I appreciate your response, and I completely agree. I moved away from an IT-centric career 15 years ago because I came home beat down and exhausted every day, even though it brought in nearly twice the paycheck I make now.
I guess what I’m saying is that I don’t agree with trying to cram the exam in this case. I think that folks, and especially federal employees, should move around a bit. Maybe I’m carrying this from my military time where we moved every 2-3 years and often into a job we never did before… but I think that’s the way to get the exposure you need to successfully acquire the CBK and gain experience applying it.
I worked as a government security officer, as a government information/personnel security manager, a system admin, a network engineer, a C&A DAA accreditation analyst, etc. I actually worked in the CISSP CBK domains and never actually studied for the CISSP. I sat for the exam cold in 2002 and passed.
I get that this survey web site are helping people chart their careers – but all of these folks trying to study for and pass the CISSP for Associate status because "that's where the money is" without going out and getting experience first are really just shooting themselves in the foot, and diluting the CISSP.
I'm starting to rethink the entire "Associate" status. I think instead of "Associate CISSP" the whole thing should get tiered. Like, there is no way to earn the CISSP unless you have been an SSCP for 4 years first. Similar to how the Professional Engineer must first sit as an "Engineer In Training" first. Just drop the whole Associate thing.
Would agree with you on many point you have made in your statements. However, I am not sure I would agree with "Being powerful is like being a lady" reference as that is a viewpoint from an individual and though the individual is entitled to that viewpoint I am quite sure that many do not share the same thought processes.
I think that you are on point with the statement that certifications, or degrees are not really load bearing. However as many corporations seek individuals that have higher learning degrees and certifications as validation of their commitment to not only self but also career then the ends justify the means. If that is not the case then anyone right off the street could come into a corporate position and learn any job. There is more a task or job than just being able to do or accomplish it. One needs to be able to explain upon request at differing levels, using differing terminologies, to other technicians, immediate supervisors, high level executives, possibly board of directors, or stockholders etc.. To some degree there has to be higher thought processes involved and one does not always learn those processes just by doing. Thus higher level thought processes typically require higher level learning which brings about the want or need to have documents validating that effort and level of knowledge.
Agreed, "an inch deep and a mile wide", does test ones ability and awareness of the many disciplines.
Not sure how many have seen "Cool hand Luke", or even heard of it in todays "YouTube", "Facebook" culture.
Meeting the prerequisite requirements is an agreeable statement. Dropping the standard(s) would indeed lessen the value of attaining the certification and the achievement of all who have passed the exam in the past.
I very much enjoyed reading your post.
Hmmm, actually my co-works and I work in an enterprise that encompasses 35,000 users, spread across 4 time zones, and 25 geographically dispersed locations. The issue is that as subject matter experts, they have become just that. They have become very proficient at one thing. You are correct in stating that the environment is one that does not encourage cross-utilization or learning. We are not even going to broach the subject of job rotation, mandatory vacations, or many of the other best practices of the industry. I am somewhat of an anomaly. I came from another enterprise in which learning was highly encouraged and the movement to other divisions or departments was also high encouraged. Therefore, I can see the frustration in my co-workers as to why it is difficult for them to get the concepts discussed in the reading materials. For some new adventures are a welcomed changed; for others not so much. I am in an environment which encompasses many individuals of the later mind set.
It appears that you have gained much insight into the environment of which I speak.
I enjoyed reading your response as I always love learning and getting different viewpoints.
The only people who can 'dilute' the CISSP are those individuals responsible on the governance end of (ISC)2. I don't believe that the exam has been diluted. I am speaking based on anecdotal evidence in that we have just as many whiners today as we had whiners when you sat and passed your CISSP. I can perhaps argue that I am seeing even more ridiculous whining today than I saw 5-7 years ago because the CAT format had given many ill-prepared individuals this illusion that the test was somehow 'easier' with less questions. I'd say to anyone with common sense that if one can answer 100 questions at a 80-90% rate, that it's a pretty good indicator that that same individuals is capable of passing the exam with at least a 70% average on the linear 250-question test. The CAT also measures the difficulty in the questions that one get right and wrong; given that scenario alone, the linear test takers had an advantage.
I recently took the PMP test and failed it. I know that I did not prepare for that exam as I did for my security exams. I just got over confident and failed it. I never crapped on PMI for the type of questions that were presented and how they were worded. The honest answer as to why I did not pass is that I was ill-prepared. Now, I will never make that mistake again. I have rescheduled and made a commitment to take the test seriously and actually study as I have my other exams.
Now many people would be miffed... How could he pass the CISSP, CISM, CISA... blah, blah, blah and fail the PMP (which is assumed to be 'easier')??? It's easy to fail ANY exam when you are not properly prepared for the exam.
I can whole heartedly agree with you on the non-dilution of the exam. I have individuals in other departments who have now taken the exam 3 or 4 times and failed over the course of 3 or 4 years. I for lack of feeling at the moment to be soft hearted hear many individuals complain that the exam was to much of an English test, to hard to understand the questions, to long, etc. etc.. So yes, I guess that does equate to them whining. I can agree with the more recent level of complaining and individuals thinking that since there was a change in the exam format it would be easier. I have personally seen that over the last few months. I have many individuals that I work with that feel they studied more than enough to pass the exam and then fail and complain about not seeing any of the questions from the practice exams on the actual exam. Some complain that the information was not covered in the book (notice I said book) they read through. The has and always will an excuse.
Like you stated, if one fails take it as a learning experience and get busy correcting the issue(s) which cause the failure.
I am glad to see that individuals such as yourself refuse to give up easily and take every advantage of a learning opportunity.
I applaud you and wish for you nothing but success in your endeavor to get that certification.
Interesting... I have not experienced any negativity. Could this be a regional thing? Everyone I have interacted with has been great. I fully agree with you, people in general really should be happy with life and career choices and if they are not happy then they have the power to make a change.
So another thing I noticed –
I’ve been attending a computer security professional group in the area. It’s made up of attendees from large and small businesses, and some folks on the outside trying to break in. Certifications is one of the topics that comes up over and over again.
So any time someone brings up the CISSP, half the crowd scoffs and the other half laughs. Why is this? What has happened to the CISSP reputation? When I asked a few people at the meeting, the basically gave me a “Comon, you’re kidding right?” response.
What’s going on here?
I'm looking at you @CindyCullen because the group is in NJ...
> Interesting... I have not experienced any negativity.
Because there hasn't been. I haven't seen ONE instance of someone giving someone else a hard time in these forums for failing a test. NOT ONCE.
Rather this is what the OP posts when someone has an opinion different than his.