Tminus 2 weeks until SSCP

I've been going through the gold book for a while now. I also have the other books JD mentions in his blog but I haven't had the chance to look at them yet. I plan to spend most of next weekend getting familiar with those and taking practice tests. After next weekend, it will likely be all practice tests and review up until the test. I feel like I've been on a pretty good pace, but at the same time I'm still really nervous.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

veritas_libertas

shaqazoolu wrote: »

I've been going through the gold book for a while now. I also have the other books JD mentions in his blog but I haven't had the chance to look at them yet. I plan to spend most of next weekend getting familiar with those and taking practice tests. After next weekend, it will likely be all practice tests and review up until the test. I feel like I've been on a pretty good pace, but at the same time I'm still really nervous.

Best of luck

I'm seriously considering persuing this certification next year once I'm finished with my Bachelor degree.

earweed

Good luck with the test!

dynamik

Good luck, buddy!

Bl8ckr0uter

shaqazoolu wrote: »

I've been going through the gold book for a while now. I also have the other books JD mentions in his blog but I haven't had the chance to look at them yet. I plan to spend most of next weekend getting familiar with those and taking practice tests. After next weekend, it will likely be all practice tests and review up until the test. I feel like I've been on a pretty good pace, but at the same time I'm still really nervous.

You'll be fine. Let us know how it goes as I also have interest in that cert.

JDMurray

I don't blame you; I don't see how anyone can feel confidant reading the "gold books."

Take lots of notes from various SSCP and CISSP study sources and only study those notes and do practice exams in the two weeks leading up to your exam. Concentrate more on the SSCP CBK domains that you don't have a lot of hands-on experience with. And don't treat the Malware domain too lightly, as it has some application security knowledge in it too. AppSec seems to be a big problem for people who aren't software developers.

shaqazoolu

JDMurray wrote: »

I don't blame you; I don't see how anyone can feel confidant reading the "gold books." Take lots of notes from various SSCP and CISSP study sources and only study those notes and do practice exams in the two weeks leading up to your exam. Concentrate more on the SSCP CBK domains that you don't have a lot of hands-on experience with. And don't treat the Malware domain too lightly, as it has some application security knowledge in it too. AppSec seems to be a big problem for people who aren't software developers.

Good advice. Reverse engineering malware is something I really want to get involved in at some point so that section should be pretty easy for me to pay attention to. I am mostly worried about 2 things:

- Concepts are easy. I'm not sure if I'll be able to regurgitate all of these bulleted lists of step by step processes in order though.

- All of the risk assessment/analysis stuff. It makes sense conceptually, and I have limited hands-on experience in my current job to help, but it's such a snoozefest that it's impossible for me to read and absorb at any decent rate.

JDMurray

shaqazoolu wrote: »

- Concepts are easy. I'm not sure if I'll be able to regurgitate all of these bulleted lists of step by step processes in order though.

While the official study guides may be used to write exam items, the study guide material isn't necessarily reflected literally in the exams. You probably won't see an items that asks, "What is the sixth step in the computer forensics investigation process?" Instead, you'll see a question that asks about documenting the findings of a computer forensics investigation.

shaqazoolu wrote: »

- All of the risk assessment/analysis stuff. It makes sense conceptually, and I have limited hands-on experience in my current job to help, but it's such a snoozefest that it's impossible for me to read and absorb at any decent rate.

This is a strong indication that you may need some other form of information presentation for this subject. If you are having a hard time reading the books, try audio or video lectures, in-class training, or doing practice exam questions to learn the material. Rather than trying to just memorize the material, try studying the material as if you had to write a 20-page paper, or a large blog article, on the subject(s). You need to greatly change up how you are studying.

shaqazoolu

JDMurray wrote: »

This is a strong indication that you may need some other form of information presentation for this subject. If you are having a hard time reading the books, try audio or video lectures, in-class training, or doing practice exam questions to learn the material. Rather than trying to just memorize the material, try studying the material as if you had to write a 20-page paper, or a large blog article, on the subject(s). You need to greatly change up how you are studying.

Ha. I just started watching CBT Nuggets yesterday for this reason and then I read this today. GET OUT OF MY HEAD

shaqazoolu

Well, I finished the test today. I'm not sure how I feel about it. I'm not completely devastated but I'm not very confident either. I feel like it could go either way.

Going into it, I felt like my weakest area was the risk assessment material. I was also onsite with a client for the entire week, which at first I really saw as a detriment to my last week of studying. Conveniently enough though, the onsite that I was performing was training on how to perform a risk assessment...so it worked out. The guy that was training me has his CISSP and really took an interest in trying to help me out with studying throughout the week. For some reason, I felt a lot more comfortable going into this test than I have any other cert test.

I think there was probably about 20 of us sitting for an exam and only myself and another guy on my team from work were taking the SSCP. He finished in a little over an hour, which is ridiculous. I went through and circled all of my answers in the book the first time around and then went through each question a second time, filling in the bubbles on that go around. It ended up taking me about 2.5 hours to finish up, and I really took my time. I'm used to Cisco tests, so I don't know about this waiting for the results shenanigans. I'd almost rather be completely devastated I think, that way the wait for the results wouldn't be so painful.

JDMurray

Good for you taking your time to be careful and methodical in your test taking. No reason to rush through a test that you have prepared for. You probably did just fine.

Did the proctor reciting the rules mention that the candidates sitting at your table were taking only 3-hour exams? There are always a few CISSP candidates who get freaked when they see people turning in exams after 2-3 hours and they are not half-finished with their own 6-hour exam. It's nice if the proctors inform the 6-hours exam candidates that 3- and 4-hour exams are being given too--but they don't always extend that courtesy.

dynamik

When I took my CISSP, the proctors wrote about a dozen important times on the whiteboard. For both exams (and the CISSP specializations, which I believe are also only three hours), they included information such as the halfway points, one-hour remaining, thirty minutes remaining, etc. I thought that was SOP.

