Taking the CISSP: part 1

I took the CISSP.  I really don't know what to say about it aside from acknowledging that it was extremily difficult.  Andrew Briney's article is the most accurate description of the CISSP test.  Briney says, "It's a mystery wrapped in riddle inside an enigma."

His other very true point:

"The exam is best characterized as an 'inch deep and a mile wide.' Whether this makes it easy or difficult is a matter of perspective."

For me the hardest part were the answers.  I feel like I've mastered the art of studying for a test.  The fact that there is so much knowledge crammed in a 250 question test makes my study techniques watered down.  Its very difficult to cover all 10 domains effectively.

I'm not one of those bastards that can walk into a test cold (no studying, no worries) finish in half the average time and pass.  If I don't study, I fail.  I've learned to live with this.  I know my weakness.  I just second guess myself too much on every answer.  I'm one of those guys that does not believe that everything is black and white but that everything is a million shades of gray.  For me that is where the difficulty lies.  The CISSP wants you to choose the "best" answer.  So while many or even ALL of the answers might be true, there is only one BEST answer.  But my best might not be your best.

I've taken many certifications.  They have become almost a hobby of mine.  In June, I took the Security+ hoping it would help prepare me for the CISSP.  First of all let me just say comparing the the CISSP and the Security+ is like comparing Lennox Lewis' fighting style to that of some 12 year old girl from John C. Still Middle School.  There is NO freakin' comparison... NONE, do you hear me!  The preparation that I put into the Security+ is what help me in my CISSP success.  That being said, there were about 6 very similar questions from the Security+ that were on the CISSP but the CISSP contains ALL of the domains of the Security+ on a comprehensive level.

As I said, I've taken many certs.  And I DO think that taking a test makes him smart or more technically skilled then some l33t hacker that has been cracking databases since age 12, but I believe some certifications have great value to the IT and Security industry.  Many say that any dependency on certification is what is lowering the amount of IT and security professionals with skills.  While there maybe truth to that, I say it is just another way for employers to gauge whether or not they are investing in a skilled employee.  Whether they choose the right candidate will ultimately be decided (just like anyone else) by time.

NO certification I have taken comes within an Astronomical Unit of the CISSP.  Of course I'm not an MCSE or a CCNP (though I've tasted the fruits of both) so perhaps there is a match in its level of difficulty.

Having taken the test I don't feel I was fully prepared even though I have legitamate experience in nearly all aspects of security, I read a book and studied on and off for a year before taking the test.  I tell you, this test beat the shit out of me.  They give you 6 hours to complete the test and I finished in 5 1/2 hours.  When I was done, I was sure I'd failed.  I started trying to think of ways I'd pay the company back since they would not pay for a failed certification.  I also started studying for the repeat.  I was pleasantly surprised when I got the "congradulations" email.

Adequate study for me would have consisted of reading no less that two "600 page" books and going to a boot camp. 

This is the best online CISSP resource I have found: www.cccure.org.

 

Special Shout outs go to the ISSA COS chapter and Mr. Proeller, so long and thanks for all the bagels.. bad, bad joke...42.