 years now but I found most of the material still very much relevant.

On exam day I got up nice and early, I went through my normal routine, went out and got myself a good breakfast and drove to the exam center. Check-in was at 8:00, seating/rules at 8:30 and the exam at 9:00.

I very nearly missed the end of check-in at 8:30 as the exam was held in a dual tenant building and the tenant administering the exam was not clearly displayed. Nor was the building street numbers displayed. But ultimately I made it with but a minute to spare.

Of course this made things a little more difficult. I now had all this nervous energy from running late and I was frustrated with the poor directions provided by not only my GPS but google and the mapquest link attached to my enrollment page.

Thankfully, I had the half-hour to sit and listen to the directions while I sat and centered myself. I brought some crackers and water with me and decided to have a drink and some crackers to burn off some of the energy. I do agree with others on this point and strongly recommend you arrive as early as you can to the exam without arriving so early that you begin psyching yourself out, just enough time to do a last minute review and then recenter.

The exam started shortly after 9 at 9:10. By the end of the first hour I was really questioning myself. Everything I had read going into the exam had said be prepared to take most if not all of the 6 hours and yet at 1 hour in I was on pace to be finished my exam in just over 3 hours (80 questions/hr).

I decided to get up and take a restroom break and try and recenter again. Maybe I was still hyped up from my near miss? As I walked to the bathroom, I noticed an open door network/telecom room... I had to laugh, here we were a bunch of security professionals sitting taking a high-end security exam while right down the hall (and directly next to the high-traffic bathrooms) was an unsecured telecom room breaking one of the primary tenents of physical security... Considering the building's other tenent was a US Airforce Squadron made it even more of a shake your head situation...

So I was feeling good and relaxed. I recommend you take in your surroundings on your break and see if you can spot anything funny like this to lighten the mood.

I returned back to the exam and spent the next hour setting the same 80 question/hr pace. But this time I was comfortable with it. I decided to take another bathroom break at the end of the second hour. I did this to both to take a break and because of the crackers I was nibbling on throughout the 2 hours, I was thirsty and this time I actually had to use the bathroom.

I once more walked past my favorite LAN room which was still open, had another good chuckle. Did my business and went back to the exam.

The 3rd hour I hit some harder, scratch your head questions. They werent difficult so much as they required more thought and consideration as the questions were more interpretative/situational...(there were quite a few situational ethics questions in this part of the exam that made you scratch your head a little)

I took frequent mini-breaks as a result. I wanted to pace myself though these questions and since I had plenty of time, saw no need to rush on to the next question. At the 3 hour mark I had 25 questions left and since I was near finishing I decided to push on through instead of taking another bathroom break. I was the 2nd person (by only a minute or two) to finish up my exam at 3 1/2 hour mark. I considered using some time to go back over my answers but I decided I had answered the best I could and with my gut on those I didnt and didnt want to start second guessing myself so I turned in my exam and left. I stepped out into the sunny and hot afternoon feeling cautiously optimistic.

And so the waiting game begins. Ive already battled the Post-Test Syndrome of I flunked it once and Ive come out of it more sure that I passed. I know that if I didnt, I dont plan on taking it again as I feel I truly did my best and no amount of additional study will assist. And so Ive started my next project. Microsoft exam 70-298, Designing Security for Window 2003 Environment. Remarkably easy course especially considering the CISSP but when its all said and done, together with my CISSP it will raise my MCSE to MCSE:Security.

My plan is to finish it up and take the exam next Tuesday (instant gratification on this exam) and if I dont have my CISSP results by Friday (a slim but still probably possibility based on the recent turn around time Ive noted by others of 10-14 days, Ill move on to upgrading my MCSE to MCITP for W2K8 as I have no desire to study for anything more advanced until at least August when I might work for my CCNA or CEH.

