Anyone CISSP certified? Question on study materials...

[wheresmybacon]

What did you use? I was thinking about getting http://www.amazon.com/CISSP-All---On...6515071&sr=8-1. I've got 13+ years experience, MCSE, A+, and Security+ currently under my belt, but I realize that in 3 months my current contract could end, leaving me unemployed. Studying for a really intense test would keep me occupied.

Also curious on what the test experience was like. This is a beast of an exam, as I've heard.

 

[MarkXIX]

I used practice exams at cccure.org, but think the site has changed since I used it back in 2007 when I was first certified.

I consider myself an excellent test taker and the CISSP exam makes you feel like you failed no matter how confident you are going in.

Remember, there is no "right" answer to most questions, there is only the "best" answer given the scenario and the available information and guidance.

 

[wheresmybacon]

Good to know. I haven't failed a certification test yet, but I understand the CISSP is a different animal. If/when I take the exam I'll update this thread.

Thanks!

 

[WobbleWobble]

I self-studied using that Shon Harris All-In-One as primary reading material, CISSP for Dummies as a review guide along with questions from cccure.org. I was able to pass on my first try.

It sounds intimidating, being a 6 hour exam. I was able to finish in about 3 hours and wasn't sure how to feel after the exam. If you don't remember how to answer a question right away, move on and other questions may trigger something in your head for those skipped questions. Remember that they throw in some "research" questions that have no value where you think to yourself, "WTF? I've never seen this material before..."

I've had a couple colleagues go through the Deloitte CISSP 6-day bootcamp and passed on their first attempts as well.

 

[Shaotai]

I also used the Shon Harris AIO book. But the most helpful was the cccure.org website. Go through all the forum posts and practice quizes.
I had a friend who lent me his Logical Security CISSP videos which Shon Harris was also in. (She owns Logical Security) I watched those 2 or 3 times.
If you get stumped on a question, think of what a manager or business owner would do, not necessarily what a security expert should do.
I also passed on my first try! You can do it! It took me close to 5 hours I think, it was REALLY tough. You'll be exhausted also, but it's well worth it.
The other hard thing is waiting for the results. (unless they are doing digital exams now?) I took it Nov 2009, got my results in Jan 2010.

 

[wheresmybacon]

Nice! Good updates and good input. It's a ways out, but this is still a goal of mine at some point. Happy to hear it isn't insurmountable. I'm going to go with the Shon Harris book, when I decide to begin studying.

 

[rasczak]

I know this is old, but is there any update? Did you pass? I'm also taking my CISSP this year and would like to know what your study strategy was. Anything helps.

 

[Paperlantern]

rasczak, check out my tumblr below, I outline the things i used and how I used them there in the beginning posts and as I approached the test. I havent posted to it since getting designated CISSP but it could still help for sure.

PM me if you have any questions specific to the test or experience, I'll be happy to share anything I can without violating the NDA.

Good luck in your studies, it is a daunting test, but it is passable.

 

[rasczak]

Sweet. I'll do that. Thanks!

 

[wayliff]

check out techexams.net
It is a great resource for certifications.

You're surely to find several people there with that Cert.

There's a subfurom just dedicated to SSCP and CISSP.
http://www.techexams.net/forums/isc-sscp-cissp/

 

[seepy83]

I'm also taking my CISSP this year and would like to know what your study strategy was. Anything helps.

I was fortunate enough to have my employer pay for a class (SANS MGT414) when I was preparing for the exam. I took the class in their instructor-led online format, where class is held 2 nights a week, 3 hours per night, for 6 (I think) weeks. I find that format to be better for absorbing and retaining as much information as possible, as opposed to going to one of the SANS live conferences as sitting in a class 6 days in a row for 8 hours per day. I highly recommend it if you can get your employer to pay or if you can afford it on your own.

In addition to taking the class, I did a lot of flash-card type of studying for topics that I was less familiar with or had absolutely no experience with (Orange Book TCSEC divisions and classes, EAL Levels, international computer laws...stuff like that).

Possibly most importantly...I took as many practice tests as possible. The SANS class came with a couple of hundred questions. I used the cccure.org quiz engine (the paid version) which had over 1000 questions if I remember correctly. There are also a couple hundred questions available online for free through syngress...google for the address. I also paid for the (ISC)2 studISCope self-assessment exams because I wanted to take practice exams that were as close as possible to the language/style used on the real test.

I'm not sure of the process now that isc2 has gone to Computer Based Testing, but when I took mine it was pencil and paper, and you didn't get results back for 4-8 weeks. Because of the gap in time between testing and getting the results, I wanted to make sure I gave myself the best chance possible at passing the first time, so I dedicated as much time as possible to studying/quizzing in the weeks leading up to my exam.

