There is a lie that many propagate, and it is this. You have only one chance. There is only one kick at the can. It is propagated by well intentioned people or those who really want to knock someone out of the ring.
Please do not believe the lie. We all fail.
Everyone has failed the first time at something. Walking. Riding a bike. Baking a cake. It sucks. It's horrible, but only if we focus on it. If we say, "Well THAT didn't work. How about if I figure this thing out?" It takes the pain away. We can use the pain not as an inhibitor, but rather as a friend.
It's a matter of courage to pick up and rework the plan. If I ant to hire someone I want to hire a SEASONED person. I want a person who has experienced all sides of an issue because that person has more insights into someone who has had it easy.
There is no shame in failure. Especially when you use it to succeed!
Only people who are about to test ask me if I passed the first time. As long as you pass at some point the other history is no ones business.
I think the problem with retesting is two fold.
1) The agony of defeat.
Lets face it. It hurts to flunk one of these tests. You pour your soul and life blood int studying for maybe 6 months, and you fail. The "I'm not good enough" voice in your head won't shut up for at least a week, and its easy to listen to that voice after failure. Well...that voice is wrong. I've been taking these tests sinct the 90's (Novell CNE), and I flunked one of those. I almost gave up, but my loving wife talked me out of it and seriously encouraged me. I got up, dusted off and passed upon retest.
Fast forward...I'm a CISSP, CISA, CISM, CRISC, CEH. This spring I took and flunked the CCSP. The voice immediately kicks in, but I know better! I reschedule for 90 days, study with renewed vigor, and pass!
2) The cost of the exams these days!
The old Novell tests were $85. In all fairness you had to take 7 of them to get the coveted CNE certification, but you had a year to do so. Eat the elephant in chunks so to speak.
Now a days they want $700! That's quite a gamble for one spin at the testing wheel. Financially, even if you pass it hurts! The added pain of a second or even third shot is pretty raw.
Bottom line is...Study hard, study long, and test when you're ready. Go in confident, I like to visualize a boxing match, I'm all buffed fast on my feet and that poor test is all bloated and looking scared and sorry for himself. Then the bell rings, and I quite simply kick its ass.
"By the time I took the test, I'd been working in the security field for 14 years.
And I'd read (and reviewed) over 300 titles in the security literature ..."
I've also been in the infosec field for a good many years, and I've discovered "What we do at work, usually isn't the correct answer.". Sounds odd, but it turns out to be true.
As an avid reader, I'd have to say that reading and reviewing are a different activity than studying. Studying is critically analyzing, discussing, and digging deeply into the subject matter at hand.
"... I've also been in the infosec field for a good many years, and I've discovered What we do at work, usually isn't the correct answer.. Sounds odd, but it turns out to be true."
The view of the CISSP test is always "top down" not "bottom up". You can have worked in the field and you have processes which work for your organization, but are you fully implementing best practices?
The CBK of the CISSP is framework much like ITIL. Many companies choose what components they can implement due to organizational maturity and business needs.
Yep. That's likely why it's better to call them "good practices" instead of "best practices" for ITIL and all of the other compendia out there, including our own dear CBK.
There is never one-size-fits-all because not everything is the same size, runs the same way or has the same value.
Moreover, not all of the countermeasures known are needed; and often it's the counter to the countermeasure that could have (or should have) been applied (and wasn't). ;-(
Beleaguered security folk simply can't think of everything (whether they be newbies or old hands.)