So to make this long story short here are my recommendations for the CISSP exam in order:
1. Take the opinion's of others with a grain of salt, your experience will vary from mine and from anyone else's. No use getting worked up over how your doing vs others.
2. Be prepared. By this I mean prepare yourself mentally. Not by studying but by acknowledging the exam and relaxing your mind. Think of it like this to the well organized mind, the CISSP is but the another exam
3. Be prepared. By this I mean physically. Get a good nights sleep, eat a good breakfast, make sure your directions to the facility are right (if you can manage it, try the drive before hand to confirm directions, no construction that might cause a detour and if you do have to detour for construction or traffic or accidents, knowing exactly where your final destination is makes it easier)
4. Be prepared. Notice a trend here? This time, you want to be prepared by studying. I managed to do my entire study course in a little over a week but then most of the information was a recap from my day-to-day work and my Security+ days
5. Dont sweat it. Time, youve got time. Think you missed that last question? dont let it affect the entire exam. None of the questions really build on each other so treat every question like an entirely new exam.

Thats my 2-cents. As Ive already said, take it with a grain of salt.

Looking forward to getting my results. Will let you folks know when I do.

-APR911

mikej412

I think that open wiring closet was an additional test -- hopefully you fought the urge to "rewire"

I hope you get Good News soon

apr911

I think you're right... It wasnt easy fighting that urge to score some wicked bandwidth courtesy of the US Government and/or show them their security discrepancies, especially since the ethics questions didnt come until after my 2 breaks, but ultimately I did...

wastedtime

Dang civilian contractors

If you only knew.

I hope you get some good news.

JDMurray

Thanks for the excellent review!

It sounds like you did your pre-exam prep work, so I'm sure you'll do just find. And getting your results in 3-6 weeks is more typical.

apr911

Day 18,

20 minutes to 2pm EST.

Still no email from ISC.

This wait is starting to kill me. While I understand they cannot guarantee when your results will be available, couldnt they specify days and times when emails will be sent?

Like emails will be sent on Monday, Wednesday and Friday at 10 am EST?

It wouldnt make the wait any better or shorter but at least I would no longer be neurotically checking my email every time my phone beeps.

It doesnt seem like that would be such a hard thing to do.

JDMurray

Emails are sent when they get the results from the testing service that grades the exams. Even the (ISC)2 doesn't know when the exam results will be available. They are committed to getting your results emailed to you soon after they get them.

Until then, do find something else to do unrelated to the CISSP to take your mind off the wait (unless you are secretly enjoying the agony ).

apr911

The journey is only half done but I got my exam results today and I passed!

Date of Exam: June 22
Place of Exam: San Antonio, TX
Results Received: July 16
Results of Exam: Pass!

Now on to the endorsement stage... and more waiting?!?!?

JDMurray

apr911 wrote: »

Now on to the endorsement stage... and more waiting?!?!?

Maybe a week if you fax your paperwork in. Have your endorser sign your form in person so you don't have to wait for it to be snailed back and forth.

s2008

apr911 wrote: »

The journey is only half done but I got my exam results today and I passed!

Congratulations............

hustlin_moe20

Was the Testout/Labsim your only study material? No books?

peanutnoggin

CONGRATS on your pass!!!!

apr911

hustlin_moe20 wrote: »

Was the Testout/Labsim your only study material? No books?

Yup, Testout/Labsim was my only study material. I dont know that I'd recommend buying it because according to the site, it hasnt been updated since August 2006.

Most of the information in it was still relevant however and it obviously worked for me.

Some people have recently gotten VOIP questions on there exam for which I would have been totally unprepared and Ethics were also rather lacking in the testout stuff.

I mean really, ethics are one of those things where you dont have to have a lot as they are somewhat self-explanatory but it would have been helpful to know or have an idea on what type of ethics questions would have been on the exam and what the ISC2 believes to be ethical.

That being said, it covers Cryptography very well, DR and BCP fairly well and all other CBK sections to a rather adequate level.

Then again, I have my Security+, I build and maintain networks for a living and Ive personally found most security stuff to be "common" sense, at least to me.

apr911

Rather than pollute the board with a new thread, Ill just resurrect this one....

