CISSP integrity destroyed with CBT exam

I don't think the certification will be devalued at all. "A few hundred or thousand rupees etc and you will be allowed to take books in with you." - One could say that under the right circumstances or proctors, they could have happened with the PBT as well. I'm not naive enough to believe that every CISSP holder is incorruptible.

ISC2 is EXTREMELY stringent about maintaining the integrity of their exam. Not only does the CISSP exam draw from a massive bank of questions but they also expire questions quite regularly. If ISC2 starts to see braindumps appear online, I'm fairly sure they'll be switching back to PBT tests quickly to protect the integrity. Not that it would probably be easy for a wannabe brain dumper to memorize several thousand potential questions...

Oh and there's the pesky little endorsement and work experience requirement that would prevent random paper certs

Don't stress, OP. It's not the end of the world. Or the end of the CISSP.

dzg wrote: »

I was shocked to read that CISSP is a CBT exam worldwide.

.... totally devaluing the cert.

Another weak post, sorry to offend, just being honest! You telling me that you think that ISC2 didn't due their due diligence when pursuing this endeavor? Please read other posts about this same exact topic, if it doesn't effect the price of tea in China is it really that relevant of you being concerned that it will devalue the certification? Look at all your job search sites e.g., Dice, Indeed, Monster, etc. Just type in the keyword and see how many jobs populate and look at the salary. Plus, the certification only gets your foot in the door, your resume looked at, however you want to phrase it but you still have to pass the interview process. I guess based on your post, we should definitely strengthen our immigration process, we don't won't any third world citizens from third world countries coming over with their devalued CISSP and PMP certifications taking our jobs, LMAO

emerald_octane

Integrity destroyed? Please. This is the same company that takes upwards of six weeks to grade a freaking scantron.

Besides my exam procter let us take home the geek-swag ISC2 pens. What if we wrote the questions on them? OMG.

cyberguypr

Welcome to TE!

Agree with Iristheangel. It is not the end of the world. It is ridiculous to say that CISSP has been reduced to a worthless piece of paper. There are **** for Microsoft and Cisco left and right but the certs are definitely not worthless. Paper certs without the knowledge to back them up are just a disaster waiting to happen. People who do this are only fooling themselves. The market will weed them out sooner or later.

I always refused to take the PBT. Couldn't be happier that they embraced CBT. The exam is on my radar for late 2012/early 2013.

the_hutch

I was talking to the owner and CEO of the IT consulting firm that I do my testing through and he told me that he had heard rumors that they are considering making the CISSP CBT exam an adaptive test. If this happens, CISSP will become WAY more difficult and probably carry even greater value in the industry.

emerald_octane wrote: »

Integrity destroyed? Please. This is the same company that takes upwards of six weeks to grade a freaking scantron.

Besides my exam procter let us take home the geek-swag ISC2 pens. What if we wrote the questions on them? OMG.

Agreed. The CBT here have CCTV cameras actually capturing you while you take the exam. They actually lock your belongings in a bag and place it in a locker. You don't even know you passed until you get the results from the front desk clerk. Lastly, the CBT is more scenario and a lot deeper than the PBT. I guess ISC2 didn't do their risk evaluations, lol.

cyberguypr wrote: »

Welcome to TE!

Agree with Iristheangel. It is not the end of the world. It is ridiculous to say that CISSP has been reduced to a worthless piece of paper. There are **** for Microsoft and Cisco left and right but the certs are definitely not worthless. Paper certs without the knowledge to back them up are just a disaster waiting to happen. People who do this are only fooling themselves. The market will weed them out sooner or later.

I always refused to take the PBT. Couldn't be happier that they embraced CBT. The exam is on my radar for late 2012/early 2013.

