We have a similar history in regards to formal certifications, thank you for the detailed outline. I initially started down the CCSK path only to find the material felt rudimentary if you have worked in the cloud space at all. Did you start out with the intent of obtaining the CCSP or did you also look at the CCSK?
Took a Infosec boot camp in San Diego. It was horrible. The instructor (WG) literally said, "if your not sure of the answer choose 'C'". Crappy mono colored book, but you'd think if your going to spend thousands on a training course, they could afford color student handbooks. Never again...
Throughout the years I moved up in to an IT Manager role and then an Infrastructure IT Management role. I didn't intend pursuing an CISSP certification originally but with my company's acquisition and my role change in to Service Management and looking at the future of technology I decided to use my IT management experience related to the 15+ IRS security assessments and various audits throughout the years to obtain my CISSP. I plan to pursue other audit related certs as well.
I think it is also important to understand that the CISSP requires four years of experience plus a degree or five years of experience. This experience has to be security related.
It bothers me to see people straight out of college somehow getting a certification. The same goes for many bootcamps. I think if you want to actually get value out of your certification you actually need to learn the material and experience the material to some degree. A 40 hour cram-session will not teach you anything except how to pass the test.
I do think the CISSP is valuable for people who have not experienced the breadth of all the security domains. There is a lot to security and many people do not get exposed to all the areas. Application security for example is in the CISSP but there is much more to it when it comes to real world application security.
So go and read the CBK but spend time looking at other sources such as Security Engineering, NIST 800-53, Networking+, OpenSecurity Architecture, and risk approaches such as STRIDE or NIST.
Ron Parker CISSP, CCP
I do preparation for my second try of CISSP exam. May I ask you about groups in OWASP chapter. Is it any online group, how to find them if I would like to join? Thank you
P.S.: Sorry, just noticed that question was about CCSP.
Your absolutely correct, and I'm sorry for commenting to the question "Re: CISSPs: How did you prepare for the CCSP exam?". When the question was concerning CCSP.
I totally agree about individuals taking a 40 hour or so course on CISSP or any other course. Certify and expect to secure meaning full employment. I have been in the IT industry since the mid 80's, yet the industry we are in are crying for security people, people that are certified in one discipline or many. No certification no opportunities. Many can study there butt's off and pass an exam, but this shouldn't be the end all, all this states is that the individual has the ability to learn. I also agree NIST sp800, is a must read and ref, as well as other ref material.
I will never be a "expert", as I am always learning something that I did not no.
Like I said, sorry for commenting on the "Re: CISSPs: How did you prepare for the CCSP exam?"
I have taken a look at the link you gave me, and will look into it deeper later this evening, Thank you.
I had been working as an Information Assurance/Security Specialist for a number of years and determined to complete CISSP to ensure I could "speak the same language" with those who were CISSP qualified. I also wanted to underline skill levels achieved. My company organised a course on how to pass the exam which, for me had little value. A lot of background material was presented but the information was "dated" and did not impart much by way of new knowledge. I had already purchased the ISC2 CBK book and the Shon Harris volume and read both. Prior to the exam I read the CBK cover to cover twice! I took very little by way of practice exam tools. When I took the exam I would say, being honest, about 30% I was unsure of the answer, but took an "educated guess" and am please to say I passed first time. It is very much "horses for courses" and what works for one does not always work for others. Some people benefit for boot-camps, others from more sedate classroom learning, others from self study, others from group learning. My advice, find the method that suits you most, and take the exam when confident you have a good grasp of the CBK. Remember, it is not always about having the right answer to every question imprinted on your mind, but the ability to select the most appropriate response from the selection offered.
I attended a Training Camp boot camp after prepping for about two weeks with the prep material provided by the Training Camp. I felt I was as "prepared" as possible but the exam was a bit strange! However, I did pass.