cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HTCPCP-TEA
Contributor I

Studying for CISSP....What can I say???

HI,

 

So I'm around halfway through an Online Instructor Led Course for the CISSP, with my exam booked in for Mid-March (1 week after the course ends).

 

This means I started the course in mid January, and while I fully intend to pass the exam before April I know that some of my fellow students do not feel entirely comfortable booking the exam so close, and to be honest, would have preferred some time to consolidate.

 

However this is impossible, owing to the impending CBK change that is due in April.

 

My questions:

 

1. Why Would ISC2 offer training for anyone if they plan on changing the course and exam literally a fortnight later?

 

2. When studying for the CISSP, how do you describe this activity to employers, or indeed prospective employers. A good example being LinkedIn, you can list your qualifications, which is fine but you can also list your courses, personal goals. As such, is it within the constraints of ISC2 COE etc to say that one is studying to become a CISSP in good standing?

 

Maybe these questions are slightly far apart, but both issues are nagging at me right now, and I'd be doing a disservice to my colleagues and friends if I did not use such facilities as this to get answers for them.

 

Kindest Regards 🙂

 

A happy, slighly over worked security person....

7 Replies
marinthal
Viewer III

Hello!

In January of 2015, I also started the instructor-led CISSP training.  I scheduled the exam for the very last available day in April prior to the changeover to the new domains/material.  For me, it was just the extra push I needed to study that much more, knowing change was imminent. 

 

Good Luck!!

 

Mari

Kaity
Community Manager

Hello!

 

The changes to the CBK & exam are somewhat regular occurrences, as we go through the “Job Task Analysis” (JTA) process to make sure that all of our credentials are relevant to today’s security professionals.

 

Unfortunately, it’s not possible for us to time the domain/weights refreshes so that no one is in the midst of preparing for a given exam at the time of the change. However, it’s important to remember that our exams are experience-based, so you cannot learn how to pass the exam by studying alone. Our FAQ page on the refresh may help answer any questions you have about what the changes mean in actuality: https://www.isc2.org/Certifications/CISSP/Domain-Refresh-FAQ

 

As far as describing your activity to employers (or prospective employers), I would recommend using wording along the line of “Actively pursuing CISSP certification” or even “Preparing for CISSP exam” and provide the date you plan to sit for the exam. As long as you are not representing yourself as certified before you are, (ISC)² has no issue with you sharing that you are working toward a certification.

 

Wishing you luck on your upcoming exam!

JoePete
Advocate I


@HTCPCP-TEA wrote:

 

 

1. Why Would ISC2 offer training for anyone if they plan on changing the course and exam literally a fortnight later?


It strikes me a lot of folks are reading too much into the CBK. In my experience, test prep was useful, especially in areas where I didn't have a lot of formal experience (gotta love comparing Bell-LaPadula vs Biba models!), but the overwhelming majority of test-prep content and the exam itself more spoke to things picked up through experience than reading/prepping. While the CBK might change in structure, the change in content doesn't seem dramatic.I do know people who have passed the exam with very little prep, and, honestly, not a lot of formal education. What they did have was a ton of good experience and intuition.

 


2. When studying for the CISSP, how do you describe this activity to employers, or indeed prospective employers. A good example being LinkedIn, you can list your qualifications, which is fine but you can also list your courses, personal goals. As such, is it within the constraints of ISC2 COE etc to say that one is studying to become a CISSP in good standing?

 


Interesting question. While someone from the (ISC)2 might have a formal answer, mine is that you are either a CISSP or you're not. You can't be one in training or a former one. My rationale is the CISSP is not an an achievement, it is state. Passing the exam, having the requisite experience, etc. is just the first step. The real qualification is in the ongoing maintenance of your status (adhering to the code of ethics and generating your CPEs). The phrase "studying" to become a CISSP I think misses the mark. Again, CISSP isn't an achievement; it is a state or on-going status. You can't study for it as much as reach and maintain it (at least in the ideal I guess). It's like someone saying they are studying to be an author or astronaut. Yes, there is an educational component, but it is more about doing it than taking a test.

 

Given your questions and the way you asked them, my guess is you have little to worry about in terms of passing the exam. You seem to get it, and your prepping no doubt will help. Good luck.

