cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Advocate I

Re: Then Why Bother?

Joshua,

 


@Kolbewrote:
The Net+ exam's study course had all of the questions that were on the exam. I know this because I got over 99% on it (I think I missed a multiple choice), and I completed it in half the time allotted.

What study course provider did you use for the Network+?

 

Sincerely,

 

Eric B.

Community Champion

Re: Then Why Bother?


@Kolbewrote:
"Ah, so you can no longer review your answers?"

 

No going back and reviewing / changing answers... this part is the true killer for many. I think that what accounts for the lion's share of the whining though is that many testers go in counting on 'brain dump'  technique which will do you little good on the CISSP. 

 

 

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC
Advocate I

Re: Then Why Bother?

Edward,

 


@xpensiv1wrote:

I am not sure what brought you to the conclusion that I am arguing to completely remove the experience requirements and making it a knowledge-only exam to refresh the ranks; but I will play along.


That comment was specifically directed toward Lamont (@Lamont29).  They way he had discussed the need to quickly bring qualified security folks up gave me (incorrectly) the impression that he was in favor of abandoning the experiential requirement for the CISSP.

 

Sincerely,

 

Eric B.

Newcomer III

Re: Then Why Bother?

I am not sure if on can go back or not if they skip a question or just do not select an answer with the expectation of being able to go back and answer it later. I do however understand that once all questions have been answered and the exam reaches the end there is no option to go back and review or change answers.

What a great way to enforce your first guess is your best guess, or either you know it or you do not.

The last statement was a left handed sarcastic one. Not knowing that the option to go back and review with any time left is no longer an option is one that I would guess sends many candidates into a world of panic.

Those candidates that pass will be extremely happy, those that do not will have a much deeper level of frustration with not having the option to review and will most likely use that as their excuse for possibly not passing.

 

 I guess I should not say whining, however, when it becomes incessant I revert back to a lower level of thought processes

 

The illustrious "Brain Dumps." One has to love those, and appreciate others ability to take an exam and regurgitate not only the questions but also the available choices for answers for others use. I don't see the value in that, however, to each their own.

I must say that I do however feel somewhat vindicated when an individual who spent all their time doing brain dumps comes back and then complains about not seeing any of those questions on the exam and had no idea what the questions were actually asking. No sense in even asking if they passed at that point since it is basically written all over their face that they did not.

I do however think that it may be possible for an individual to utilize brain dumps and actually pass the exam if they master the concepts and context. Would I bet on it "no", however I do think that almost anything is possible.

 

.

Newcomer III

Re: Then Why Bother?

I have noticed that Network+ has a new version N10-007 as of March 2018. I have no idea what has been changed though. I will say that many feel better about computerized exams versus pencil and paper exams.

 I would also think that there would be less challenges involved with selection making, mismarking, time spent with reviewing and the dreaded hurry up and wait for the exam results to be sent back informing one if they had passed or failed to pass the exam. Individuals complain now with how long the process takes to have the review process completed and actually be able to say, I can "Officially" state that they are a certified CISSP.

I have not heard any of the newer employees say that they could not go back and review their exams for the CompTIA certifications so I would think that they still have that capability.

The evolution of the exam (CISSP) seems to be topic of much discussion lately.

Things change and that is something most all agree on. However, change may or may not be a good thing depending on ones viewpoint. Personally, I have little doubt that the ISC2 organization or community would let the certification become a devalued certification just for the sake of increasing numbers.

Thought provoking post of what was in comparison to what is.

Newcomer II

Re: Then Why Bother?

Yes, whining does take it down a bit. The fact is that I knew enough from my reading to scrape by on the Net+ exam, but when I got the same practice exam as my colleagues... well, that clinched it. I read the Sybase series for Net+ (3 book set). I got Sun certified the same way, except I used a SAMS book.
My only experience with negativity, though, was in a security book where the author didn't know the value of the triad, and openly mocked it.
Community Champion

Re: Then Why Bother?

Always mock the CIA triad as much as you can, it lacks a sense of humour and is no fun at parties... But never do it in a textbook, it can’t read, you must do it to its face.

 

@Baechle But comrade, surely are we not all socialists deep down? Or at least we do much better in tribes/packs.

