Hello... I can see your point about the negativity, however, I can also see the other side of the coin so to speak as well. One would think that by buying the books and doing exam quizzes enough information and knowledge would be garnered to pass the exam and thus sit atop mount Olympus with the best of the best if you will. My current position has me working at a large enterprise covering 4 time zones and 35,000 users. My co-workers are constantly complaining about the time required to study and learn and prepare for the CISSP and other exams. Some individuals often feel that there should be allowances made at work for them to collaborate on their studies and take a break from their jobs to accomplish this. The world has changed and the consensus is that their time off should be spent doing things that make them happy and not used to further their knowledge of the job. For many the exam is nothing more than an English test. I agree with you on many issues and concerns you brought to light. If one has a tea or coffee cup which is already full how can any more be added. Sacrifice, even for the benefit of self has taken a back seat to immediate self-gratification. When is the last time you heard people talking about their careers instead of their jobs. I personally like the challenge and frustration factor of learning and knowing new things and being able to solve issues and provide answers to concerns. Any thoughts?
I think it’s important for people to understand the scope of ISC2’s certifications, and to be nurturing to people in the community. “Train in rather than select out” should be a mantra.
If you want ISC2 certification to make you into a 1337 h4x0r then you’ve missed the point(and should have been looking at SANS/GIAC, OSCP etc), conversely anyone passing themselves off as a deep authority on the strength of CISSP is not doing really doing the right thing.
Do we want to limit the size of the pie, or make the pie big enough for everyone?(they still need to handle the questions, but the younger folks are smarter than we were in our day)
If this test for “most” people were just an English test, then I’d agree with the chronic complainers that we are all just wasting our time here. I did not arrive at that opinion. I thought that the CISSP exam was a measure of one’s ability to critically think in the Information Security profession. If one is beset with work responsibilities and cannot commit the time to study, then I failed at concluding that ISC2 should take such factors into consideration.
I have absolutely NO interest in this exam being “easy” or convenient. Again, if it were considered easy, the I would have NEVER bothered.
> conversely one passing themselves off as a deep
> authority on the strength of CISSP is not doing really
> doing the right thing
Unsure of the meaning of thre sequential carets in text - so I’ll plough on with more pontification from YT starting with an Interesting quote by an ex-British prime minister(I’ll leave you to infer which one):
“Being powerful is like being a lady... if you have to tell people you are, you aren't.” irrespective of of where you sit politically thais is very true.
One of of the things we do have to remember is that certifications(or degrees - or even the coveted ‘march and shoot’ medal)are not really ‘load-bearing’ , they are a useful short hand but can’t make up for a lack of experience, authenticity, (controlled)passion, good demeanour, critical thinking - the minute you use them in the wrong way (unalloyed appeal to authority) you’re going to start devaluing them.
The CISSP was always billed as “an inch deep and a mile wide” showing awareness of many disiplines - I think that exams are going to be easy or difficult based on someone’s knowledge, experience, congnitive horsepower, state of mind and how many times they’ve seen ‘Cool Hand Luke’.*
I’d say that there is a need for ISC2 keeping the confirmation needed consistent with the CBK and this in turn is driven by the needs of industry, I do think think a quota system should be implemented you meet the required level of competence or you don’t and there is a threshold of error in any exam, plus the exam is just a component of the certification. We need to try to bring people up to that level without dropping standards on the exam(ISC2 does that, so trust but verify there) or raising the bar artificially or selectively(we are not, and never should be in the business of excluding people).
If you think about the experience requirement for a CISSP(4-5 years) it’s really akin to having completed an apprenticeship and going from becoming a journeyman, a skilled craftsman(person) off to make their way in the world, but it’s probably not enough time to be a master craftsman - this requires much more, you should produce a masterwork and have peers review it(I don’t think it’s always practical to certify for mastery in novel and highly dynamic problem spaces).
*The last item may not be 100% accurate when determining someone’s comfort level against writing the CISSP exam...
The way that you describe the scenario is that your co-workers are not exposed to the type of work that would prepare them for the CISSP.
The original purpose of a minimum experience requirement was to ensure that the CISSP applicant could not only regurgitate the CBK, but also had the experience and maturity to apply it successfully.
In either case, it doesn’t sound like your co-workers are getting the opportunity to develop the experience they need and should probably start applying for other jobs where they can acquire that experience. You know like, career planning.
If the CISSP is a minimum requirement for them to stay employed (such as working for the U.S. federal government), they shame on them for not being prepared to take the exam when they first started. Employment certification requirements are baselines – that means that the employee should have held the knowledge and experience to pass the exam on day-one of employment, even if they had not yet actually sat for the exam.
I believe that certain certifications are so highly sought after that many are literally forsaking quality of life concerns to attain them. However with little understanding that one does not need to go to such extremes to pass the exam. They become so focused on reading all the material in different books and watching all the videos that they either do not know or understand that it is about knowing the concepts. The "why bother" is about enhancing ones abilities, and also ones knowledge. The frustration may also be that many fail to walk into the exam knowing that just memorizing a ton of questions and having no ides of concepts most likely will not help them. I try my best to instill in individuals who approach me with questions concerning the CISSP exam to stop trying to rush through studies as the do with their life and take time to actually learn or understand the concepts of the materials being presented. many tell me that they have heard it is nothing more than an English test. My response to that is; Well look things up. Expanding ones vocabulary is also a good thing as it will aid them in speaking with high level executives. Expanding ones horizons always come with a cost, and if as you have stated, the frustration is to great then yes maybe it would be better for some to seek another career path.