Post and Pre 15 April 2015 Era

riyan · April 2015

mjsinhsv wrote: »

ISC2 probably releases the **** to the morons that use them...on the "dark" web..lol

[h=1]Who's the more foolish...the fool or the fool who follows him?[/h]-Obi-Wan Kenobi (Certified Jedi Knight)

gespenstern · April 2015

beads wrote: »

I get the best information on these **** sites from candidates or people trying to break into the industry. You'd simply be amazed or perhaps not at how blunt some of these people can be about where to find or have found information.

I wonder why would anyone want to break in. I wouldn't say that it is a good field in terms of money earned/efforts needed ratio. I wouldn't say that I'm nearly the best at what I do and dealt with people who were really good at it, much smarter than me, but even on my level I barely have a life...

Work, education, reading, studying, developing, problem solving, incident response. I haven't slept last night. I worked a lot last week. Damn MS15-034. I even haven't seen fkn interstellar or whatever other cool movie out there. If I wasn't interested in this from early childhood I would better work, say, in construction.

joshmadakor · April 2015

Someone passed very confidently with old material: 1st Attempt - Pass

40% new material? Don't think so

Edit: Looks like that person passed with the 10 domain test.

riyan · April 2015

I can vouch for ISACA that you cannot find the brain **** in dark, bright, or deep web. They introduce new exam items every year and sell the old ones as supplement. They do this every year. Similarly ISC2 must have set expiry dates to each question items depending upon how much time they were shown to exam candidates irrespective of answered correctly or incorrectly.

So contrary to what our "LEARNED COLLEAGUE" suggested unless and until users of Dark Web have access to some kind of time machine or they are the advanced species of human and have created wormhole in Dark Web, there is no way you can find any useful exams question having same difficulty as that of real exam questions. Even ISC2 released versions 150$ per 100 question are dated.

Danielm7 · April 2015

gespenstern wrote: »

I wonder why would anyone want to break in. I wouldn't say that it is a good field in terms of money earned/efforts needed ratio. I wouldn't say that I'm nearly the best at what I do and dealt with people who were really good at it, much smarter than me, but even on my level I barely have a life...

Work, education, reading, studying, developing, problem solving, incident response. I haven't slept last night. I worked a lot last week. Damn MS15-034. I even haven't seen fkn interstellar or whatever other cool movie out there. If I wasn't interested in this from early childhood I would better work, say, in construction.

I think it comes down to a lot of people really enjoying that part. If they weren't working security they'd still be reading about it and learning about stuff at home. If you don't really enjoy that part then the field is going to be torture. It's why I've started to ask the (many) people asking how to break into the field on the forum exactly why they want to get into security. Is it just good job prospects and "hacking sounds cool" or do you really have a passion for it? Because if you really just don't' care about it and it sounds cool you're not going to be happy trying to follow the daily changes in the field.

Security2014 · April 2015

Not sure about new exam providing a result immediately after the exam. There were couple of posts stating that they will get their results in 6 weeks. however it could be case by case

beads · April 2015

@riyan;

Clearly you need lessons with dramatic indicators like /s or WARNING! Entering a POE'S LAW minefield or something subtle enough for you to follow. Perhaps not. Please consider absurd postings as (*gasp!*) absurdity. In the future will be sure to point these out so you can have a nice laugh as well. That is if your capable of such. Not convinced at the moment. So, relax.

/s As far as breaking in to the field. Yes, people have been saying that about IT and/or security for what feels like time immortal.

(*Warning subtle sarcasm ahead!*)

(*Poe's Law at work!*)

(*Riyan Alert*)

If you remember the later late 90s during the dot com boom you've probably meet the guy or person who "used to do what you do..." but changed jobs, careers etc. as soon as the bust happened. I've meet everything from retail clerks to accountants that "used" to do what do. No, you didn't and were never close to performing at the same level so when the bodies were no longer needed you/they were let go. Didn't suffer that indignation but knew plenty who did.

If you need further reading I suggest lurking in the dark web for my clues but bring a flashlight - just in case.

(*Some sarcasm below*)

New entrants to the field as we all start somewhere. We still see the same today. People want to "get in" or "break into the field" but lack the understanding of not only technology, business or basic IT because they see a "job" in it, where I see a position. If I needed a job there is a McDonald's out there somewhere looking for a fry cook or whatever. These people never last in the field or are generally so unhappy I wonder how they even make it out of bed in the morning to come torture themselves at work.

Overall the time and effort needed to be successful in this field is fairly absurd unto itself (no sarcasm). If you enjoy breathing technology 7 days a week 14+ hours a day. Tinkering with any number of different tools on a daily basis not to mention the study habits weather you plan to take an exam or not is immaterial. It still takes a healthy commitment for the rest of your career to stay on top of IT particularly security. Don't kid yourself otherwise. If your not reading - your falling behind.

Now for your pop-quiz. Can you tell where I was sarcastic and where I was being a bit serious? I blended the two at times to make my point. Sometimes we have to be a bit more blunt. Just like in business. Often dependent on the density of one's audience, EQ, phase of the moon, horoscope, bird entrails. Whatever. If nothing else there is a great deal of humor and commiserating to be had. Enjoy!

