Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
j_M007
Community Champion
‎07-10-2018 06:31 PM
‎07-10-2018 06:31 PM

It takes courage to fail!

There is a lie that many propagate, and it is this. You have only one chance. There is only one kick at the can. It is propagated by well intentioned people or those who really want to knock someone out of the ring.

 

Please do not believe the lie. We all fail.

 

Everyone has failed the first time at something. Walking. Riding a bike. Baking a cake. It sucks. It's horrible, but only if we focus on it. If we say, "Well THAT didn't work. How about if I figure this thing out?" It takes the pain away. We can use the pain not as an inhibitor, but rather as a friend.

 

It's a matter of courage to pick up and rework the plan. If I ant to hire someone I want to hire a SEASONED person. I want a person who has experienced all sides of an issue because that person has more insights into someone who has had it easy.

 

There is no shame in failure. Especially when you use it to succeed!

Reply
7 Replies
billclancy
Contributor I
‎07-14-2018 02:46 PM
‎07-14-2018 02:46 PM

Only people who are about to test ask me if I passed the first time. As long as you pass at some point the other history is no ones business. 

 I think the problem with retesting is two fold.

1) The agony of defeat.

Lets face it. It hurts to flunk one of these tests. You pour your soul and life blood int studying for maybe 6 months, and you fail. The "I'm not good enough" voice in your head won't shut up for at least a week, and its easy to listen to that voice after failure. Well...that voice is wrong. I've been taking these tests sinct the 90's (Novell CNE), and I flunked one of those. I almost gave up, but my loving wife talked me out of it and seriously encouraged me. I got up, dusted off and passed upon retest.

 Fast forward...I'm a CISSP, CISA, CISM, CRISC, CEH. This spring I took and flunked the CCSP. The voice immediately kicks in, but I know better! I reschedule for 90 days, study with renewed vigor, and pass!

 

2) The cost of the exams these days!

The old Novell tests were $85. In all fairness you had to take 7 of them to get the coveted CNE certification, but you had a year to do so. Eat the elephant in chunks so to speak.

 Now a days they want  $700! That's quite a gamble for one spin at the testing wheel. Financially, even if you pass it hurts! The added pain of a second or even third shot is pretty raw.

 

Bottom line is...Study hard, study long, and test when you're ready. Go in confident, I like to visualize a boxing match, I'm all buffed fast on my feet and that poor test is all bloated and looking scared and sorry for himself. Then the bell rings, and I quite simply kick its ass. 

Reply
0 Kudos
rslade
Influencer II
‎07-14-2018 03:16 PM
‎07-14-2018 03:16 PM

> billclancy (Newcomer III) posted a new reply in Certifications on 07-14-2018

> Only people who are about to test ask me if I passed the first time. As long as
> you pass at some point the other history is no ones business.

Well, I passed the first time. But ...

>   I think the
> problem with retesting is two fold. 1) The agony of defeat. Lets face it. It
> hurts to flunk one of these tests. You pour your soul and life blood int
> studying for maybe 6 months, and you fail.

By the time I took the test, I'd been working in the security field for 14 years.
And I'd read (and reviewed) over 300 titles in the security literature ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
`But that's ... completely ridiculous! ... [Y]ou could claim that
*anything's* real if the only basis for believing in it is that
nobody's *proved* it doesn't exist!'
`Yes, you could,' said Xenophilius. `I am glad to see that you
are opening your mind a little.'
- `Harry Potter and the Deathly Hallows', J. K. Rowling
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
billclancy
Contributor I
‎07-14-2018 03:27 PM
‎07-14-2018 03:27 PM

"By the time I took the test, I'd been working in the security field for 14 years.
And I'd read (and reviewed) over 300 titles in the security literature ..."

 

I've also been in the infosec field for a good many years, and I've discovered "What we do at work, usually isn't the correct answer.". Sounds odd, but it turns out to be true.

 

As an avid reader, I'd have to say that reading and reviewing are a different activity than studying. Studying is critically analyzing, discussing, and digging deeply into the subject matter at hand.  

Reply
0 Kudos
rslade
Influencer II
‎07-14-2018 05:54 PM
‎07-14-2018 05:54 PM

> billclancy (Newcomer III) posted a new reply in Certifications on 07-14-2018

> As an avid reader, I'd have to say that reading
> and reviewing are a different activity than studying. Studying is critically
> analyzing, discussing, and digging deeply into the subject matter at hand.

I probably should have mentioned that I published the reviews on the Internet.
Believe me, if you don't critically analyze and dig deeply into the topic when you
publish on the net, you hear about it 🙂

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
[He] had met decent men and fools and people who'd steal a penny
from a blind beggar and people who performed silent miracles or
desperate crimes every day behind the grubby windows of little
houses, but he'd never met The People - Night Watch, Terry Pratchett
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
Gary23
Newcomer II
‎07-19-2018 08:47 AM
‎07-19-2018 08:47 AM

@billclancy wrote:

"... I've also been in the infosec field for a good many years, and I've discovered What we do at work, usually isn't the correct answer.. Sounds odd, but it turns out to be true."

The view of the CISSP test is always "top down" not "bottom up". You can have worked in the field and you have processes which work for your organization, but are you fully implementing best practices?

 

The CBK of the CISSP is framework much like ITIL. Many companies choose what components they can implement due to organizational maturity and business needs.

 

-Gary

Reply
j_M007
Community Champion
‎07-25-2018 05:19 PM
‎07-25-2018 05:19 PM

Yep. That's likely why it's better to call them "good practices" instead of "best practices" for ITIL and all of the other compendia out there, including our own dear CBK.

There is never one-size-fits-all because not everything is the same size, runs the same way or has the same value.

Moreover, not all of the countermeasures known are needed; and often it's the counter to the countermeasure that could have (or should have) been applied (and wasn't). ;-(

Beleaguered security folk simply can't think of everything (whether they be newbies or old hands.)

Reply
0 Kudos
rslade
Influencer II
‎07-25-2018 08:10 PM
‎07-25-2018 08:10 PM

> j_M007 (Contributor I) posted a new reply in Certifications on 07-25-2018 05:19

> Yep. That's likely why it's better to call them "good practices" instead of
> "best practices" for ITIL and all of the other compendia out there, including
> our own dear CBK.

When I wrote the dictionary, I defined:
best practice
(1) the gold standard for security buzzphrases.

and

gold standard
the best practice in describing your standard, if you want people to buy into it

There was an extended discussion on the use of the phrase "best practice" on the
CISSPforum in July of 2005.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
[M]any US tourists were put off visiting Europe on the grounds
that they would be targeted by terrorists. Some US tour groups
started wearing maple leaf and similar Canadian motifs so as to
feel safer from attacks. However, statistics suggest that you
are much more likely to suffer personal violence in many US
cities than in many perceived European trouble spots.
- Angus McIlwraith
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos