cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Is the new adaptive CISSP testing format too easy?

Recently on http://reddit.com/r/CISSP , I have notice a LOT more individuals passing the new adaptive format CISSP exam.  Before, I would see one or two a week stating that they passed, now it seems like a flood of new CISSPs are diluting the market.  

 

Opinions?  Has anyone else heard anything?

 

Thanks, 

@MiKeMcDnet

@MiKeMcDnet
12 Replies
Highlighted
Advocate I

Re: Is the new adaptive CISSP testing format too easy?

Mike,

 

This question gets asked a lot.  I think fundamentally, the answer is a qualified, "No."  

 

First, let's look at your data source.  You are observing an increase in the rate of posts indicating passing scores.  What are the contributors to that?  Here are some contributing variables you have to eliminate or account for:  

(a) More members have discovered the Reddit and joined it as part of their quest for study tips; or

(b) More people are attempting the CISSP because of the change to CAT (the 6 hour proctored exam was a barrier to entry due to medical issues, timing of test delivery, etc. that have all been resolved in transitioning to CAT).  

 

Second, let's look at data provided by (ISC)^2.  (ISC)^2 indicated that their pass rate has not changed with any statistical relevance.  There is roughly the same amount of passing scores to attempts as with the paper exam.  Although the number of attempts has increased (thus increasing the number of passed exams).

 

Sincerely,

 

Eric B.

Viewer II

Re: Is the new adaptive CISSP testing format too easy?

Funny you bring this up. I haven't seen or heard anything. But I was thinking when I read the change that I can't see how reducing the number of questions from 225 to 100 maintains the complexity of the exam. Just my opinion though, and I am certainly no exam testing expert. Although, I see this as a matter of common sense.

Community Champion

Re: Is the new adaptive CISSP testing format too easy?

Today, there are 127,734 CISSPs.  3 years ago, there were 100,000.  Doing a bit of math, in the first 25 years, there was average net growth of 77 CISSPs per week.  In the last 3 years, it has been 167 per week.

 

This tells us either that (ISC)² marketing efforts are successful or that the test is getting easier.  It also tells us that 1 or 2 "I passed" reports per week is not a large enough sample to draw meaningful conclusions.

 

The more relevant measure is to know the official pass rate (the number that pass as compared to the number that take the exam).  (ISC)² does not disclose the pass rate, but they have reported that it has not changed as a result of transition to adaptive testing.

 

Adding to @Baechle's comments, I suspect it has to do with people being more willing to publicly share accomplishments.  Before 2007, I only knew what you had for lunch if we happened to be in the same restaurant.  With our kids, we just need to look on their social media accounts.

 

Community Champion

Re: Is the new adaptive CISSP testing format too easy?

With the number of unfilled job openings that require CISSP, I think that 2 or 3 times the number of CISSP certs could be issued and the open billets may just get filled.  So @MiKeMcDnet I don't think we are being diluted by new CISSP's joining the ranks.

 

Just as a reminder, DoD is requiring varying certs and this is probably finally making it's way through procurement, contracting etc.  CISSP covers many of the requirements.

 

I also think that the younger generation is much more apt to use social media and share on there.   

Community Champion

Re: Is the new adaptive CISSP testing format too easy?


@denbesten wrote:
The more relevant measure is to know the official pass rate (the number that pass as compared to the number that take the exam).  (ISC)² does not disclose the pass rate

Actually, I believe that, due to the ISO 17024 standard, they are forbidden to.

Way back in the day (before they got the 17024 standard) they did disclose pass
rates, and comparisons between people who took (different) seminars.  (I recall
that there was one seminar, done by a guy who was extremely popular.  However,
the numbers actually showed that, not only was his pass rate extremely low, but
that you stood a much better chance of passing doing no study at all, than if you
took his seminar.)

