Passed CISSP first time... but yes, hardest exam ever!

Okay so just some random thoughts...

I read through various posts about how to take this exam and have seen people looking for the "magic key" to passing... My personnel conclusion is there is only one way to pass this exam, it's to know your stuff... I know, what an awful thing to say. This means tons of work... yep! But do the work and you will pass. It's a simple process and look at it this way, everyday you study you will get smarter and smarter and there is nothing wrong with that. The point of this is NOT to just do what it takes to get a passing grade, but to actually become good at what you do.

All the short cuts... don't help at all! Something to consider here. As I'm a person that has done hiring in the past I can also tell you that it was a bit of a negative when I found out a boot camp route was chosen to get a cert. In my opinion, they do nothing for long term memory. I used to ask what people did to become certified as part of the interviewing process and if it was a boot camp it was almost like the person just said to me "I couldn't be bothered to really learn so I took a short cut". Sure, you can say that is wrong and I shouldn't be thinking like that, but I'm sure others think the same thing. In person, our vocal-filter would be on and no comment would be made. but "short cut" just popped up in my head. This boot camp approach is also not anything you can conceal. Our profession is about honesty. I better clarify my definition of boot camp: two week class trying to jam in information.

I have seen people say that you should take every practice test you can find, which I don't think helped all that much as the questions on any of the practice tests are not comparable in difficulty. They aren't even the same style. This is because none of the questions on the real exam are 2+2=4 type questions. Here is an example:
Here is the version of the 2+2 question we all know:
2+2=
a, 1
b, 2
c, 4
d, 13
Here my version of this same question but written in the style of a CISSP question:
If 0b10 existed and was combined with the same again what result would equal this:
a, 2
b, 0b20
c, 4
d, 0d20
So to answer the CISSP question you would have to know something about binary. You would also have to know this without them stating it's binary. You would have to be able to problem solve and figure out what the question is about. The answer in this case isn't in binary and the closest answer would be 4.
The test exams are a great way of learning, don't get me wrong, but they are just a way of finishing the last 10% of your studying.

Okay this is what I did, I read Shon Harris book starting out, there may be areas where you say "I know, I know, get on with it!" but it will also uncover areas where you need help. Yes it's getting old but it is still extremely relevant and gives a great base to add on to. It should be read and understood, cover to cover. Followed by other books to pickup the areas missing. I had three books, Shon Harris 6th, ISC official 4th, and the last one I purchased was the Sybex 7th. I really liked the Sybex book but you can't just buy one book to pass this exam IMO. Time has past since this started and the amount of information is just too large. So 3 books, test questions and my friend Google is all you need.

Don't forget, the object of this exam is to make sure you know your stuff... If you do, you will pass, no worries. There is no magic. It's just a test of what you know. It's that simple. Plus think of how much you will known when your are finished. There is nothing wrong with being smart.

Last thought, this maybe a pass/fail exam but I believe it is setup to be an "A" or nothing. It's an "A" you get at 700 points... to get there you have to know your stuff.

Find more posts tagged with

Comments

Brain-D

Congrats!

CyberSecurity

Congrats! I just forwarded this post to a few friends of mine also looking to test in the next couple months. I believe you put it in great perspective with having to honestly know the information vs. just studying enough to pass then brain-dumping.

1200sbertone

Thanks! I guess I should also say I studied for 9 months, 3 hours a day in the evenings... took a break over the weekends. I still found it hard and I have 15 years experience and could qualify in 6 of the domains.

Clm

Simply because someone goes to a boot camp doesn't mean there any less qualified a lot of people go to boot camps to put the final touches on a study plan exam or have been doing the topic for years and don't need to put another 6 months into just a refresher don't pass up on good candidates cause of your personal view.

But Congrats on your pass !!!!!

1200sbertone

Thanks!

Hey listen, I know those are tough words to hear about the boot camp. I get what you are saying and lets face it, having a CISSP goes a long way without anything else, but here is the reality. Interviewers are using personal opinion... the process is mainly placed on their personal opinion. Hey you got a CISSP so you are way above the rest... but what if you have six people and one person states they just decided they should try it, not because they were told to, and brought the books and studied and passed. It shows their personal drive, no one told them they should take the exam, they brought some books set their own schedule and showed their own will to succeed. It says a lot about who you are hiring. Now another person was told they needed the exam and they paid for a boot camp. Who would you hire? What is your "personal veiw"?

Clm

My personal view would lead me to read there whole resume. Then who ever had the most experience and best personality wins my vote.
When I was studying for Security+ I studied for 6 months hard and then my boss asked did I want to go a boot camp and I jumped on it so am I not a good enough candidate for you cause I took that boot camp?

1200sbertone

Yes you are right, reading the whole resume is a given. You would be fine because we are talking about fractions of points in positives and negatives... obviously its the sum of the whole interview. But if you had done it on your own it would in fact say even more about who you are. Maybe you have other areas that prove you are driven to succeed and of course that would cancel it out.

E Double U

1200sbertone wrote: »

Who would you hire? What is your "personal veiw"?

