The CISSP Experiment

spiderjerichospiderjericho Senior MemberSan DiegoMember Posts: 839 ■■■■□□□□□□
Well, my employer has obtained the services of (third party) to teach a CISSP course for two weeks. We have been supplied the books and the little practice exams from Shon Harris. To be honest, it's a boot-camp format so far. The instructor has been telling us points of interests and passages or words to highlight. I was a bit scared when he tried to explain tunnel and transport mode with IPSEC, as some of the students had no clue what he was talking about. And his only real experience was with IPSEC in a windows environment not say Cisco, Juniper, etc. I don't think I'll be ready to take the test right after the course is finished and plan on either reading the book or watching the CBTs. But from the initial impression, it seems a bit overwhelming with a 1,100 page book, 6-hour, 250 question test, but I'm confident I can do it.

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    How many total hours is the class?
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    It's two weeks sort of. The first week is four days, 7 hour days. The second week is test prep I guess. It's pretty intense, since he's just feeding you information, and there's no context.

    I feel even more sorry for the individuals in the class who don't have a network background.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    Yeah, it sounds like a class geared more towards getting the paper rather than learning the material. The biggest problem is that much of what people will learn they won't retain. But that's the downside of cram classes. It will be interesting if the managers see much difference in their people before and after they get their CISSPs
  • [Deleted User][Deleted User] Posts: 0 ■■■□□□□□□□
    The user and all related content has been deleted.
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    sabooher wrote: »
    I did a 5 day boot camp but after that class I knew it wasn't near enough so I studied an additional 8 weeks. I think a lot of it depends on the instructor but like ours said you either know the material or you do not. One week isn't going to help if you're lacking the experience.

    I would agree. But the instructor for the first week basically said since you're working professionals and don't have time to read through the book, he'll basically take us through and point out important words, sentences.

    Like literally it's that. We'll go to a page. If you look at the second sentence in the fourth paragraph. Highlight.

    But I know it would be impossible to completely cover 1,100+ pages in four days.

    My only issue is the mentality some of the people in this class have. It's about the paper, not the journey or the skills/knowledge set that is obtained along the way.

    Today is day four. We're supposed to get pizza, so I'm excited about that.

    Next week is all practice tests and review.

    I'm supposed to take the exam on the 8th. But we'll see how I feel about it.
  • Chris:/*Chris:/* Member Posts: 658
    I would agree. But the instructor for the first week basically said since you're working professionals and don't have time to read through the book, he'll basically take us through and point out important words, sentences.

    Like literally it's that. We'll go to a page. If you look at the second sentence in the fourth paragraph. Highlight.

    But I know it would be impossible to completely cover 1,100+ pages in four days.

    My only issue is the mentality some of the people in this class have. It's about the paper, not the journey or the skills/knowledge set that is obtained along the way.

    Today is day four. We're supposed to get pizza, so I'm excited about that.

    Next week is all practice tests and review.

    I'm supposed to take the exam on the 8th. But we'll see how I feel about it.

    The majority of classes I have attended, the attendees typically are looking for that paper. It does not matter what the domain of study is in. It is all about what motivates you knowledge, money or pleasing others. I do agree though it is frustrating to work with people like that even in passing.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    The beginning of training day 8.

    We have a new instructor this week. It started off rough.

    We have some loud servers in the background, so the instructor kind of yelled at a student, telling him to speak up, etc. Every student took it as he was talking down to him and showing him disrespect. The student basically nipped it in the bud by telling him, I don't know if you didn't have your coffee today, but you need to calm down and don't speak to me that way.

    Another instructor observation is he likes to drag his feet when walking around. It's pretty distracting.

    Now back to the class. I haven't really haven't had the time to really study on my own, as I'm taking a biology class/lab and enrolled in the Cisco Netacad CCNP T-Shoot course. So, I'm really lacking in knowledge at the moment.

    Training day six had him reviewing cryptography. I was pretty confident in that topic, since I've taken Security+, CCNA Security, CCNP ISCW, etc.

    He gave us a practice exam the next morning. I scorred an 84, which wasn't too bad (since I didn't study the night before except to do these study questions, which as it turns out are the answer to the quiz questions).

    But yesterday, we discussed Risk Management and Access Controls, two topics I feel very weak in. And IMH, I didn't feel like the instructor really explained anything in depth. I'm not sure if it was because he couldn't or if it was because of the attitude of the paper chaser's who don't care about going into the topics in detail.

    The good or bad news is I've scheduled my CISSP for next Tuesday. My reasons are to sort of get it out of the way, as I want to devote my time to my biology class/lab, since they are the last two classes I need to complete for my communication degree.

    If I fail, I'll just review the preplogic, listen to Shon Harris MP3s or watch CBTs and test using the included test engine/cccure/Harris website.
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    Well today was examination day.

    As mentioned before, I went in only having the knowledge from the boot camp and a few study guides. I must admit, CISSP was the most difficult certification exam I've taken. My ultimate certification goal is to get a CCIE R&S, so I'm sure the lab portion will be an arduous experience. But for right now CISSP is the crown holder. The idea of a six-hour, 250-question test is ridiculous.

    My confidence level was good going into the test. I did know I had weaknesses in DRP/BCP, application/database security, a few areas of physical security, law and ethics and security planning. And guess what? All of my questions were from those areas. I got hardly any questions from Access Control, Cryptography and Telecommunications, which are my strong areas (due to my network admin background).