 

This is the TL;DR version of a previous post, an authentication mismatch saved lifekind from my diatribe(I’ll rewrite it if you like). But I’ll think we’ll probably agree on most points, but I’ll probably view the CompSci degree, the SSCP and the CISSP as pretty entry level, you can commit, persist at something, you know some security etc. These are good baselines, but show me an exploit, or some code or a thesis, or your design for a production system then this is much more useful - the more important is getting someone with a good reputation to vouch for you.

 

If someone is not sound then others might not want to sponsor them, but when you consider it one person can’t do all that much, but a team(especially one with diverse and  complementy knowledge, skills, and experiences) is a mutually amplifying network.

 

 

Community Champion

Re: Then Why Bother?

There several reasons for doing the SSCP or CISSP:

 

1) It is demanded by certain organisations as a requirement before you can actually be employed or have access their systems.

 

2). One of the major reasons from my perspective is abiding by an agreed set of ethics and responsibilities, which we all have to agreed to comply with.  I have seen in the past people having their registrations reviewed due to behaviour not consistent with those required by the ISC2.  Companies do have the right to complain, and in some cases, if it is severe enough - being struck off.   We all agree to be placed on a public register.

 

3). We are expected to objectively provide professional advice to organisations, if that advice is incorrect - who suffers the organisations and potentially yourselves, and potentially lead to legal prosecution or penalties to the organisation or the individual involved.

 

4). Employers are actively double checking whether the potential employee is actually certified to SSCP or CISSP etc prior to employment.

 

Have we all lost sight of the very reason for undertaking the significant investment in passing the SSCP and/or CISSP examinations?   

 

According to the some of the survey's I have recently seen the most sought qualifications are CISSP, CCSP and CISM. 

 

We certainly don't undertake to do these qualifications for the hell of it, just to get a tick in the box - this is an ongoing investment and commitment not to ourselves in terms of trust, integrity and responsibility, but also our profession.  

Newcomer I

Re: Then Why Bother?

Just responding to the subtopic of "should have taken a SANS/GIAC, OSCP, etc" comment to become an L33t Hax0r, that comment too is very incorrect. Go study and learn about hacking, then look at the EC-Council CEH at least for that course you actually HACK things. In addition, a very little known certification called the CPT (Certified Penetration tester) comes along with the CEH. To earn that certification, you have 30 days to perform a hack against a known target and have to supply certain information that you found (and see if you got caught by a honey pot or other fake level). This is the only way from a testing scenario to even remotely call yourself a hacker on the white hat side (assuming you want a certification to call yourself that).Otherwise just doing the work (reverse engineering, providing white papers on your own research) is the only other way to call yourself a hacker. No CISSP, GIAC or other industry cert affords you the title of "hacker" by any stretch, and I'd argue against any to the contrary. I've been hacking since the phone phreaking days of the early 90s, hold a C|EH, CISSP and 19 other industry certs. It's my experience that allows me to call myself a hacker, no certification (although as I said, the CEH is as close as you're going to get).

David Howard, CISSP, C|EH, MCSE
www.bringyourownsecurity.net
@dtigcincy
Newcomer III

Re: Then Why Bother?

Well stated , and I am in agreement with you that "proof of concept" does, and should in fact be more representative of an individuals actual capabilities. I actually work with individuals that actually believed that they could just change certification paths by just taking what they thought would be an easier exam only to find out that was not the case. Proving that one has the prerequisite knowledge is only part of passing an exam. In certain instances an individual may face the possibility of having to actually perform a task or tasks proving they can actually perform under pressure. What are your thoughts with regard to the current state of exams to actual proficiency levels the industry is currently experiencing. I ask this question because I am sure that many of us discussing topics and issues of concern know individuals that can do the jobs in the industry with few certifications. Likewise those that have higher level  certifications however, cannot correlate the knowledge into the actual organizations strategy and mission. I agree with you in that experience and knowledge both should be demonstrable. Anyone can go on google and grab turn-key programs, scripts and the like and make the claim they hacked into something or accomplished some herculean DDOS/DOS. I am honestly right there with you and agree with your thought processes and statements.