Good Luck, I take my CBT next month and will take it proudly!

dzg

Responses from people who have never set foot in Asia, Africa or South America. Who have not a clue abot the levels of corruption in those countries and how cheaply it can be done.
Whose global view is limited by their own national borders, or perhaps the Mason-Dixon line and who believe that ISC2 did "due diligence" ... belief without any iota of evidence, since they are not a part of the ISC2 committee. This decision was cost-based, just like when your jobs get outsourced to asia

As for the person saying PBT's are corruptible, lol ok but you would have to corrupt a team of over 7 proctors, but thats kinda impossible given that you don't know who the proctors are prior to the exam. Also they have a vested interest in the exams integrity being CISSP's themselves ... and ok lets say you manage to use your secret ninja skills to ascertain identites of all the proctors and you manage to contact them and funnel $$$ to their Swiss bank accounts prior to the exam ... how do you fool the other cissp candidates taking the exam with you, all of whom will blow the whistle on you ... oh right, you knew their identity and you paid them off as well ... in which case the CIA will hire you no need for cissp skills .... so that blows holes in your defence.

Regarding "due diligence" ... ahem well yes the testing centres have video cameras and the employees are vetted to the highest degree (mostly formed mcdonalds employees and lets not forget the sister of the receptionist who really needed a job), and when it comes to the video ... well no ones is watching and ISC2 is certainly NOT reviewing thousands of hours of tape. Similar to an IDS whose alerts and logs are never monitored .... the company has done its "due diligence" buts its all optics (read up on enron and worldcom and other institutions in the USA who all did their "due diligence" ... another USA myth).

Who cares about job postings at this moment in time ... give it a year or so and then see the difference.

Lets come back to those "pesky paper endorsements" ... very very easy to circumvent in a corrupt country ... I'm not going to explain myself to people who have never travelled outside USA and have never experienced low-level corruption.

CISSP has gone the road of PMP and the countless other "paper" certs .... call it a weak argument if you may but none of you have put up any defense to the contrary ..... corruption is a fact of life in poorer countries and private employees have no vested interest in the integrity of any exam ... someone earning 2000 rupiyah a month will very easily urn a blidn eye for a few hundred. The same cannot be said for PBT's administered by a team of CISSP volunteers and an ISC2 proctor none of whom know each other until they meet at the exam centre on the day (but you wouldn't know that because you've never proctored an exam .. I have).

As for the person who says he avoided taking the PBT ... hmmm interesting ... why? Lack of confidence in your abilities to handle it ... speaks volume about your abilities.

Everyone seems to focus on "brain ****" and the exams infinite pool of questions ... but thats not my point ... brains **** are useless and irrelevant, however having the ability to communicate with someone, having access to material that can help to narrow down an answer is the issue ... not brain **** .... and if you have a team of friends on the other end of a phone line with access to book and a pc then you have all the help you need to pass ... I am not here to convice you but having done it the hard way I feel sorry for myself that my future peers will not have gone through the rigours that I had to.

As for the people taking the CBT in the future, of-course you're gonna defend the exam, its in your interest to do so. You're not even CISSP's so your opinions are worth .... exactly .... nothing.

For me and the other CISSP's I work with the date you sat your exam and where will alwys be a line in the sand ....

dzg wrote: »

Responses from people who have never set foot in Asia, Africa or South America. Whose global view is limited by their own national borders, and who believe that ISC2 did "due diligence" ...

As for the person saying PBT's are corruptible, are you even a CISSP?? Yes everyone has a price but you would have to corrupt a team of over 7 proctors, but thats kinda impossible given that you don't know who the proctors are prior to the exam. Also they have a vested interest in the exams integrity ... so that blows holes in your defence.

Regarding "due diligence" ... ahem well yes the testing centres have video cameras and the employees are vetted to the highest degree, and when it comes to the video ... well no ones is watching and ISC2 is certainly NOT reviewing thousands of hours of tape. Similar to an IDS whose alerts and logs are never monitored .... all optics.

Who cares about job postings at this moment in time ... give it a year or so and then see the difference.

CISSP has gone the road of PMP and the countless other "paper" certs .... callit a weak argument if you may but none of you have put up any defense worht reading ..... corruption is a fact of life in poorer countries and private employees have no vested interest in the integrity of any exam ... the same cannot be said for PBT's administered by a team of CISSP volunteers and tn ISC2 proctor none of whom know each other until they meet at the exam centre on the day (but you wouldn't know that because you've never proctored an exam .. I have).

I tell you what since you are crying a river, renounce your certification and we all will be happy, how about that, LMAO

loneferret

Well he's not totally wrong, not saying he's completely right either.