    The test is all multiple choice. But there are few questions that reference one situation. My biggest issue with the test was the wording and the knowledge of the finer points in certain business processes.

    I don't feel like I passed the exam. There just weren't a lot of questions I felt confident on. Going into the test, I was getting 80 percent or above on the rinky dink practice questions given to me by *K (I won't say which training company, but there are obviously two with the second initials of K). But those questions failed to prepare you for this exam, especially because they were straight forward, not in the nebulous manner ISC words theres.

    So I guess the result of my experimentation will be known in a couple of weeks when ISC gives the results of my exam.

    My advice to others. Read the book, take your time. Shortcuts are not worth it when it comes to retaining information or obtaining an important goal. The times when I've dreaded learning or was frustrated by the experience was when I took a boot camp. I prefer to read the book/materials on my own and conduct labs.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    Good luck and thanks for the review. Make sure you post your results back here as soon as you get them.
    I did know I had weaknesses in DRP/BCP, application/database security, a few areas of physical security, law and ethics and security planning. And guess what? All of my questions were from those areas. I got hardly any questions from Access Control, Cryptography and Telecommunications, which are my strong areas (due to my network admin background).
    I've said this before, but from my own exam experiences I believe that people mostly remember the exam items they had the most trouble with and easily forget the ones that were fairly easy to them. Items related to each CISSP CBK domain are spread fairly evenly over the entire exam, but people only seem to remember those they had the most difficultly with, and this skews our ability to accurately access the distribution of domain topics. Also, a single exam item may contain information from two (or more) CISSP CBK domains, so if may not be easy to determine to which domain an item belongs. I noticed this quite a bit on my own CISSP exam.
  • [Deleted User][Deleted User] Posts: 0 ■■■□□□□□□□
    The user and all related content has been deleted.
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    I'm not sure if we had the same organization provide the training. But the two big organizations that have the initials *K provide CISSP training.

    If I pass, I'll be happy. And if that's the case, their training wasn't so bad after all.

    I spoke to the other test takers, and they all felt the same level of uncertainty. And we all agreed, that there was no way humanly possible to squeeze 1,100 pages (from the Harris' book) into two weeks.

    I think they could've structured it more for information retention. It just seemed to jump around and breeze through the book in the first week. Then the second week, it was review the book and present some test questions (that were not in any way similar to the test questions, so there wasn't any test prep like China Tom).

    If it would've been each day devoted to one domain and questions at the end, review the questions the next day, I think everyone would've retained information better.
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    Well, I got my results today. And ISC2 says I passed.

    My heart was beating very hard, since I didn't feel confident about my test-taking experience.

    Another of those who took the test got her results and failed with a 650.

    So when I double clicked on the e-mail, it said congratulations.

    If you've read my previous posts, you know about my preparation for the examination.

    The only thing I did was attend an 8-day course from Ultimate Knowledge. I didn't do many practice tests nor did I read the AIO or official test book. I also am not a big proponent of China Tom (the king of making sure).

    But I should caveat that I have more than five years experience in cryptography, physical security and telecommunications. And the concepts in Access Control weren't difficult because of my background. My only weak areas were Business Continuity/Disaster Recovery/Security Policy.

    But some of the material was stuff I studied in Project+, Security+, Network+, and I also teach CCNA/CCNP.

    I wish I could provide good advice, but I'd say my pass was due to the instructors providing a good explanation of the Access Control and Management concepts. And another key fact was Leo's test-taking advice. He taught us to label a confidence percentage on each question, underline key words and to eliminate any incorrect answers.

    But I believe anyone can pass the exam, especially if they read the book, lol.

    Now, I'm moving to the next step which is creating a resume and getting my supervisor to endorse me.
  • surinbsurinb Member Posts: 14 ■□□□□□□□□□
    Congrats man...way to go.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    Well, I got my results today. And ISC2 says I passed.
    Congratulations on passing the CISSP exam!
  • [Deleted User][Deleted User] Posts: 0 ■■■□□□□□□□
    The user and all related content has been deleted.
  • rwmidlrwmidl CISSP, CISM, MCSE, MCSA, MCPxAlot Worldwide AvailabilityMember Posts: 807 ■■■■■■□□□□
    icon_thumright.gif Congrats!
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    Ugh, I've started working on the resume. The experience section seems a bit time consuming.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    Make sure you understand the difference between a résumé and a curriculum vitae. Many people put information on their resume that should be only on their CV.

    This is not really the forum or the thread to discuss the difference, but I thought I'd mention it.
  • spiderjerichospiderjericho Senior Member San DiegoMember Posts: 839 ■■■■□□□□□□
    Hey all,

    I've been having issues with getting endorsed. My supervisor is a CISSP, so I approached him for endorsement.

    However, he's not the most proactive person (or he's off on a business trip/vacation).

    I'm considering getting endorsed by ISC(2).

    Has anyone had any experience with this?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    There are quite a few people who have posted here about getting their CISSP endorsement from the (ISC)2. The major complaint seems to be that it takes longer than having a personal endorser. This makes sense, because speeding up the processes was why the (ISC)2 switched from doing all endorsement audits to allowing (ISC)2 members "in good standing" do them as well.
Sign In or Register to comment.