JDMurray

Your exam room had a whiteboard? In my exam they just clacked large stones together to signal the time. It was the club-on-the-back-of-the-head-your-turn-in-the-bathroom signal that I found the most annoying.

dynamik

JDMurray wrote: »

Your exam room had a whiteboard?

In actuality, it may have just been a large piece of paper on an easel. I might be remembering things a bit too fondly...

shaqazoolu

Yeah, ours had an easel with a sleeve on it. At the beginning of the exam they wrote down the time that the two different exams were over and put the paper in the sleeve. Every hour, they put another smaller paper up there letting people know what time it was. They had bought some rinky-dink alarm clock and balanced it on the podium at the front of the room, but I was all the way in the back and there was a glare on the front of it so I never knew what time it was. When I got to question 100, I asked one of the proctors what time it was and he told me it had only been an hour so I started taking my time.

JDMurray

You had a clock in your exam? We had a sundial, a torch, and a flatulent llama. Oh yeah--on the hour and half hour.

shaqazoolu

Yeah...they even said at the beginning that they had bought it on Friday specifically for this test. It was probably the cheapest one you can find at Wal-Mart and I'm pretty sure the only people that could see it were the ones on the front row. At least I could have gotten some entertainment out of a flatulent llama.

Paul Boz

great work man. I owe you some sushi buffet when your pass comes in

azjag

dynamik wrote: »

In actuality, it may have just been a large piece of paper on an easel. I might be remembering things a bit too fondly...

It was a piece of paper on an easel. I remember that and I was in the back of the room with the rest of those not worthy to sit next to the CISSP testers. The clock was a $5 special from walgreens.

shaqazoolu

Seems ISC2 was busy today. I also got my email this morning from the 9/18 exam. Pass for me as well.

Paul Boz

Goddamnit, that means I owe you sushi buffet

Great job my friend

veritas_libertas

Congratz!

[Deleted User]

Congrats! CISSP next?

kriscamaro68

congrats on the pass. I hope to take this sometime next year. I hope I am as prepared.

hustlin_moe20

shaqazoolu wrote: »

Seems ISC2 was busy today. I also got my email this morning from the 9/18 exam. Pass for me as well.

Congrats on the pass. Any advice for us still needing to pass?

shaqazoolu

hustlin_moe20 wrote: »

Congrats on the pass. Any advice for us still needing to pass?

Unfortunately, there isn't a whole lot of material out there to go after. In my case, I was fortunate because my job covers several of the domains on the test so it only took me about 2 months of weekends to prepare. I would say, know the gold book well. Before I took the test, I was able to look at the practice questions in each chapter and get almost all of them right with little effort. In terms of distribution, I can't really say my exam favored any one domain over the others. It seemed pretty evenly weighted to me.

The practice tests on cccure.org are another resource that I used to really highlight my weak points. The difficulty level of those tests is variable, so it really helps to customize several tests. I personally maxed out the difficulty to identify the subjects that I knew only at a high level. Those questions are harder than the ones that you will find on the actual exam because they ask about minute details that you may overlook when reading the material. This helped me focus on reading it in a different way and really increased my technical understanding of the concepts. On these tests, I was scoring between 70-80% at maximum difficulty going in to the actual exam.

I would also familiarize yourself with the ISC2 code of ethics.

I think there are a couple of old study guides from different publishers out there as well, and I meant to use them, but I ran out of time and didn't really crack either of them.

Overall, I felt like I had a pretty good chance of passing after I had turned it in. I went through the test the first time circling answers in the book and starring the ones I wanted to come back to. When I finished that, I really took the entire test again, this time actually coloring in the scantron. I finished in a little over 2 hours with this approach.

Hope this helps. It was definitely not easy. If you pass, you know you've earned it.

shaqazoolu

So I faxed in my endorsement paperwork this morning and got an email confirming they received it. My question is, do they email you and tell you you're good and then mail the cert or does the cert just show up one day and that's how you know?

shaqazoolu

So I waited a little over 3 weeks since I had a CISSP endorse me to start asking questions. I emailed them and asked for a status update and got a reply about 15 minutes later, which kind of surprised me with how much other stuff they have going on right now. The lady told me they were backed up and they were reviewing my file this week. Works for me, I just wanted to make sure I was on the radar.

That afternoon, I get another email that says my file has been randomly selected to be audited. So now I have to send a resume (again), a copy of my degree and some form that I will need to fill out. I should have just kept my mouth shut.

I just want my cert.

JDMurray

shaqazoolu wrote: »

I should have just kept my mouth shut.

I just want my cert.

You would have been selected for auditing even if you hadn't emailed. I'm sure that isn't a factor in the randomization of the auditing selection process.

Just wait until you get picked for a random audit when you submit CPEs. Make sure you get some sort of receipt for everything you will be claiming CPEs for, because you'll need to fax or email it in for verification.

Bl8ckr0uter

shaqazoolu wrote: »

That afternoon, I get another email that says my file has been randomly selected to be audited. So now I have to send a resume (again), a copy of my degree and some form that I will need to fill out. I should have just kept my mouth shut.

I just want my cert.

So what are they going to do? Call old employers and stuff?

JDMurray

Bl8ckr0uter wrote: »

So what are they going to do? Call old employers and stuff?

When you ask the (ISC)2 to endorse you they have no other choice but to investigate the information that the candidates provides. This is part of the responsibility of the endorser regardless of who it is.