CISSP -= instructor led

Cider

Hey Guys,

i have been working for an AV vendor for 5 years, manage the tech support there and do alot of network related diagnostic troubleshooting in various environments.

I have had some read into CISSP for some time now but put it at the back of my mind.

Now I received a brochure for an instructor led course (5 day) , its quite expensive , maybe 5k dollars or so. Im from South africa so I havent checked the exchange rate.

The question/s is ...

1) Is this cert worth it?
2) Will this 5 day course get me through the exam?

Thanks for a great site.

ptilsen

As someone who doesn't have CISSP and wants it but lacks the required experience, here is my mostly unqualified opinion: The CISSP certification is definitely worth pursuing, but a 5-day class for $5,000 is not worth it. I've not heard of many CISSPs going with an instructor-led course to prepare for the certification. I think rigorous book study with practice exams should be sufficient. Obviously you should see what the actual CISSPs say about this, though.

JDMurray

CISSP certification requires 4+ years of professional Information Security experience in at least two domains of the CISSP CBK. It doesn't sound like you have that thus far in your career.

The 5-day bootcamp courses are designed to cram a lot of information into your head so you can pass the CISSP exam. This is a good thing if you already know a lot about the topics on the exam and just need that extra bit of knowledge to "fill in the holes." People who take such a course who don't have much experience in the subject matter will have forgotten most of what they learned before they take the exam--unless they take it on the last day of the bootcamp and they really understand what they were taught.

Remember that certifications only gets your foot in the door for an interview. Once you are sitting in a chair talking to the interviewers, your certs fall to the floor and all you have left is you own knowledge and experience.

cooldrewb

I'm getting ready to take the CISSP again and decided that this time around I would give myself some more time to study. On top of it my boss is going to send me to a boot camp as well. I was just wondering what boot camps are the best? I found one called cissps.com which seemed good but any other suggestons?

paul78

Cider wrote: »

1) Is this cert worth it?
2) Will this 5 day course get me through the exam?

If you are in IT security, this is a pretty baseline certification to carry. Most people that I know in security carry this cert.

If you have a pretty broad range of experience, a 5 day course could do it. But the CBK is very broad and it is changing in 2012 so unless the trainer has adapted the training - you will likely need to supplement the training by reviewing the CBK.

Good luck

JDMurray wrote: »

CISSP certification requires 4+ years of professional Information Security experience in at least two domains of the CISSP CBK.

I think it's 5+ years of experience.

JDMurray

paul78 wrote: »

I think it's 5+ years of experience.

Only four years if you have a degree or even a Security+ cert. From the (ISC)2 Web site:

Note: Effective January 1st 2012, professional work experience requirements for the CISSP remains five years, but the domains have changed. Please refer to the CISSP Candidate Information Bulletin for details.

Note that if certain circumstances apply and with appropriate documentation, candidates are eligible to waive one year of professional experience:

• One year waiver of the professional experience requirement based on a candidate’s education Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Advanced Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent.
  
  OR
• One-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list
  Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires Information Security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual fulltime Information Security work (not just Information Security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.

beads

From experience taking the SANS course, it really felt like overkill for me personally. Though Eric Conrad is an excellent instructor and quite engaging I still felt a bit underwhelmed with more than a few of the domains as I was at least partially familiar with the material. Still the overall pointers were very good and probably helped me more than I'd like to admit.

So from a practical standpoint it probably depends more on your own personal learning style than anything else. If you learn well in an instructor lead setting then you'll enjoy the interaction of a class. If your style is more rote memorization and "piecing the puzzle together yourself" style then skipping a class and the money spent is probably the way to go.

Personally, I over prepared and found the test to be hard but not ludicrous as others have made it out. When I left the hotel where the exam was held I expected to see the chaos of wandering zombies and vomit stains on the sidewalk. Really, it wasn't THAT bad but you could definitely see many a blank look on those folks who just took the exam. Of course the bar next door was likewise fully packed, nice touch ISC/Holiday Inn Express!

Find as many resources: books, quizzes, etc. as you feel comfortable with and be realistic as to your understanding of the material and you won't have any problem with the exam itself. Fool yourself and you'll get owned on this exam. Simple as that.

- beads

jennt721

I did a lot of book study and took a boot camp course for review. I would recommend it if you take it from an ISC2 vendor. I took it from someone that was not affliated and showed up to a test that looked a lot different than the one I studied for. My instructor was great. He gave out a lot of useful information and showed us how to apply it to the real world, but that is not what the CISSP tests you on. I do not regret it, but next time I will take a course given by the vendor in the hope that they can direct me how to better study for the exam.