Cissp

[windfall]

Hi Guys


I am being pushed into gaining this cert to aid my job - having looked loosely at the 1400 page books and the 6 hour exam I thought I would ask here to see if anyone else has gained this cert AND how did you get it?

Did you go on a course - if so could you recommend a training centre or did you self study?

How did you prep the modules for the mamouth exam?

Any tips useful to helping me decide the best route would really help.

Kind regards

Tone

[mjn]

Didn't know what it was, but this line scared me:

The CISSP credential is valid for only three years, after which it must be renewed. The credential can be renewed by re-taking the exam, however the more common method is to report at least 120 Continuing Professional Education (CPE) credits since the previous renewal. Currently, to maintain the CISSP certification, a member is required to earn and submit a total of 120 CPEs by the end of their three-year certification cycle and pay the Annual Membership Fee of US$85 during each year of the three-year certification cycle before the annual anniversary date.

[kavanf1]

Don't know the full ins and outs of CISSP, but I am a qualified CISA (Certified Information Systems Auditor), and after reading the Wiki entry on CISSP, it seems to be a similar set-up - I had to sit a 4 hour exam with 300 multiple choice q's, whereas yours is a six-hour () exam with 250 multiple choice q's.

My advice would be to do as many past papers/sample questions as you can. If you've got an IS background your experience will likely stand you in good stead, but even with a lot of experience, answering the questions can be tricky. This is because the multiple choice does not operate in a "three answers are wrong, one is correct" format - rather, you'll usually find that all four answers are correct, but you need to determine which one is most correct given a particular question.

Working on sample questions gets you into the technique of how to approach them.

The second bit is keeping yourself accredited - like CISSP, CISA holders also have to do 120 hours CPD over a 3 year period (min 20 hours/year) - which is a pretty significant amount of time to have to devote. You need to make up your mind if you can be arsed doing this...

Having said that, it definitely helps on the old CV, and could well be the deciding factor between you and another candidate.

HTH.

[windfall]

I was aware of this point - the problem with IT Related Security (I work for a data security company) is that it is constantly changing!

Its like all the Microsoft Exams - at last count I did 28 of the silly things, got many MCSE's but now for me I don't need them. But they required updating annually with a range of charges associated with them!

I guess anyone in IT security will see this and hope offer some good tips.

Cheers

Tone

[kavanf1]

Quote:

Originally Posted by windfall

I was aware of this point - the problem with IT Related Security (I work for a data security company) is that it is constantly changing!

Its like all the Microsoft Exams - at last count I did 28 of the silly things, got many MCSE's but now for me I don't need them. But they required updating annually with a range of charges associated with them!

I guess anyone in IT security will see this and hope offer some good tips.

Cheers

Tone

You're right, it's the nature of the field we work in that it's constantly evolving, hence why the requirement for CPD is so high - you need to show you're up-to-date with your knowledge!

There is a school of thought among many of the old-timer IS guys I know that these things are just invented to make money for the companies who run them, and they don't put much stock in them...however, I think as these guys head towards retirement, this perception is much less common.

From a practical perspective, if you can see IS being your career for years to come, it's probably worth doing it as a way of forcing you to stay up-to-date with current trends.

One other thing - the huge manual you get: I made the mistake when I did CISA of reading through the entire manual before I did any sample questions. I would recommend that you do lots of sample q's first, find out where your weaknesses are, and focus on these areas in the manual.

The company that runs this course should have a CD for sale with a few hundred/thousand sample questions on it - would definitely recommend you purchase this as it is ideal for automated check of what's right and wrong, as opposed to doing it all manually using a paper-based approach.

[Cyland101]

I am sitting the exam tomorrow. It's for personal achievment and to hopefully give me some better standing in the IT community. Currently I am working in the NAS storage space and did spend the last year doing IT security stuff (encryption key management etc), and I have been working in general IT for the last 15 years...

So the point of the above is that I chose not to do the course but got hold of a exam cram package of around 1400 questions and have been working through them. It's a MASSIVE topic, very diverse and covers all aspects of IT. Even with all my expierence I am still bricking it for the exam tomorrow.

It's up to you, but I know at least 3 guys who have this and the best advice I got from someone with the same expiernce as myself was don't bother with the course, just to the crams...... He did the course and wrote the exam almost a year later and he said the crtam was the way to go....

The big thing about CISSP though is that you will need to prove 5 years relevant expierence in the some of the 10 domains, and if you don't have this then there is not point in sitting it now.....

I'll let you know how I get on tomorrow, but I believe it takes around 6 weeks for the results to come through.....