Odds are there will be more CISSPs (and others) now that it's computer based. Now how much more, I have no clue...
From my understanding, before CBT people sometimes had to wait months before an exam sitting was available in there area or drive out of state/province/city/town/etc. Many have even said they stayed overnight in a hotel/motel to make sure they were fresh for the exam.

Now anyone can take it, not just the hard-core people that are actually willing to go the extra mile to get it (which in my mind gives some added value).
For example I took the SSCP exam only because it was CBT, so I'm sure many will to the same.

I look at it like trading cards or comic books. The more prints & re-prints there are of comic X, the less it's worth... Will this affect the ISC2 certs the same way? I suppose only time will tell. Will it really damage the certification's reputation? Not that much I don't think so.

In the end, like anything.. only time can tell (and HR)

Please understand, I'm fully prepared to admit that I may be wrong and in left field with this. Just my 2 cents CND.

LoL. I took (and passed) my CISSP exam in 5/5/12 as you're more than welcome to see on past posts. There were exactly three proctors, not seven in my PBT. As far as "vested interest in exam integrity," well... you're the one that brought up Asia, Africa and South America where the value of holding a CISSP is nothing compared to the states. In private testing centers, you usually don't know who is administering the exam ahead of time either so that's a little silly to argue about. That being said, I'm sure there are corruptible people in every country that would be willing to take kickbacks regardless of whether they hold the certification or not. I don't approve of it but I'm realistic about human nature. Especially in the countries you mentioned.

By the way, I've had the pleasure of visiting Vietnam and China on several different occasions. Beautiful places.

It seems like you just want to be negative about the CBT and I'm sure you're going to complain no matter what we say given how defensive you're being.

DZG,

The VALUE of the CISSP is in the individual's capacity to sell himself/herself as something other than a 'Necessary Evil' where perception by execs see us as a terribly expensive drain on overhead. ISC2 looked at this CBT issue long and hard and retained the services of some equally sharp people, who can see trends in how and when cheating occurs, including the ability to center in on rogue testing facilities of which you speak, DZG.
OUR job as CISSPs are to somehow provide the BEST quantitative risk formulas to businesses/governments/finance who are global, along with a balance of ROI, AND show that globalization does not necessarily mean that moving MAJOR business assets overseas and remaining secure is a worthwhile risk. This is a VERY VERY hard sell, as the corporate mentality is to move 'over there' wherever 'there' may be. Selling the idea of retaining the services of InfoSec and other Security Experts locally, while performing business globally is often the best option to Secure assets. That said, I am NOT one who proclaims nationalist rhetoric about keeping jobs in AMERICA!
Educated people who perform exemplary work, do so overseas for 20% of what we require for a similar service here is difficult. And with Datacenters moving overseas, the security question increases exponentially. As with most events in history, I am fearful of the world deteriorating from current APT status to a TRUE cyberwar. Problem is as now, as it has always been: deny it if you don't see it happening. APT's are keen on not being discovered, but that won't last forever, and there will be reprisals for actions against nation states who sponsor such things as FLAME or Stuxnet. What do you think will happen once FLAME is sufficiently reverse engineered in such a way that it will expose the vulnerabilities present in most small and medium sized private businesses? Couldn't a coordinated effort against these assets alone bring a first world economy to its knees quickly? How much does small and medium sized business fuel the Free Market economies of the world?

DZG, Respectfully, you are MISDIRECTING your talent and energies unnecessarily. If you take the time to read other posts, you'll notice that PLENTY of us talked about the possible consequences of CISSP going CBT, and we needn't live overseas to know of what can and does happen, as does ISC2. You want to solidify your value as a CISSP? GET the message out about what really ails the global network and get to FIXING it rather than point fingers at rogue nations.

Iristheangel wrote: »

LoL. I took (and passed) my CISSP exam in 5/5/12 as you're more than welcome to see on past posts. There were exactly three proctors, not seven in my PBT. As far as "vested interest in exam integrity," well... you're the one that brought up Asia, Africa and South America where the value of holding a CISSP is nothing compared to the states. In private testing centers, you usually don't know who is administering the exam ahead of time either so that's a little silly to argue about. That being said, I'm sure there are corruptible people in every country that would be willing to take kickbacks regardless of whether they hold the certification or not. I don't approve of it but I'm realistic about human nature. Especially in the countries you mentioned.