Get plenty of rest the night before you test. The exam is long...many people refer to it as a mental marathon. I got through about 80% of it in 3 hours, and took a 5 minute bathroom break just to walk around and get the blood flowing again. Then it took another 1.5 hours to finish up the last 20% and go back and review questions that I wasn't confident in on the first time through.

A granola bar and a bottle of water are smart things to bring with you. Staying hydrated helps your brain work better. You may not get hungry if you finish up around the 4 hours mark, but if you stretch out to 5 or 6 hours, it's a long time without some food in your system, and a granola bar or something similar could be a big help. Ear plugs are also recommended by a lot of people.

 

[dawks]

I purchased and read through that whole book. Its pretty good. A lot of the material was more entry level for me, but I still learned a few things.

I haven't taken the exam yet because I don't have a sponsor for the program. My understanding is you need to know someone for two years who's CISSP certified to sponsor you (in addition to passing the exam). Is this correct?

Check out the "Security Now" podcast with Gibson. If you listen to every episode each week (theres over 400 episodes now), its like a graduate level course in IT Security. Has some great episodes on how crypto works and various flaws with its implementations and such.

 

[SheHateMe]

check out my tumblr below

What other certs do you have? I'm 23 and I'm going to graduate College in December. Right now, I am working on the CCNA. I REALLY want to get that cert by December.

Do you have any tips?

 

[seepy83]

I haven't taken the exam yet because I don't have a sponsor for the program. My understanding is you need to know someone for two years who's CISSP certified to sponsor you (in addition to passing the exam). Is this correct?

No, you don't necessarily need a sponsor. You can submit an Endorsement Assistance Form along with a resume and job descriptions as proof of 5 years experience in Information Security work. That's the process that I went through. My understanding is that it's the same process you would go through if someone endorsed you and your application was pulled for audit (which they say happens to about 20% of CISSP candidates, if I remember correctly).

 

[Paperlantern]

check out techexams.net
It is a great resource for certifications.

You're surely to find several people there with that Cert.

There's a subfurom just dedicated to SSCP and CISSP.
http://www.techexams.net/forums/isc-sscp-cissp/

I mention techexams.net in my blog, I'm also a member there under the same name as here, definitely a good place to look.

I also used CCCure for practice tests.

What other certs do you have? I'm 23 and I'm going to graduate College in December. Right now, I am working on the CCNA. I REALLY want to get that cert by December.

Do you have any tips?

I am A+, Network+, Security+ and Server+ in addition to CISSP. As far as tips, I'm not sure what to say other than perhaps just make sure you have the appropriate work experience under your belt, unless you are okay with becoming an Associate of ISC2, which of course is fine as well, you will just get the CISSP designation AFTER completing the appropriate amount of work experience. You will not have to retest. Other than that, review the domains, see where you need to study. Get multiple sources and use them all. Take a bootcamp if you can afford it or if an employer will pay for it. Though I did not take one, I hear people like them.

No, you don't necessarily need a sponsor. You can submit an Endorsement Assistance Form along with a resume and job descriptions as proof of 5 years experience in Information Security work. That's the process that I went through. My understanding is that it's the same process you would go through if someone endorsed you and your application was pulled for audit (which they say happens to about 20% of CISSP candidates, if I remember correctly).

Yes it is the same "audit" process, it is the process I went through and passed just fine. If you have the proper proof you should have no issues.

 

[SheHateMe]

I am A+, Network+, Security+ and Server+ in addition to CISSP. As far as tips, I'm not sure what to say other than perhaps just make sure you have the appropriate work experience under your belt, unless you are okay with becoming an Associate of ISC2, which of course is fine as well, you will just get the CISSP designation AFTER completing the appropriate amount of work experience. You will not have to retest. Other than that, review the domains, see where you need to study. Get multiple sources and use them all. Take a bootcamp if you can afford it or if an employer will pay for it. Though I did not take one, I hear people like them.

Do you think those "+" certs are still worth it? A lot of people talk about how A+ isn't worth much.

How did you start out if you don't mind me asking? Did you go to college and then do certs+look for work or?

 

[dawks]

A+ really isn't much but its also not difficult to get so it probably doesn't hurt, especially if you can get an employer to pay for it.

Do you know what a stick of RAM is? IRQ? Point to the CPU. Congrats! Heres your A+!

 

[Udgnim]

Do you think those "+" certs are still worth it? A lot of people talk about how A+ isn't worth much.

