cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Topshotta
Newcomer III

Opinion about exam, just finished !!

Good day everyone, hope all is well. I just completed my exam and wow it was challenging. To start off I read a lot of reviews saying to outsource to different material and I agree 100 percent. isc2 is no where near enough to help you pass this exam. Unfortunately, I failed as well. Just focusing on isc2 will set you up for failure in my opinion. The material in isc2 goes over the bare minimum or surface level and on the exam its more deep dive or advanced in my opinion. I don't like to talk bad but I feel they set us up to fail on this one. I studied my butt off with different material daily and I felt like I had to take a guess and hope I was right  on atleast a third of the exam. Some questions are worded weird to throw you off but other than that, this is not a friendly/beginner course in my opinion. My advice to anyone taking the test is to STUDY HARD AND OUTSOURCE!! Take multiple courses, read multiple books , etc. Don't rely just on isc2.  To be frank, I did do mike chappels CC study guide (which is amazing in my opinion) and a couple of other things but I guess it wasn't enough. The worst part about it was when I got my scores back they tell you what you were proficient in and what you aren't and it said I was below proficient in a majority of the categories which makes me feel like idk what I'm doing. But like i said I studied the isc2 material, Aced all their exams and what not so idk. Anyway thanks for reading, hope this helps someone. Going to figure out my next move. God Bless.

59 Replies
JoePete
Advocate I

@Early_Adopter wrote:

@JoePete Seems like a bad deal for associates, who have invested more time, and spent more on the exam.


I agree, but I think of it as more a symptom of larger problem that the board or their successors will have to deal with for the long-term health of our association.

 

It does seem with CC that ISC2 are having a pop at replacing CompTIA Security+, however I'm not sure that that will work out - look at the numbers of jobs requesting Security+ Vs CC. To your point ISC2 Endorsement meant someone was willing to vouch for your experience, and CC doesn't have that going for it.


I'm not sure the strategy behind the CC. Ultimately, the marketplace with tell us where it belongs, but a great site that tracks certifications is PaulJerimy:
https://pauljerimy.com/security-certification-roadmap/

 

You can see the perception that the CC is more narrow and entry level than the Security+, which is on a par with the SSCP. I am not sure the CC is turning into what was promised to test-takers or the membership. In the meantime, our membership is radically shifting from seasoned, experienced, and endorsed professionals to entry level. I think most members are indifferent toward all this; as long as they can put CISSP or whatever cert after their name. So in that regard, I give credit to the board and management for reading the industry, but it does feel like we are becoming the very thing our founders intended to avoid. But heck, that was three decades ago, maybe times change.

Early_Adopter
Community Champion

@JoePete Health of the association does seem to be taking a hit, I think that ISC2 is probably not putting in enough effort to enhance and sustain certifications Forensics/Healthcare, and perhaps as well as looking for a mass market true cookie cutter that still provides fifty buck per year AMF. I do see ISSA taking more of lead in the UK, but ISACA and IAPP also seem to do grassroots professionals better.

 

I've quoted Paul's planner/roadmap/chart here previously, and I think the one super striking think certification takers should look at is the number of listings asking for Security+, SSCP and CC are far behind on a linked in job search, and while ISC2's approach to exams works well at the more advanced level. I concur that they are not nailing it with CC, maybe not even with SSCP though that does resonate better with folk wanting a junior SoC analyst etc.

 

I think that your reading is correct, but I feel that ISC2 won't be able to break Security+'s gold standard as a to do this to get into the industry, it's to you point riding on CISSP's recognition but probably ceding that ISACA in some sense and even perhaps to CompTIA for it's CASP+.

 

Three decades ago, eh? Maybe they'll pull up a sandbag or two for crusty old kippers like us, moldering up on the shelf, long past our best before, just waiting for the AIs to get all badged up and replace our functionality... 😛

JoePete
Advocate I

@Early_Adopter wrote:

@JoePete Health of the association does seem to be taking a hit, I think that ISC2 is probably not putting in enough effort to enhance and sustain certifications Forensics/Healthcare, and perhaps as well as looking for a mass market true cookie cutter that still provides fifty buck per year AMF. I do see ISSA taking more of lead in the UK, but ISACA and IAPP also seem to do grassroots professionals better.


Yes, another sore spot may be abandoning the specialized certs for the entry level. But this returns to the question of (ISC)2 health and how the current board defines it. It is interesting that we had more than a $10 million jump in administrative expenses for 2022. This strategy seems rather costly.

 

Yes other organizations do good work. CompTIA has always done a great job certifying specific skill sets, especially toward the entry-level employee, and, as you note, ISSA and ISACA carry plenty of water in this industry. Howevver, our current strategy seems to say "we want the whole pie" of certification. Very little of our management is in the security industry, and for that reason, maybe they misread the ethos that is distinct to our profession. It's evident from the moment you step into any con and observe the standard of fashion and hygiene - appearances are secondary (maybe even tertiary) to substance. That also describes how we view our certs; we want them to vouch for someone's capability to do the job. Experience and endorsement are huge in that regard and were founding principles of the (ISC)2.

 

One of the other issues at work is that as the membership grows less experienced professionally, we will have fewer people with board or senior management experience. Those of us with gray (or no) hairs who have spent time in board rooms, have a good sense of how to facilitate or correct direction. As we become diluted, the ability of the members to responsibly shepherd the organization may be diluted as well.

