Hi all,
My experiences of the CISSP as I found it very useful reading other peoples.
First a quick bit of background on me purely for context: I'm 40s, been working in IT for nearly 20 years & the last 12 as a pure techie. Originally an OS guy then quickly moved onto networking & firewalls. Qualfication-wise I've done a bunch, including CCNP/CCDP/CCSE. I'm based near London UK but chose to take the exam in Brussels as that was the only way I could do it before Christmas & I didn't want to wait until the New Year.
I studied for about 3 months but that was fairly intense study, several hours of reading most days. I read the Shon Harris book (thank you Kindle, the device which makes heavy books OK for commuting with). I also read both books by Conrad. IMO the Shon Harris was definitely the best one but it's a far from perfect book IMO, although it covers lots of stuff it's so incredibly wordy it's a difficult book to read. And the writing style doesn't give you that much of an idea of which parts are ultra important & which parts are just covered to give a fuller understanding of a topic. Great if you're reading it for fun (!) but not so great if you want a study guide that's going to help you focus on passing an exam.
I also wrote about 30 pages of my own notes, mainly covering the stuff I considered needed to be memorized cold.
I'd spent the two weeks prior to the exam doing every practice question I could get my hands on, thousands of the things, & was scoring high on those, well into the 90s.
I travelled to Brussels on the Friday (nice city, every other shop sells chocolate & everyone speaks English). Booked into a hotel & was all set.
Saturday, the day of the exam: I don't know Brussels so was relying on taxis. This worked but meant I got to the site around 2 hours early. The building (an office building of a large consultancy) was open but the reception area was unstaffed, unlit (!) & unheated meaning it was FREEZING cold. Gradually it filled up with other candidates & we basically sat around, in my case getting up to walk around & stamp my feet to try to keep warm.
Eventually we were filed into the classroom. The dress code said smart casual so I'd worn trousers & a shirt. Almost no-one else did this, practically everyone else wore jeans & a sweat top. So the reality was that the dress code was more casual than smart casual. The classroom was a bit warmer than the reception but still cold. I spent the entire exam with my coat wrapped around my legs & when I wasn't actually writing an answer I sat on my hands to keep them warm.
There were no catering facilities, not even a glass of water let alone coffee etc (different from every other exam I've ever sat). I had known it was up us to take our own food & drink but hadn't appreciated quite how literally this should be interpreted. Since I'm usually to nervous to eat I hadn't taken anything at all.
The combination of the above meant that (entirely due to my own stupidity) by the time the exam started I was already freezing cold & had no prospect of getting warm or eating/drinking at any point for the 6 hours of the exam. Prospective candidates, don't do what I did. Take warm clothes, a flask of hot drink & also cold drinks + food. I wonder whether the spartan conditions are deliberate (perhaps to make testing conditions equal for all candidates around the world?). Either way they are certainly a factor that shouldn't be dismissed.
Onto the exam then. Prior to opening the question book I have to say I was pretty confident. I'd definitely prepared as well as I could & was hoping it would be a breeze.
That confidence had pretty much completely evaporated about 5 minutes later. I can honestly say I found the exam to be an absolute nightmare from start to finish. As is well-known, the questions tend to ask for the BEST answer or the FIRST thing you should do etc etc. What I hadn't appreciated is that in most cases, all 4 answers are entirely plausible (unlike most exams where you can often immediately rule out the two obvious "wrong" answers & then just have to decide which of other two is correct). Again & again I faced questions where all 4 answers were correct. Or incorrect! To try to illustrate this, here is an example of how the questions are (not an actual question, I just made this one up, but it's exactly like the ones I had throughout my exam):
"You are hired to purchase & deploy a firewall for a small Company that is preparing to launch a service the following month. The Company has a strict budget & specific security & encryption requirements. What is the MOST important factor when sourcing a suitable firewall for them?"
A) It's price must be within budget.
It must be able to be supplied & deployed in time for the service launch.
C) It must meet the security & encryption requirements.
D) It must be fit for purpose.
Like I say, not an actual question but the exam is chock-full of questions like that.
Personally I cannot overstate how difficult I found this exam. Most exams I've done there are lots of questions you "know" are correct, interspersed with some you have to take a stab at. I found the CISSP utterly disorientating because there are almost no questions (well at least not in my case) where you are actually certain you got the answer correct. It's a non-stop barrage of questions like the above. The net effect was kind of like being hit gently over the head 250 times with a wooden mallet. Not bad at first, but by the end of the exam you are utterly punch drunk.
OK fast forward to the end of the exam. I finished in 3 hours. I then spent another hour reviewing every single question & changed my answers on maybe a dozen. At that point I stopped because I was pretty sure if I reviewed it again I'd change a dozen more & I wasn't at all sure I wasn't changing correct answers to incorrect ones. Of my 250 questions I did not see one question that I'd seen in any practice exam (although obviously there were some that were similar. Not many though!)
Before the exam I was pretty sure I'd pass. Halfway through I was certain I'd fail. By the end I no longer had the faintest clue.
I was about the 3rd person to finish. I left the building at which point it occurred to me I was on an industrial estate surrounded by nothing but motorway in a foreign country with no clue of where I was or how to get back to my hotel. Thankfully one of the guys who finished just before me was outside & gave me the number of a cab firm otherwise I might still be there!
OK so then the wait begins. If the CISSP study is tough & the exam is gruelling, the wait for the results is absolutely brutal! After about two weeks I emailed asking if there was any way I could find out my result but was told no dice.
And then finally last night.....got my results email! I knew if I thought about it I wouldn't want to open it so I just opened it instantly, scanned it & o joy saw the word Congratulations!
And that's my story of the CISSP. (Well the exam part, still need to sort out the Endorsement but I work with some CISSPs who can endorse me).
Good luck for anyone doing this. If I had to give 3 pieces of advice they would be:
- Dress warm & take food & drink etc.
- Focus heavily on what the ISC thinks is most important. Endless questions depend on you understanding how things should be prioritised.
- Do whatever you have to do to turn up on the day with a clear head. Consider doing no study at all the couple days before the exam. I couldn't think straight by the end of the exam. Having a clear head is probably far more valuable than having memorised a few extra facts etc.
PS - if by any chance the chap who gave me the taxi number (I think it was a Spanish lad) is reading this - I hope you passed