CISOScott
Community Champion

I would also add that when I was studying for my CISSP I saw several students who said they were going to wait a month after the boot camp to take their test. Their pass/fail rate was not good. I opted to take mine at the end of the boot camp and passed on the first try. I think people who add delay to taking their test, especially if they have just gone through an intensive test study method, start to lose some of their knowledge.  Also people who put off picking an exam date and will schedule one when they are "ready" fail more often.

 

Like others have said, when you go take the test you either know it or you do not. Experience helps a lot. If you are going to dedicate yourself to studying and then take a break right before taking the test, you are doing yourself a disservice.

 

Set a date, study hard, combine it with your experiences and go pass the test.

HTCPCP-TEA
Contributor I

Hi All,

 

Firstly, I'd like to thank those who have been kind enough to respond with some quite valid and informative views.

 

Whilst I would agree and lean toward describing CISSP as a state rather than achievement, it can be somewhat classified as the latter in certain circles. For instance, I have yet to attain CISSP status though my experience dates back far longer than the requisite 5 years, so gaining the CISSP status would feel like achieving something to me, though I'm very aware of the on-going requirements and I'm happy to maintain the status.

 

For those who have little experience, I would imagine it's a goal. Something tangible to go for that would potentially encourage further development once an exam is out of the way.

 

I'm glad that this topic has got some people thinking though, I for one plan to take the exam very shortly after the course finishes so that I can ensure I have textbook terms in mind. Experience is one thing, remembering exactly what the textbook answer is, sometimes wholly different.

 

The first question, in terms of the CBK changing was in relation to the latter part of the previous paragraph. To be clear, those "Textbook Answers" may no longer be textbook on a different exam. Though I understand that Either you know it and you're current, Or you don't and you're not.

 

Looking forward to attaining CISSP status, and all the joy of Continuous development that comes along with it (Or at least is enforced rather than voluntary at this point).

 

And of course, thank you all who have commented so far, and indeed anyone else who would like to comment further

 

🙂

 

 

denbesten
Community Champion

 


@HTCPCP-TEA wrote:

 

...impending CBK change that is due in April [... is ] nagging at me right now.



I was in a similar circumstance 3 years ago, as CISSP changed from 10 to 8 domains.  None of the third-party reference material had been reorganized, so it technically was outdated, yet it was the only thing available for my studies.  After taking the exam, I realized a few things:

 

  1. The exam did not quiz "by domain", nor did it mention to which domain a question belongs.  Although I had memorized both exam outlines, I truly could not tell if the exam was "10 domain" or "8 domain". 
  2. Most often, I found the answer to a test question in my many years of IT and Security experience.  Not one question was a direct quote from any of my books or sample exams.
  3. It turns out that studying was not about me learning new things; rather it was about re-organizing my  knowledge and experience to align with industry terminology and practice and standards. 

If you find that while studying, you are often reminded of your work experience, you will probably find the exam easy.  If not, well...

 

 

Nextacy
Newcomer I

Hello,

Based on your post, I would say that based on all the information I see on the posts that if one truly knows the materials and has actually been fortunate enough to actually work in most of the domains which the exam covers then it really should not be of great concern; notice I said of great concern, not of no concern.

One would think that the change to the exam is not a last minute no notice occurrence. One would also believe that any Official ISC2 training would at least encompass some if not all of any new material. I would check with them on that by means of correspondence or on-line chat. Think of it as a top-down approach. They would be the best source of getting the correct information.

 Your second question is also one which almost all study materials cover...  As you yourself mentioned; The Code of Ethics. To say one is studying for the CISSP exam or any other exam is not a testament that you have or will attain the certification, it is merely a statement of fact that you are making preparations for the exam.

However, beware of the questions that may arise from such a declaration such as the one you are asking about.

Some may ask for when you are scheduled for the exam, and then ask you the day after you stated you would take the exam to see the pass/fail sheet if you say you passed. Some may ask how long have you been studying for the exam? People feel they have a need to know as much as possible especially when you put it out there first without being asked for that information. Wording of such statements needs to be precise.

I typically tell my co-workers that playing with words can create easy paths to the slippery slope of issues that may not be pleasant.

I wish for you nothing but success in passing your exam.