- b/eads

mjsinhsv · April 2015

Danielm7 wrote: »

I think it comes down to a lot of people really enjoying that part. If they weren't working security they'd still be reading about it and learning about stuff at home. If you don't really enjoy that part then the field is going to be torture. It's why I've started to ask the (many) people asking how to break into the field on the forum exactly why they want to get into security. Is it just good job prospects and "hacking sounds cool" or do you really have a passion for it? Because if you really just don't' care about it and it sounds cool you're not going to be happy trying to follow the daily changes in the field.

This applies to any field of employment.
If someone doesn't enjoy their job, they will be hating life.
Money really isn't everything and when you add up the hours worked, hours of study, stress, etc., the money isn't that much.
Seriously, when I look back at when I was providing tier2 support...the job was definitely more fun.

riyan · April 2015

beads wrote: »

@riyan;

Clearly you need lessons with dramatic indicators like /s or WARNING! Entering a POE'S LAW minefield or something subtle enough for you to follow. Perhaps not. Please consider absurd postings as (*gasp!*) absurdity. In the future will be sure to point these out so you can have a nice laugh as well. That is if your capable of such. Not convinced at the moment. So, relax.

/s As far as breaking in to the field. Yes, people have been saying that about IT and/or security for what feels like time immortal.

(*Warning subtle sarcasm ahead!*)

(*Poe's Law at work!*)

(*Riyan Alert*)

- b/eads

Clearly, our "LEARNED COLLEAGUE" is in angry mode. Oh oh, I catch one sarcasm missed by you:

If you need further reading I suggest lurking in the dark web for my clues but bring a flashlight - just in case.

Nice. I totally agree with your analysis of dot com boom and people break-in to Info. Sec. Domain. No point denying it.

However, as a forum member and being senior members, it is our collective responsibility to rightly guide the members. I can safely state that:
There is no exam-**** available for ISACA / ISC2 exams. It is not by incident it is by careful design. What you can find on the web (whatever the type dark/deep/bright) are rough estimates; which are nowhere close to real exams. What you need is real experience. So do not fully rely on exam ****.

barman · April 2015

joshmadakor wrote: »

Someone passed very confidently with old material: 1st Attempt - Pass

40% new material? Don't think so

This guy claims that he got tested on April 11th. That is, the old material.

I tested on Apr 11th on the "older" 10 domain exam. From what I've read, I understand the information all maps to the new domains and exam.

1st Attempt - Pass : cissp

So, we still have to wait for someone who passed with the new material

kalkan999 · April 2015

To add to b/eads posts, he is absolutely correct. The other method regarding how people **** is done at overseas 'mobile' sites and the like. I am just using India as an example, as there's empirical evidence to support what I am about to share:
- A CISSP 'ringer' offers himself, herself for around 70-80,000 rupees to take the test for someone else who may not know ANYTHING about Information Security, but thinks themselves an expert after spending some time as, say, tier I or II tech support at a call center for some IT related industry.
-The Ringer pays HALF of his/her ill-gotten RUPEE earnings to a testing center where he/she knows the test proctor, and can just walk in with the other person's identification and take and pass the test for the soon-to-be-fraudulently minted CISSP.

(ISC)2 by their own admission, lacks the ability to fully audit or vet the required background for aspiring overseas certificate holders. THey do catch people, but not nearly enough.

-Kalkan

joshmadakor · April 2015

barman wrote: »

This guy claims that he got tested on April 11th. That is, the old material.

1st Attempt - Pass : cissp

So, we still have to wait for someone who passed with the new material

Yeah, I noticed that later

riyan · May 2015

kalkan999 wrote: »

To add to b/eads posts, he is absolutely correct. The other method regarding how people **** is done at overseas 'mobile' sites and the like. I am just using India as an example, as there's empirical evidence to support what I am about to share:
- A CISSP 'ringer' offers himself, herself for around 70-80,000 rupees to take the test for someone else who may not know ANYTHING about Information Security, but thinks themselves an expert after spending some time as, say, tier I or II tech support at a call center for some IT related industry.
-The Ringer pays HALF of his/her ill-gotten RUPEE earnings to a testing center where he/she knows the test proctor, and can just walk in with the other person's identification and take and pass the test for the soon-to-be-fraudulently minted CISSP.

(ISC)2 by their own admission, lacks the ability to fully audit or vet the required background for aspiring overseas certificate holders. THey do catch people, but not nearly enough.

-Kalkan

That's collusion.
We hope that ISC2 will take notice of that. If this practice is allowed to continued it will undermine the integrity and respect of ISC2.

Sheiko37 · May 2015

This new information that 40% of the content is new is really disheartening. That's essentially a full recreation of the certification more than just an update.

I see a lot of opinions that it can't possibly be 40% new material, but that's really just guessing and I'd sooner believe the extract from the new CBK confirming it as fact.

jt2929 · May 2015

Sheiko37 wrote: »

This new information that 40% of the content is new is really disheartening. That's essentially a full recreation of the certification more than just an update.