By the way, I've had the pleasure of visiting Vietnam and China on several different occasions. Beautiful places.

It seems like you just want to be negative about the CBT and I'm sure you're going to complain no matter what we say given how defensive you're being.

Just to enlighted him, I spent time in the Air Force and my spouse is Filipino born and have visited that poor country on numerous occasions. Since he is the only one that has been to a poverty stricken country.....

AND DZG,

Just so you know...I am a Former US Foreign Service Specialist where I served quite proudly as a Diplomat in those same countries of which you speak. My guess is that you are Aussie or from NZ, though MAYBE Canadian or brit but doubt it, and therefore you feel CLOSER to the situation than most of the rest of us.
Draw your line in the sand, fellow CISSP. Cry foul while those with initiative and positivity share the values of our services and skills and make a real difference in the world.
I honestly thought that our profession would cater to more 'enlightened' rather than someone so cynical.

kalkan999 wrote: »

AND DZG,

Just so you know...I am a Former US Foreign Service Specialist where I served quite proudly as a Diplomat in those same countries of which you speak. My guess is that you are Aussie or from NZ, though MAYBE Canadian or brit but doubt it, and therefore you feel CLOSER to the situation than most of the rest of us.
Draw your line in the sand, fellow CISSP. Cry foul while those with initiative and positivity share the values of our services and skills and make a real difference in the world.
I honestly thought that our profession would cater to more 'enlightened' rather than someone so cynical.

loneferret

kalkan999 wrote: »

... MAYBE Canadian or brit but doubt it...

No "eh" in any of his sentences. He ain't a canuck.

dzg wrote: »

Responses from people who have never set foot in Asia, Africa or South America. Who have not a clue abot the levels of corruption in those countries and how cheaply it can be done.
Whose global view is limited by their own national borders, or perhaps the Mason-Dixon line and who believe that ISC2 did "due diligence" ... belief without any iota of evidence, since they are not a part of the ISC2 committee. This decision was cost-based, just like when your jobs get outsourced to asia

As for the person saying PBT's are corruptible, lol ok but you would have to corrupt a team of over 7 proctors, but thats kinda impossible given that you don't know who the proctors are prior to the exam. Also they have a vested interest in the exams integrity being CISSP's themselves ... and ok lets say you manage to use your secret ninja skills to ascertain identites of all the proctors and you manage to contact them and funnel $$$ to their Swiss bank accounts prior to the exam ... how do you fool the other cissp candidates taking the exam with you, all of whom will blow the whistle on you ... oh right, you knew their identity and you paid them off as well ... in which case the CIA will hire you no need for cissp skills .... so that blows holes in your defence.

Regarding "due diligence" ... ahem well yes the testing centres have video cameras and the employees are vetted to the highest degree (mostly formed mcdonalds employees and lets not forget the sister of the receptionist who really needed a job), and when it comes to the video ... well no ones is watching and ISC2 is certainly NOT reviewing thousands of hours of tape. Similar to an IDS whose alerts and logs are never monitored .... the company has done its "due diligence" buts its all optics (read up on enron and worldcom and other institutions in the USA who all did their "due diligence" ... another USA myth).

Who cares about job postings at this moment in time ... give it a year or so and then see the difference.

Lets come back to those "pesky paper endorsements" ... very very easy to circumvent in a corrupt country ... I'm not going to explain myself to people who have never travelled outside USA and have never experienced low-level corruption.

CISSP has gone the road of PMP and the countless other "paper" certs .... call it a weak argument if you may but none of you have put up any defense to the contrary ..... corruption is a fact of life in poorer countries and private employees have no vested interest in the integrity of any exam ... someone earning 2000 rupiyah a month will very easily urn a blidn eye for a few hundred. The same cannot be said for PBT's administered by a team of CISSP volunteers and an ISC2 proctor none of whom know each other until they meet at the exam centre on the day (but you wouldn't know that because you've never proctored an exam .. I have).