How did you start out if you don't mind me asking? Did you go to college and then do certs+look for work or?

if you've got some technical background / experience, I think it's better to jump straight to getting a CCNA / MCSA than going after CompTIA certifications

some jobs do require Security+ (primarily government or government contract related), but those type of jobs typically also require some level of security clearance so it's usually people with military backgrounds that get those type of jobs

job descriptions that state A+ / N+ usually are just there for HR filter fodder. if you have the qualifications but HR can't be bothered to read it because it doesn't match their A+ or N+ filter, then you probably don't want to work for that company

some jobs actually do fit the knowledge / skillset that an A+ / N+ certified person may possess, but those jobs tend to be super low level entry level

 

[Paperlantern]

Do you think those "+" certs are still worth it? A lot of people talk about how A+ isn't worth much.

How did you start out if you don't mind me asking? Did you go to college and then do certs+look for work or?

I went to college and have an Associates in Information Technology and Data processing, not directly where I ended up but it was in the general vicinity.

The blog does give a quick rundown of how I got into the field, if you'd read it. =p

if you've got some technical background / experience, I think it's better to jump straight to getting a CCNA / MCSA than going after CompTIA certifications

some jobs do require Security+ (primarily government or government contract related), but those type of jobs typically also require some level of security clearance so it's usually people with military backgrounds that get those type of jobs

job descriptions that state A+ / N+ usually are just there for HR filter fodder. if you have the qualifications but HR can't be bothered to read it because it doesn't match their A+ or N+ filter, then you probably don't want to work for that company

some jobs actually do fit the knowledge / skillset that an A+ / N+ certified person may possess, but those jobs tend to be super low level entry level

Super low level is right where someone just breaking into the field is going to end up. No experience and a couple midrange certs will get you passed over, at least having the CompTIA and matching those HR filters to get your foot in the door and some experience on the resume is how you get the better paying jobs. You are NOT going to make $60,000 - $80,000 straight out of college in 90% of IT cases, it just isn't going to happen.

Ive seen people come out of college with all the big certs at the time, get hired on where I was working with a fraction of the certs they had, and I end up teaching them, they get overwhelmed and end up quitting or let go.

It's not to say there won't be exceptions, but it is still an employer's market for the most part right now.

Stick with what you are comfortable with, one person's path isn't likely right for another. If you like hardware and networking, yes, get the A+ and the Net+ and get your foot in the door somewhere doing break fix and light network troubleshooting. You can always pursue something more later. Or if that bores you and you like the heavy Networking with advances subnetting, routers and the like, go the CCNA route as suggested and look for something there. But don't do it because we said so, make sure its what you want too.

 

[rasczak]

Wow this is some heavy reading. Trying to finish up chapter 2 with two days to go. still have 100 pages left.

 

[seepy83]

Wow this is some heavy reading. Trying to finish up chapter 2 with two days to go. still have 100 pages left.

Are you reading the official ISC2 CBK? If you are, you might want to consider some other materials. The official ISC2 book is absolutely the definitive source, but it's also extremely long and not an "easy" read.

I would suggest looking at either:
CISSP Study Guide 2nd Edition by Eric Conrad, or
CISSP All-In-One Exam Guide 6th edition by Shon Harris.

I can't say which is better, but I can say that Eric Conrad was one of my instructors when I took a CISSP prep class, and he has an exceptional level of expertise on the CBK (I'm sure Shon Harris does, as well).

 

[rasczak]

Are you reading the official ISC2 CBK? If you are, you might want to consider some other materials. The official ISC2 book is absolutely the definitive source, but it's also extremely long and not an "easy" read.

I would suggest looking at either:
CISSP Study Guide 2nd Edition by Eric Conrad, or
CISSP All-In-One Exam Guide 6th edition by Shon Harris.

I can't say which is better, but I can say that Eric Conrad was one of my instructors when I took a CISSP prep class, and he has an exceptional level of expertise on the CBK (I'm sure Shon Harris does, as well).

Using the Shon Harris book as well as some other materials. I have the ISC2 book as well, but haven't looked at it yet.

 

[serpil]

Passed the (ISC)2's CISSP Certification Exam recently and here are some advices that helped me pass the exam. Try to learn from any video course provider for CISSP. Personally I did use CBT Nuggets. They are good and short. You can complete their Video Course for 12 hours. I did run the video course for 4 weekends in a month.

Additionally you should practice with the Exam Prep's there are a lot and pretty much all are the same. Personally I did use an app from an app store called CISSP Certified Information Systems Security Professional - Exam Prep. It is very convenient and practical to have the practice exam in your hands at all time "I was literally practicing even when I went to the toilet" the benefits of technology this days.

You should be able to pass after all of this. I hope this was helpful enough.

Serpil

 

[ringtail]

also there's a good CISSP exam prep discussion group on LinkedIn where you can learn a lot