CISSP - wait until after 4/15 at this point?

Hey all,

I've been procrastinating heavily on studying and sitting for the CISSP. So much so that I bought Shon Harris' 4th edition way back when and never went through it completely. Just got lazy along the way, and still have been. Ironically, I picked up several other SANS certs along the way - GCIH, GPEN, and GWAPT...
At this point, I know there will be changes come April 15th. I don't think I'd have enough discipline to knock out last minute studying before then as this is really last minute. Is it better to just wait to take it after April 15th then?

What, if any, are the *major* changes? I thought I read that there will be restructuring and reordering of the domains but that overall the content should stay the same more or less. Not sure what this exactly means of course.

Anyone have more insight on this and advice as to what to do (trying to cram now vs take my time and study based on the new material)?

One other question that just occurred to me. If I go ahead and schedule to sit for an exam say in July, will the test be for the *current* material? Or will the test be based on the new material updated post 4/15?

Find more posts tagged with

Comments

jplee3

Just stumbled across this thread and many more - http://www.techexams.net/forums/isc-sscp-cissp/108646-cissp-april-2015-exam-materials.html

So it sounds like some wording may change but the content should stay the same. As far as the "domains" it doesn't really matter as much as the questions they'll be asking. The material, whether across 8 or 10 domains, will stay the same, and perhaps the way some questions are worded will change.

Though I do kind of wonder about this new one - "6 Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)" - which domain is that currently addressed under?

I guess my concern is if they're actually going to be adding new content as much as they are reordering/reorganizing the domains?

And one more question regarding eligibility per experience.

I am currently working as a QA Engineer for a division of company specializing in disaster recovery products - I've been here for 3 years now QAing primarily security-related components (it's not as glamorous as it seems - much more of it is integration and functional testing). Prior work included a couple years of combined operation/application security for a smaller retail company (PCI Compliance, log monitoring/watching, incident response, vulnerability assessments, and limited engagement internal web app and network pentesting). And the job before that was another couple years of primarily PCI compliance adherence, vulnerability assessment and log monitoring.

Is this enough experience to satisfy the requirements? I'm not 100% sure how to categorize each one but I'm thinking operations, compliance, software development security, and governance/risk mgmt at least. Do they actually ask you to specify # of years per domain and have you fill out your experience accordingly or something?

TheFORCE

jplee3 wrote: »

Just stumbled across this thread and many more - http://www.techexams.net/forums/isc-sscp-cissp/108646-cissp-april-2015-exam-materials.html

So it sounds like some wording may change but the content should stay the same. As far as the "domains" it doesn't really matter as much as the questions they'll be asking. The material, whether across 8 or 10 domains, will stay the same, and perhaps the way some questions are worded will change.

Though I do kind of wonder about this new one - "6 Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)" - which domain is that currently addressed under?

I guess my concern is if they're actually going to be adding new content as much as they are reordering/reorganizing the domains?

And one more question regarding eligibility per experience.

I am currently working as a QA Engineer for a division of company specializing in disaster recovery products - I've been here for 3 years now QAing primarily security-related components (it's not as glamorous as it seems - much more of it is integration and functional testing). Prior work included a couple years of combined operation/application security for a smaller retail company (PCI Compliance, log monitoring/watching, incident response, vulnerability assessments, and limited engagement internal web app and network pentesting). And the job before that was another couple years of primarily PCI compliance adherence, vulnerability assessment and log monitoring.

Is this enough experience to satisfy the requirements? I'm not 100% sure how to categorize each one but I'm thinking operations, compliance, software development security, and governance/risk mgmt at least. Do they actually ask you to specify # of years per domain and have you fill out your experience accordingly or something?

Your experience should be enough for the requirements. You do not need to specify how many years per domain, all you have to do it send them your resume and follow the instructions on the endorsement form. you resume should contain only the job titles that pertain to the domains, for example, if you at sometime worked as an accountant for whatever company, you should not include that experience in your resume.