 

So while there are some governance and ethical questions we each must weigh, I'd also caution that these dovetail with our 501(c)(6) nonprofit status (i.e. finances). Experience really does matter, especially in the board room. While someone might present a convincing argument in a limited context, you need the experience to look at all the contexts.

Early_Adopter
Community Champion

@JoePete Concurrence.

 

Ten million dollars is very significant forgive my ignorance here - does it break down what it was for? Is there a link to the audited accounts for general consumption? What did the previous set of accounts look like?

 

Anyhow - horses for courses, the landscape is what is, and I can't see ISC2 pushing the water uphill and back time Vs CompTIA, ISACA, SANS et al, or if it did they'd need to sell a lot of tickets going to happy, swiftly employed C'n'C holders.

 

Edit: Adding the link to the 2022 report: ISC2-Annual-Report-2022.ashx

JoePete
Advocate I


@Early_Adopter wrote:

 

Ten million dollars is very significant forgive my ignorance here - does it break down what it was for? Is there a link to the audited accounts for general consumption? What did the previous set of accounts look like?


Audited financial statements in the 2022 Annual Report:
https://www.isc2.org/-/media/ISC2/About/Leadership/Annual-Reports/ISC2-Annual-Report-2022.ashx?la=en

 

And if you look at the reports over several years, you can discern the patterns of things. Financially we have ample resources ($110 million or so in net assets) and prior to last year, we were churning out net revenue gains pretty easily. On one level, I like that our revenues and expenses are closer to each other now, but I also note that we cut the Security Professional magazine and seem to be constraining expenses in other member benefit areas. This all gets back to the perception of a shift in the organization. Change is both natural and inevitable. I just wonder how well we looked before we leaped. Seemingly small decisions can have huge consequences - arguably that is one of tenets of what we all do for a living.

gidyn
Contributor III

Considering how long CC has been out, it doesn't seem fair to compare the number of job listings to well-established competing certifications. Give it a few years, then you can compare.
Early_Adopter
Community Champion

@gidyn

 

With the best will in the world, I'd rather be fair to candidates than to certifications...

 

The point when comparing a certification is to gauge its utility to holders in the marketplace right now, as folk would be getting an entry level certification to help them with a job in the industry right now, rather than a in a few years.

 

Comparing the data on job adverts as it is now Is really the best objective metric we have now, right demand wise it doesn't look ready to recommend to someone with limited time and money as their first entry level certification.

 

Now that might change "in a few years" - let's take three as an example, could it be on par with the Security+? We'll find out, but I think very unlikely as first mover advantage has long gone and Security+ is very dominant there. SSCP has been around for a while and still doesn't have anything like the pull - and you get the benefit of an ISC2 member endorsing your experience.

 

I'm not sure is having a large candidate pool with the cert(around 15K right now, approx 100% YoY growth, which is impressive) will affect this. On two polls maybe hiring managers will embrace it, or maybe the supply will kill the demand. let's revisit a year or two?

 

 

 

jacint61
Reader I

Some considerations from OpenAI:

 

Yes, candidates may have legitimate complaints if they believe that their scores were inaccurately calculated or if there were discrepancies in the reporting of their results in a computer adaptive test (CAT). It is crucial to have reliable scoring procedures and transparent reporting mechanisms in place to address such concerns and ensure the accuracy and fairness of the scoring process.

Here are some considerations related to scoring and reporting in CATs:

 

Scoring Algorithms: CATs use sophisticated scoring algorithms to determine a candidate's final score based on their responses to the adaptive test items. These algorithms take into account the difficulty level of the questions answered correctly, the number of correct responses, and the overall item response pattern. It is important that the scoring algorithms are well-designed, validated, and align with the intended scoring objectives.

 

Calibration: CATs often employ item calibration techniques to establish the difficulty levels of the test items. Calibration involves analyzing the performance of a large sample of test takers to determine the relative difficulty of each item. Proper calibration helps ensure that the scoring is fair and accurately reflects the candidate's abilities.

 

Transparency and Explanation: Candidates have the right to understand how their scores are calculated and how their performance is evaluated. Test developers should provide clear explanations of the scoring process and reporting methods, including information on how item difficulty and response patterns are considered. Transparent reporting helps candidates understand their strengths, weaknesses, and areas for improvement.

 

Quality Assurance: Regular quality assurance measures should be in place to monitor the accuracy and consistency of the scoring and reporting process. This may involve conducting statistical analyses, reviewing item performance, and ensuring the integrity of the scoring algorithms.

 

In the event that candidates have legitimate concerns about the scoring or reporting of their CAT results, it is crucial for test administrators to address these concerns promptly and transparently. This may involve conducting a thorough review of the candidate's test data, engaging in a dialogue with the candidate to understand their specific concerns, and taking appropriate actions to rectify any identified issues.

Overall, the scoring and reporting processes in CATs should be designed and implemented with the utmost care to ensure accuracy, fairness, and transparency in evaluating candidate performance.

 

 

JoePete
Advocate I


@gidyn wrote:
Considering how long CC has been out, it doesn't seem fair to compare the number of job listings to well-established competing certifications. Give it a few years, then you can compare.

That is an excellent point, but it is nowhere in the marketing that has been distributed to these individuals. To the contrary, it is been promoted as instant entry in the cybersecurity profession. It doesn't seem to carry anywhere near that weight currently, and even a few years down the road, I'm unsure it will.

Early_Adopter
Community Champion

Some humor, and a dash of inaccuracy here and there with this video, but there's some nice editing and I think it illustrates the point well for today's Zoomers breaking in, with a US bent:

 

https://youtu.be/YeWYlp9JP6g