As for the person who says he avoided taking the PBT ... hmmm interesting ... why? Lack of confidence in your abilities to handle it ... speaks volume about your abilities.

Everyone seems to focus on "brain ****" and the exams infinite pool of questions ... but thats not my point ... brains **** are useless and irrelevant, however having the ability to communicate with someone, having access to material that can help to narrow down an answer is the issue ... not brain **** .... and if you have a team of friends on the other end of a phone line with access to book and a pc then you have all the help you need to pass ... I am not here to convice you but having done it the hard way I feel sorry for myself that my future peers will not have gone through the rigours that I had to.

As for the people taking the CBT in the future, of-course you're gonna defend the exam, its in your interest to do so. You're not even CISSP's so your opinions are worth .... exactly .... nothing.

For me and the other CISSP's I work with the date you sat your exam and where will alwys be a line in the sand ....

Making edits to a longer irrelevant post, first of all, learn how to spell and don't assume that people making comments to your idiotic posts haven't been CISSP's before, someone get this guy a band-aid before he bleeds to death from his paranoid ISC2 bruise, he's making me sick to my stomach, LOL

His spelling is 'spot on,' using king's English, though he tried to hide it by using defence and defense in the same rhetorical rant. He also made reference to America in the context of an outsider.

dzg wrote: »

Responses from people who have never set foot in Asia, Africa or South America. Who have not a clue abot the levels of corruption in those countries and how cheaply it can be done.
Whose global view is limited by their own national borders, or perhaps the Mason-Dixon line and who believe that ISC2 did "due diligence" ... belief without any iota of evidence, since they are not a part of the ISC2 committee. This decision was cost-based, just like when your jobs get outsourced to asia

For someone who keeps repeating how limited our view is, you're making a LOT of assumptions about us just because we don't necessarily agree with you.

dzg wrote: »

As for the person saying PBT's are corruptible, lol ok but you would have to corrupt a team of over 7 proctors, but thats kinda impossible given that you don't know who the proctors are prior to the exam. Also they have a vested interest in the exams integrity being CISSP's themselves ... and ok lets say you manage to use your secret ninja skills to ascertain identites of all the proctors and you manage to contact them and funnel $$$ to their Swiss bank accounts prior to the exam ... how do you fool the other cissp candidates taking the exam with you, all of whom will blow the whistle on you ... oh right, you knew their identity and you paid them off as well ... in which case the CIA will hire you no need for cissp skills .... so that blows holes in your defence.

Hmm... For someone claiming that being a CISSP requires a greater level of integrity and professionalism, you're acting pretty childish. I took the PBT and there were 3 proctors there, not seven. As far as the need for finding out who is proctoring before taking the actual exam, the same could be said of finding out who is proctoring the exam at the private testing center prior to the exam which invalidates your silly argument. For someone who keeps claiming that these countries are poor and therefore corrupt, you're making the assumption that holding a certification is going to magically make these people somehow morally better than everyone else. I'm not claiming that people **** often on the PBT but it's possible just like on the CBT. If you're making the claim that people in private institutions in these countries are willing to make an extra buck helping someone ****, what stops a proctor from doing the same thing? .

dzg wrote: »

As for the people taking the CBT in the future, of-course you're gonna defend the exam, its in your interest to do so. You're not even CISSP's so your opinions are worth .... exactly .... nothing.

For me and the other CISSP's I work with the date you sat your exam and where will alwys be a line in the sand ....

I took the CISSP exam when it was a PBT so I guess that puts me on your side of the line. I'm not going to differentiate between the CBT and PBT CISSPS and I think it's stupid to cut down people because of the medium in which they take their test. Based on your spelling, elitist attitude, and unprofessional demeanor, I hope you tear up your CISSP certification and renounce it. You're giving the certification a bad name by coming on a open forum of professionals and being rude because people don't agree with you.

Iristheangel wrote: »

For someone who keeps repeating how limited our view is, you're making a LOT of assumptions about us just because we don't necessarily agree with you.