So my endorser signed off on my endorsement forms yesterday and I faxed them in the same day so now begins part 2 of the wait. Hopefully this one wont take as long, it seems the current turn around time for faxed endorsement is around 4 business days, that being said my exam didnt hold to the 18 day period everyone else experienced so I wont get my hopes up, much.

While Im waiting for the final confirmation, a thought occurred to me that came up during my endorsement that Im curious on the opinion of others on...

Is it better to have an endorser who has known you a long time or for a shorter (or no) time?

I have 2 thoughts.
Shorter - Increase Audit chance - Doesnt know you as well
Longer - Increase Audit chance - Knows you too well, potential conflict of interest/obligation

Shorter - Decreased Audit Chance - Doesnt know you as well, so more likely to do due diligence during endorsement process
Longer - Decreased Audit Chance - Knows you well enough to know your work experience.

I guess technically its all moot as the Audit is supposed to be random but then, for the audit to be truly successful, I have to imagine there are somethings that sends up red flags

earweed

Congrats on the pass!

JDMurray

apr911 wrote: »

Is it better to have an endorser who has known you a long time or for a shorter (or no) time?

I very recently endorsed someone for the CISSP myself. As I was filling in the question on the form, "How long have you known the certification candidate?", I was thinking that same thing. Although I could accurately vouch for his knowledge, expertise, and work experience, I certainly didn't know/work with him professionally for five-plus years. The (ISC)2 has both our resumes, but wouldn't be able to determine our professional relationship by comparing them (we've never worked at the same company).

So far, nobody that I've endorsed has been rejected regardless of how few years that I've known them, and the process has usually taken 1-2 weeks, which is shorter than it takes to get the cert in the mail.

Ashenwelt

JDMurray wrote: »

I very recently endorsed someone for the CISSP myself. As I was filling in the question on the form, "How long have you known the certification candidate?", I was thinking that same thing. Although I could accurately vouch for his knowledge, expertise, and work experience, I certainly didn't know/work with him professionally for five-plus years. The (ISC)2 has both our resumes, but wouldn't be able to determine our professional relationship by comparing them (we've never worked at the same company).

So far, nobody that I've endorsed has been rejected regardless of how few years that I've known them, and the process has usually taken 1-2 weeks, which is shorter than it takes to get the cert in the mail.

You know, this is the part that always keeps me from persuing this. I know zero people with CISSP off of this board. I fully qualify... but have to go the route without endorsement... and that is just weird.

Need to meet more people I think:)

botbill

what a journey !!! congratz on your pass.

I am going through the same journey as you. I hope I will have the same ending (PASS). I paved myself with sec+ and net+ certs.

I think after taking CISSP in Sept, i will be taking CEH right after to keep my mind off from the ISC email.

Cheers,

hhasund

I'm thinking the same thing.
Here in Norway I haven't even heard of this certification, let alone know anyone who could endorse me. How can I become a CISSP without knowing anyone, and without having a chance of knowing anyone with this cert?

apr911

Hey Botbill,

I think Im going to go for the CEH next too! Either that or my CCNA. I havent decided yet.


hhasund,

ISC2's endorsement process does have an option for if you dont know anyone who can endorse you, its a worthwhile cert even though you have to jump through some extra hoops to get the endorsement if you dont know anyone with it already.


-APR911

apr911

As of 8:30 CST (9:30 EST), I am officially

APR911, CISSP

It felt good to see myself addressed as CISSP. I was so worried this process was going to be drug out even longer via audit but in the end it all worked out.

Get to go home in 2 days so Ill be able to share the news with all my friends and family assuming I dont let it slip before than.

-APR911, CISSP

hustlin_moe20

apr911 wrote: »

As of 8:30 CST (9:30 EST), I am officially

APR911, CISSP

It felt good to see myself addressed as CISSP. I was so worried this process was going to be drug out even longer via audit but in the end it all worked out.

Get to go home in 2 days so Ill be able to share the news with all my friends and family assuming I dont let it slip before than.

-APR911, CISSP

Congrats man. I take mine in Nov. I hope I pass since I have to travel from Afghan to take it. Contracting here has it's pro/cons for sure.