I do remember my exam day all too well. I was one of those who took the paper based exam back in 2002. There were three people per table and each person at each table was given a different paper exam I think to make sure we're not looking over anyone's shoulder. We were informed by the proctors that we couldn't talk to fellow test takers at all, could only go to the bathroom one at a time and we couldn't speak about the questions in the exam at all with anyone.
It was a difficult exam. Initially I answered what I could and I found answers to a few questions later on in the exam questions. When I finished the test I wasn't as much looking forward to whether I passed or not. I was just greatly relieved that I survived. 🙂
I made my exam on 2013, 250 questions and 10 domains, only because company mandate all have some certification.
I had been working on securityland over 15 years at this point, so just taking one week prep class and then do actual exam was way to go.
As my normal luck, I got most of questions from domains I know least, but I still passed. I had been working security, project manager, technical architect, code writer, army and all kind of roles, so I knew something already from all those domains, even I was raised to code assembler code to microchips in first place.
Actual test was just a test, what I got most was that one week course with others and ofcourse our amazing teacher on that course, Oren.
For me, as head of security, certification is one part, BUT one need to understand and know how to work everydays situations. Mere certification doesn't fullfit second part.
I was fortunate to attend a CISSP boot camp, which included a voucher for the exam. I wrapped up training late Friday afternoon and was scheduled to take the exam the following Monday. I showed up and signed in, then was shown to a workstation. This was in May of 2014 and the exam system was all on computer. I made it through all the questions I immediately knew, then went back through the ones I had not answered and either knew the answer this time due to other questions I'd already answered. Finally, I reviewed the exam once more, then finished the exam. I'll admit I didn't think I'd passed. It just didn't "feel right". So, I'd always been told when the proctor hands you the results, you would either see a score and areas requiring more study, or it would simply say "Congratulations" or something similar followed by instructions to complete registration. The proctor handed me the paper and I scanned for my score twice before slowing down and see that magical word "Congratulations". I said, "Holy crap, I passed!" The proctor said, "You're the third person today who said exactly the same thing." So, I guess that's most people's first thought when realizing they passed the exam. That was literally the hardest written test I've ever taken in my life and I have never been so thankful to put it behind me.
I took the test back in the dark ages of 2002. There was no instant gratification when completing the exam back then. We all waited for the letter in the mail.
I have passed my CISSP exam today. Whoo-hoop! Here are a few comments on the experience, while it is still fresh in my mind.
First of all, mine was, of course, the "new" CAT exam: 100 to 150 questions in 3 hours. I was really concerned about it when I booked it as I know that I tend to be quite a "trigger happy" person and I always like to review my questions more than once as it allows me to spot the usual "NOT" in the question that I somewhat missed the first time I have answered it. I have passed the CSSP a few months back and I remember going through most of the answers at least three times! So the fact that any answer was "final" terrified me more than a little bit!
The second concern I had right out of the bat was that, in spite of practicting with all the possible resources in terms of exam questions, most (all?) of the questions asked did not look familiar in any way. I was expecting now having seen some of the topics but I was a bit disheartened when, after a few had gone passed, I still did not recognize any.
Finally, I was prepared to use formulas such as n(n-1)/2 or ALE= SLE * ARO or having to do some XOR calculation or, at least, finding some technology acronyms I had study hard to remember in some of the answers as they would have made me feel more like "I know this one!" but, it was not going to happen.
I guess most of the questions really required you to recall and apply concepts at a deeper level than simply recalling, for example, what a MITM attack was and, to that extent, I think it succeeded. For the reasons I describe at the beginning, I told myself to spend one full minute for each question, looking for negatives and nuances such as "suspected attack" VS "being attacked", for example and I felt quite confident my strategy could work - if I could at least say that I recognized at least the intent of the question.
All considering, one can imagine how I felt when, at exactly Question no. 100, the exam ended abruptly. I sincerely thought I failed and I was already psyching myself up for the bad news.
Well, I am glad is over and I am satisfied of the results!
I hope this can help anyone else getting ready for it, being more prepared!
Bravo! Well done, and thank you for the helpful advice. It appears that a major component, which is crucial for success in any field, from baking to banking is : critical thinking!
This is why merely knowing facts and figures differentiates the duffer from the pro. Anyone, who can type keywords in a browser can find (alleged!) facts and figures. Knowing how and why to use them is another thing totally.
Your post is inspiring, positive and helpful.
Studied one week per domain. Then picked my worst two domains and studied each another week. Passed it my first time in 2008 in 1.5 hours. Was during the Winter and the heat in the hotel conference room was not working... could see your breath. They gave no exceptions to standard operating procedure. No food/drink... no coat. Some people opted to reschedule.