I recently received in in-system private mail asking several questions about preparing for the CISSP exam. The questions themselves are likely to come to mind to many others, and there is no personal information in them. Thus, I am providing those questions and my answers here, to help others who may be concerned about the costs and steps to become certified.
1 - one of the pre-requisites that I read on ISC2 website is about proven past experience. So, when do I submit this proof? - before registering for exam or after?
DCS: You do not need to verify your cybersecurity experience until after you have passed the exam. Once (ISC)2 notifies you that you have passed (not the provisional passing score at the testing center), you must either have an existing g(ISC)2 member (fully certified) endorse you for certification, having reviewed and verified your experience history as you provide to his satisfaction, OR you must send your experience history statement ot the (ISC)2 office adn ask them to endorse you. DO the latter only if you do not have a member who knows you personally and can endorse you.
2 - As a proof - My manager is willing to give me letter with details - would that be suffice with my employment and salary letters?
DCS: you do not need to provide any salary information. However, a statement from your manager describing your information security experience, number of years performing the tasks, and organized according to the eight domains, can be used to either a local endorser or to the (ISC)2 staff.
3 - Can I appear for exam without the proof letter? or it is mandatory.
DCS: You can take the exam with absolutely on infosec experience. You should not do so; but you can. If you do pass the test with no experience, you have wasted your time and money, because you have only two years to get endorsed with 4 or 5 years of domain-specific infosec experience. Therefore, you should not take the exam until you have at least three years of experience.
4 - Finally, the cost of course - it’s about 7500 USD! - Do I really need that? or I can prepare on my own with official books and prepare for exam.
DCS: You are not required to take any preparation course. The only mandatory fee is for he exam itself. There are several ways to prepare, including online course, cooperative study groups. self-study, and the high cost intensive week-long classes. The 7500USD cost you refer is clearly for one of the official (ISC)2 or independent boot camp classes. You need not take that unless you really want to. Personally, I discourage such a class, unless you need it to focus your attention in one week. The reason for my recommendation is that such cram courses do not result in long term memory. Either multi-week cooperative study groups or even self study accordion to your own study plan will result in much better understanding and knowledge retention.
5 - if I avoid the course fee - I still need to arrange for 745 USD - for the CISSP exam. Is that correct understanding?
DCS: Yes, you will have to pay the fee for the exam, itself, and take the exam at a testing center.
Good luck, all!
Wowsers, the series of questions and answers makes me seem long in the tooth. When I took the exam, one had to outline one's experience and industry certifications while registering for the exam. And, the exam cost 450.00. I took the paper examination, the one with the little circular 'bubbles' that you fill in with a pencil mark. Still recall having six pencils in hand along with a small, new pencil sharpener when I walked into the exam center back-in-the-day.
Good luck and smooth sailing to you new exam-takers,
Dr. J. S. Buitron, DCS, MSIA, CISSP
Doctor of Computer Science\Cybersecurity
Masters in Information Assurance\Cybersecurity
Certified Information Systems Security Professional
Lead Cyber Engineer at L3Harris
Thanks for providing answers to these questions. If anyone has further questions, here is a FAQ page that discusses exams, becoming a member/endorsement, fees, etc.: https://www.isc2.org/Frequently-Asked-Questions.
I still have my ISC2 pencils from the days of colouring in the circles. Most expensive pencil I've ever purchased!
I STILL HAVE my little packet of 4 pencils and a pencil sharpener from when I took the CISSP exam on November 10, 2007!
Have a great New Year!
Dr. Jan S. Buitron, DCS
Doctor of Computer Science in Cybersecurity
CISSP, MCSE . . and a buncha other stuffs
@jbuitron you beat me on the age of your ISC2 pencils. Mine are from March 2009.
Did that bubbles-on-paper test contain 450 questions? I don't recall that fact.
I do recall that it was a 6-hour exam. I finished my test just past the 4.5 hour mark.
It was the 6 hour exam, held at one the London Unis. A lot of questions, but memory suggests it was 250 of which a proportion were not scored. I finished in about 3 3/4 hours. Managed to get an earlier train home after a couple of miles walk back to Euston station 🙂 Always nice to get out in the fresh air after studying and exams.
I ran into the same thing with ISACA's CISM cert. I had enough leadership experience to take the exam, and then needed three MORE years in "Management" to complete the certification.
It's a fact that men are NINE times (nearly ten times) more likely to enter management than women (Frost & Sullivan, 2017), I ended up proving that statistic. Companies for which I worked after passing CISM were supposedly 'cool' with my having passed the CISM exam, but they all flat REFUSED to put me into even entry-level management. Be aware that at the time I had been a CISSP for 4 years (thus, nine years experience), had a Master's Degree in Cybersecurity\Info Assurance (as Valedictorian of my class), and had five years in leadership. The 'companies' where I worked were clearly Gender-Biased, and held women back; it's called "Gender SEGREGATION," where females are relegated to entry-and-just-below-management roles for their entire careers.
So, I NEVER OBTAINED the needed years experience to fully complete my CISM.
ISACA is an accessory to Gender Discrimination by putting the requirements on CISM that they do. They are unwittingly contributing to the already overwhelming discrimination against females in cybersecurity and tech in general with their requirements.
The more peer-reviewed papers I accumulate, the more proof there is of these facts.
Dr. Jan Shuyler Buitron, DCS
Lead Cybersecurity/Systems Engineer
Doctorate of Computer Science in Cybersecurity
Master of Science in Cybersecurity, Valedictorian
CISSP, MCSE (x2)