PM me if you want a link to the exam crams as I am not sure I can post a link here....

[windfall]

Quote:

Originally Posted by Cyland101

I am sitting the exam tomorrow. It's for personal achievment and to hopefully give me some better standing in the IT community. Currently I am working in the NAS storage space and did spend the last year doing IT security stuff (encryption key management etc), and I have been working in general IT for the last 15 years...

So the point of the above is that I chose not to do the course but got hold of a exam cram package of around 1400 questions and have been working through them. It's a MASSIVE topic, very diverse and covers all aspects of IT. Even with all my expierence I am still bricking it for the exam tomorrow.

It's up to you, but I know at least 3 guys who have this and the best advice I got from someone with the same expiernce as myself was don't bother with the course, just to the crams...... He did the course and wrote the exam almost a year later and he said the crtam was the way to go....

The big thing about CISSP though is that you will need to prove 5 years relevant expierence in the some of the 10 domains, and if you don't have this then there is not point in sitting it now.....

I'll let you know how I get on tomorrow, but I believe it takes around 6 weeks for the results to come through.....

PM me if you want a link to the exam crams as I am not sure I can post a link here....

Hiya
How did it go?

I have been working in IT Security for the last 7 years and I think I will be ok for the experience section.

If I was not to do the course how many days would you say it would take to study the 10 domains - my manager wants to know how much time to allocate me on this - so I am trying to provide some feedback.

Let me know of any resources you think would be useful!

Thanks

Tone

[Cyland101]

Quote:

Originally Posted by windfall

Hiya
How did it go?

Well I sat the exam, and I am not sure if I will pass it. 250 questions to do in 6 hours..... I completed all the questions in 3 hours and at this point I was truly bored/fed up, so instead of going over the 63 page test paper again, I just handed it in and walked out.

Not sure my previous advise is any good seeing as out of the 250 questions only about 10-15 I had seen before. Sure I had seen similar questiosn before, but the answers offered were different, so I ended up doing a educated guess It may be that the exam cram that I used was out of date so if I do not pass it I will try a differnt one.

Apparently it can take upto 6 weeks for the results so it's a waiting game now!

I guess for you it depends why you want the CISSP cert. If you are doing it to learn all about the topic, fair enough, get you manager to put you on the course and then write the exam as soon as you can after it. Not sure as to what the best study aids for the CISSP are so cant help there. For me it is just a means to a end in that it's one of the skills that are on the priority list for Australia so as soon as I get this I can get my visa..... Although I have a interest in this area, I don't really want to spend my time in this area, preferring the network storage areana...

I'll let you know how I get on......

[windfall]

Hiya

Thanks for the heads up!

From my experience of doing MCSE's many years ago - when I did my NT 3.51 and NT4.0 there were very little in the way of resources like exam cram etc so we had to learn the stuff and pass the test on actual knowledge.
I found when I did my Windows 2000 MCSE that the "Transcender" and all the test exams focused you on answering all the questions - obviously M$ knew what was going on and reschufled and reworded a number of questions, but it was still possible to pass without all the knowledge.

I was a MCT (Trainer) so I used to do weekend courses for people who wanted to get into IT for a dodgy training company in East London - get a paper MCSE and hope to hell they could blag into a job, for some it was possible for many others pie in the sky!
I think I will try and follow my early experience but blending with plenty of test questions as well!

Thanks for the feedback - I will get a course - company will pay for it and I will get focused learning!!

Thanks

Tone

[garnat]

I did my CISSP about 5 years ago and went on one of 7 day boot camp training courses. It depends how much experience in IT security you have, I found I knew most of technical stuff, but the trick with CISSP is not knowing the answer, but knowing the 'best' answer. As has been posted already, for most of the questions, all 4 answers could potentially be correct.
The course certainly helped me get into that 'mindset' that they expect, personally I couldnt get that from a book (I tried reading one of the CISSP review books but couldnt stay awake for more than about 10 minutes!).

[kavanf1]

Quote:

Originally Posted by garnat

the trick with CISSP is not knowing the answer, but knowing the 'best' answer. As has been posted already, for most of the questions, all 4 answers could potentially be correct.

Agreed - I found with CISA, because it was a US-centric exam, you would occasionally find questions where your interpretation of the "best" answer differs markedly from the American interpretation - so even if you think you're right, you need to suck it up and put down an answer your instincts are going against. Sometimes tricky, but training yourself to have that "mindset" definitely helps.

[Cyland101]

Just to follow up on this, got my results today and I passed.... How I'll never know, but a pass is a pass!

All I can say is that it was a risky strategy which payed off for myself, one which you will need to decide for yourself.