I see a lot of opinions that it can't possibly be 40% new material, but that's really just guessing and I'd sooner believe the extract from the new CBK confirming it as fact.

See post #28 by beads.

joshmadakor · May 2015

jt2929 wrote: »

See post #28 by beads.

I don't know why the CBK from ISC2 themselves would claim 40% new material.

From cccure's owner https://cccure.training/m/articles/view/Are-my-old-study-resources-enough-to-pass-the-new-exam-after-the-15th-of-April:

Good day to all,
A lot of people have been contacting me about the new CBK and whether or not they have wasted their time studying outdated material and wasting their money on resources that have no value today.
The answer is easy: YOU ARE TOTALLY FINE. YOUR RESOURCES ARE STILL 100% APPLICABLE
Do not waste your money. If you have the proper professional experience and you have been studying with resources like the one we have, which are holistic, then you are fine.
Nothing was removed from the exam and only about 4% of topics at the most were added. You can see a list of the new topics at:
https://cccure.training/m/articles/view/CISSP-CBK-2015-WHAT-WAS-ADDED

orionquest · May 2015

as someone who is scheduled to give the cissp exam on June 6th and studying Shon Harris and the CBK latest edition, i can confidently say the 40% claim is bogus.

there is nowhere that much new material. existing concepts are explored in more detail, sometimes unnecessarily.

btw the new CBK is horrible, the author rambles on and makes no effort to explain concepts.

Its a copy and paste job in many places

chickenlicken09 · May 2015

yip it truely is a horrible read, that 40% is bull. sticking to the old books.

riyan · May 2015

eddo1 wrote: »

yip it truely is a horrible read, that 40% is bull. sticking to the old books.

We are just providing forum lurker some advise without any compulsion. It's your to take it or leave it. I will make a very simple case.

Let's assume a guy/gal is acting as project manager for 10 years. Over the years he/she learned several techniques and tools. He/she then decided to sit for PMP-PMI exams. What are his/her chances for clearing the exam without reading PMBOK. Very slim. Why??? It not b/c he/she is not competent or lack any skill. It's b/c he/she is not very familiar with PMBOK terminology. May be he/she knows the concept of resource/schedule optimization i.e. resource leveling, crashing, fast tracking) but do not know the exact PMBOK terminology. He/she may have performed scheduling using modern tools and may have never calculated float or slack by hand (by the way, who do it these days!!!). Yes indeed experience PM will find PMBOK material very easy to digest and correlate. But he needs to study.

Also remember CISSP aspirants, this exam will not grade you on gradient scale i.e. 1st, 2nd, 3rd best. Either you are right or worng. 0/1 Binary code. No fuzzy logic. If ISC2 CISSP CBK says SSL/TLS is on transport layer and you marked it as application layer you will get zero.

We are just providing some advice for increasing chances of your success in exam. That's it. There is no point denying it that CBK 4th edition introduced new content. May be you are already familiar with it.

It is very rare that you will have solid experience in all knowledge areas, you may be strong in networks but weak in physcial security. That's very common. So play on your strong area and learn ISC2 CBK defined content for your weaker domains.

justjen · May 2015

I wonder why the new CISSP CBK is worse to read. I am interested because I think some specific sections of the 2006 1E CISSP CBK (mustard yellow cover) are better written than in the 2012 3E CISSP CBK (green cover). Is there any edition that is generally more highly regarded than the others? It would be odd if each new edition was considered more problematic than its predecessor.

brenbrenOK · May 2015

riyan wrote: »

As we discussed this numerous time, finally a week passed through after the Post 15 April 2015 era. I checked with my colleagues and other CISSP aspirant to appear after Post 15 April 2015. I noted down the following significant changes:
CISSP Organization is withholding the result notification for upto 4-6 weeks.

Result will not be shown to you at the examination center so no point in arguing with exam administrators.

There is a heavy focus on Pen Testing in terms of exam content.

Since Physical Security is not a separate domain so amount of questions on them has been reduced significantly. So stick to CBK 4th Edition.

Shon Harris (RIP) 6th Edition will only cover 60% of exam content. The rest you need to dig it into CBK 4th Edition.

Laws, Ethics & Legal Investigation content has been shrink and added as a minor part of another domain.

Instead of pure MCQ type questions, more focus is on hot-spot, ordering and mix-match kind of question.

Still no scheduled break so you need to allocate from your 6 hour exam time.

Hey decided to come over here and post. This is similar to what I was saying, I can't think of one hot spot question I had, but also this was HEAVILY into secure software development. I really did make a comment that I was't sure if I was sitting for the CSSLP or CISSP. Hope I didn't make them mad and they count that against me. LOL. I appreciate your words. I also do a lot of pro bono work for a group off WWII vets that live in a subdivision where I live. If people could just see what happens to ONE of these guys when they have their identities stolen, they would understand what I'm talking about.

Post and Pre 15 April 2015 Era

Comments