Hmm... For someone claiming that being a CISSP requires a greater level of integrity and professionalism, you're acting pretty childish. I took the PBT and there were 3 proctors there, not seven. As far as the need for finding out who is proctoring before taking the actual exam, the same could be said of finding out who is proctoring the exam at the private testing center prior to the exam which invalidates your silly argument. For someone who keeps claiming that these countries are poor and therefore corrupt, you're making the assumption that holding a certification is going to magically make these people somehow morally better than everyone else. I'm not claiming that people **** often on the PBT but it's possible just like on the CBT. If you're making the claim that people in private institutions in these countries are willing to make an extra buck helping someone ****, what stops a proctor from doing the same thing? .

I took the CISSP exam when it was a PBT so I guess that puts me on your side of the line. I'm not going to differentiate between the CBT and PBT CISSPS and I think it's stupid to cut down people because of the medium in which they take their test. Based on your spelling, elitist attitude, and unprofessional demeanor, I hope you tear up your CISSP certification and renounce it. You're giving the certification a bad name by coming on a open forum of professionals and being rude because people don't agree with you.

OK, Officially had enough of this guy...Message to JDMurray sent! I respect free-speech, but I draw the line at discouraging people who are trying to pass this test, and for whatever reason/s, have not tested yet.

You're just hating because you're not on my oh-so-special side of the line, kalkan999

cyberguypr

dzg wrote: »

As for the person who says he avoided taking the PBT ... hmmm interesting ... why? Lack of confidence in your abilities to handle it ... speaks volume about your abilities.

Has nothing to do with my abilities. The answer is simple: principle. I refuse to support a company/entity that uses 20 year old technology (my guesstimate, haven't looked up exactly how old it is). I am an IT professional who is always on the cutting edge of technology. No reason to be messing with papers when most exams are CBT.

Have you ever heard of a thing called progress? Let me help you out. It is the idea that the world can become increasingly better in terms of science, technology and modernization. See? MODERNIZATION. It was about time that ISC2 moved on to CBT. The National Board of Medical Examiners is transitioning all their exams to CBT by 2015. The National Council Licensure Examination transitioned theirs a long time ago. Have their certifications become or are on the way to become worthless? Doubt it.

Wake up an smell the coffee my friend. Actions speak louder than words. As TBRAYS said, renounce your certification and we all will be happy

loneferret

Is it just me, or is this guy taking this cert thing a bit to seriously ...

badrottie

This is nothing more than a tempest in a teapot.

The true value of the CISSP is not just passing the exam alone, it is also the validation of your work experience as well. It is incumbent upon those with authority to perform their own due diligence and vet the credentials, experience and knowledge of information security practitioners. Really. A credential alone does not alone show expertise.

I do not dispute that there are parts of the world where corruption is endemic, and the culture does tend towards having moral flexibility. Exercise greater diligence when interviewing or hiring candidates from those areas, but do not necessarily discount them automatically.

It is worth noting that ISC has introduced a limitation to how many attempts you can take the CBT exam: 4 kicks at the cat and after that, you are disqualified. Also, the time delta between attempts increases:

2nd - 30 days
3rd - 90 days
4th - 180 days
5th - disqualified

More than enough to ensure that there has been more than one rotation of the question pool (More than likely used as a control to mitigate the risk of braindumping). See: https://www.isc2.org/cbt-faqs.aspx for more information.

There is one additional control that ISC2 could implement: audit more applications, particularly from geographic regions considered to be at high risk.

Really, though. PBT/CBT, I could care less. Survive my interview, and then we can talk.

We'll talk when you pay me lots of money after I survive your interview...Otherwise, I am gonna make myself famous spinning an accurate 'yarn' about the post-apolcalyptic cyber-world. THEN, I'll go be a talking head on Fox News, where they lay the 'Smack Down' and expose the bad guys!

badrottie

kalkan999 wrote: »

We'll talk when you pay me lots of money after I survive your interview.

Sorry, strictly NOFOR as an employment requirement.

HA! Show's you! I'm not a FOREIGNER, I'm AN American, DANGIT!!

badrottie

kalkan999 wrote: »

HA! Show's you! I'm not a FOREIGNER, I'm AN American, DANGIT!!

Precisely. From my location and jurisdictional boundaries, you ARE a foreigner.