In terms of the adaptive format being too easy, I doubt that the "more than
double" pass rate between the early days and now means much.  Once you've got
100,000 people with certification, you've automatically got a huge sales force.  
(Well, assuming your certification is any good at all ...)

 

 


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Advocate I

Re: Is the new adaptive CISSP testing format too easy?

Doug,

 


@doug37 wrote:

I can't see how reducing the number of questions from 225 to 100 maintains the complexity of the exam. 


CAT exams are adaptive.  They don't have to ask you 200+ questions like on a static exam.    Let's look at the differences real quick. 

 

On the static exam, each question was worth a certain number of points.  There were easy questions, moderate questions, and hard questions.  Additionally, you could go back and check and change your answers.  Some questions and answers gave you hints to other questions and answers.

 

With an adaptive exam, if someone know the material, you really don't ever have to ask an easier question.  You can stay at a harder level and ask fewer questions.  And reducing the number of questions, reduces the chance that a prior question will provide a hint to a later question.  

 

On an adaptive exam, the exam system decreases the difficulty after wrong answers at a higher level.  That means you have to answer more questions to achieve a passing result.  Answer questions right, and the difficulty goes up.  Maintain a higher level of difficulty and pass with fewer questions.  Answer wrong a few times, and you have to answer more questions to pass.  Answer wrong enough so you can't break out of the easy questions, and the system figures out you don't know enough about that subject and skips it with a fail for the domain.

 

Does that makes sense?

 

Sincerely,

 

Eric B.

Advocate I

Re: Is the new adaptive CISSP testing format too easy?

That actually strikes a chord with me.  When I took the CISSP exam, I wasn't taking it for marketing or resume purposes.  I was, quite frankly, testing myself.  There was this CBK on security and I wanted to know if going in cold (without studying) my knowledge and opinion was in line with the CBK.  It was about boosting my own self-confidence.

 

When I first passed my CISSP, I didn't tell my boss or any of my coworkers. I had asked about exam reimbursement and my company basically laughed at me because they didn't think it was a real certification.  In fact, when I passed, the only person I told was the Novell rep that my company was assigned to because he was the only one that knew about it beforehand.  He ended up telling my boss. 

 

It was awkward too.  I would go to client meetings with my boss and he would lead off with me passing the CISSP just to rub my nose the confused look on our clients' faces (even though I was also an MCSE, MCNE, and a CCNP).  But back then, the CISSP wasn't as popular as it is today.  If you didn't have a cert from Cisco, Microsoft, or Novell, nobody knew what it was.

 


@denbesten wrote:

 

Adding to @Baechle's comments, I suspect it has to do with people being more willing to publicly share accomplishments.  Before 2007, I only knew what you had for lunch if we happened to be in the same restaurant.  With our kids, we just need to look on their social media accounts.

 


 

Community Champion

Re: Is the new adaptive CISSP testing format t oo easy?

> Baechle (Contributor III) posted a new reply in Certifications on 07-20-2018

>   @doug37 wrote: I can't see how reducing the number of questions from
> 225 to 100 maintains the complexity of the exam.

>  CAT exams are adaptive. 
> They don't have to ask you 200+ questions like on a static exam.

As another example, in the early 80s (late 70s?) a program called DEBUGGY
looked at the 112 different mistakes you could make in the subtraction algorithm.
After asking you only 7 questions, but based on a computer adaptive testing
system, it could identify not only which mistakes you were making, but which
*combination* of mistakes.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
[T]his was *magical*. Ordinary men had dreamed it up and put it
together, building towers on rafts in swamps and across the
frozen spines of mountains. [...] They hadn't dreamed, in the way
people usually used the word, but they'd imagined a different
world, and bent metal around it. And out of all the sweat and
swearing and mathematics had come this ... thing, dropping words
across the world as softly as starlight. - `Going Postal,' Pratchett
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Newcomer II

Re: Is the new adaptive CISSP testing format too easy?

Only way to find out is to take the exam again Smiley Happy