I would hire the person that knows the stuff relevant to the position they are interviewing for. How one obtained a certification would be irrelevant to me. I've never been asked about a cert on an interview. We go over my work experience and then they hit me with questions that are relevant to the actual work.

Congratulations on the pass!

nothing007

Hi 1200sbertone
I agree your point but there is different kind of people approaching this certificate.
1. Find the short cut and learn the concept on the fly ( in work environment)
2. Understand the root concept, technique and clear the certification...

I agree your quote" It's a simple process and look at it this way, everyday you study you will get smarter and smarter and there is nothing wrong with that. The point of this is NOT to just do what it takes to get a passing grade, but to actually become good at what you do."

This will dependence on person to person and the NEED...

havoc64

Congrats and Great Write-up

sameoj

Congrats

gncsmith

Congrats!

renacido

I've never been asked about my certs in an interview. If I was asked how I went about preparing for the CISSP exam I might hurt the interviewer's feelings because my answer would be, "I worked in infosec for a long time before I took the exam. Like you're supposed to. That was my preparation."

Anyone with sensitive ears should cover them because here comes brutal honesty:

The CISSP is for people who have been working in infosec for 5 years (4 years of you meet the degree/cert exemption).

Yes, you can pass the exam and become an Associate until you get the experience for certification. Yes, you can sit and pass the exam without any real-world infosec experience. But don't expect it to be easy.

And whether or not you realize it, this is all for your own good. CISSP is not an entry-level cert. If you're new to infosec you shouldn't need CISSP to get your first job in the field. If an employer "requires" CISSP for an entry-level infosec job, that chair will be empty for a lonnnnng time because experienced security pros are in very high demand and none of us are going to work for less than we're worth without some serious side bennies (100% telecommute or something like that).

Get on a sensible development track that leads to where you want your career to go, do the work, celebrate every milestone along the way, and have fun with it. There are no shortcuts worth taking.

</rant>

renacido

Almost forgot to say: CONGRATS on the pass!!

Sorry if I hijacked your thread. My previous post was for all who commented about "shortcuts".

djasonslick

Yes, you can pass the exam and become an Associate until you get the experience for certification. Yes, you can sit and pass the exam without any real-world infosec experience. But don't expect it to be easy.

And whether or not you realize it, this is all for your own good. CISSP is not an entry-level cert. If you're new to infosec you shouldn't need CISSP to get your first job in the field. If an employer "requires" CISSP for an entry-level infosec job, that chair will be empty for a lonnnnng time because experienced security pros are in very high demand and none of us are going to work for less than we're worth without some serious side bennies (100% telecommute or something like that).

Get on a sensible development track that leads to where you want your career to go, do the work, celebrate every milestone along the way, and have fun with it. There are no shortcuts worth taking.

</rant>[/QUOTE]

I liked that!

impelse

Congrats

Iristheangel

Congrats on the pass.

As far "shortcuts," I consider **** and cheating trying to get a shortcut. I'm a little perplexed on the bootcamps being considered shortcuts to any certification. That's like saying books are a shortcut to figuring out the content on your own or how books/labs/sample questions are all a crutch and you should be Googling it all. I see bootcamps as a good way to review after studying all the material or have certain concepts explained to you in a different way that ties it together - but I haven't heard people act like it should be your only or greatest study resource. For example, look at the CCIE. I'd say a large majority of people go to a bootcamp when they're closer to their CCIE lab but that's after reading dozens of books, RFCs, going through every workbook and hundreds, if not thousands, of lab hours. Is it considered a shortcut to take a bootcamp closer to the lab? Hell no. The blueprint of the more advanced exams tend to be wider and that final review helps but considering it a shortcut because you're using another method of reviewing the concepts you've studied? No. Not at all.

Just to add a little personal context:
I started studying for the CISSP back on August 8th, 2011 the day after I got back from Defcon where I had picked up the Shon Harris AIO book (http://www.techexams.net/forums/isc-sscp-cissp/73755-cissp-study-material-recommendations.html)
I went through the CBT Nugget videos, AIO guide, Official CBK, Shon Harris' videos and a ton of other stuff. I exhausted all resources I could afford at that point.
Still feeling insecure on taking the exam, I booked a bootcamp (http://www.techexams.net/forums/isc-sscp-cissp/75886-cissp-date-set-paid.html) and booked my exam for a couple months after my bootcamp
Day 1 of the bootcamp in May 2012, we did an assessment test, I scored 80% of the 100 question exam and I changed my exam date to that Sunday (http://www.techexams.net/forums/isc-sscp-cissp/77180-cissp-san-francisco-today.html). I passed on the first go.

Could I have done it without the bootcamp? Probably but it really helped tie some of the last minute review together and gave me a lot of confidence before the exam. It's up to you if you want to see bootcamps as a negative thing but if you want to believe that, you're going to meet a lot of CCIEs, SANS, CISSP, etc certified folks in the field who will run circles around you and incidentally also went to bootcamps. It'd be a hard sell trying to say those folks took a shortcut just because they used a bootcamp.

Also... if bootcamps are a shortcut, am I not a real CCIE because I took one before my lab?

Food for thought.

rudegeek

She has a point!

Congrats on the pass!