This may have been covered a few months ago when the news was first announced, but I just recently learned the CISSP exam became adaptive. Colleagues asked me about my exam experience. That was three years ago when the exam was up to 6 hours long and 250 questions. So I showed them the web site to go over the domains, exam info, etc.
I was very surprised to see the exam (English language) is now 100-150 questions. While the material is still demanding, I think the CISSP had a strong reputation as the premier information security certification because it was so rigorous with 250 questions. It was a long, tough exam. And people respected (sometimes grudgingly) those who passed.
At 100-150 questions, does this devalue the CISSP? The Security+ is 90 questions. People used to believe the CISSP was several notches above Security+. Now people might think the CISSP is just one notch above or lump them together.
I'm not trying to take anything away from those who passed the adaptive exam. I'm concerned about the long term implications this has on the value of the CISSP certification in the eyes of IT security professionals.
I (provisionally) passed my exam (CAT) today, and I can say: that was some serious sh** !
To my mind there is no difference in asking 250 random questions in 6 hrs or 100-150 questions targeting on your weak points.
CISSP is definitely not a certification you can get by just memorizing books and questions. A strong background/working experience and understanding of information security is essential and helps a lot, no matter how many questions there are or how much time you have to answer.
I'm now really looking forward to the endorsement process - can't wait to be a certified (isc)2 member!
I think too much is being put into this. The only persons that could see there being any devalue, are others that have passed the CISSP. Shame on them if they do. HR at your local hospital does not know how many questions you were asked, your percentage right or if you merely lucked out. Just like I don't know how narrowly or grossly a board certified physician passed the board. All I know is that she did and my care is now in her hands. I presume that her two years of experience after four years of residency is enough to deliver my first born child. I am not going to ask how many questions she was asked when she was grilled by the board physicians, those entrusted to keep the integrity of medicine at it's highest.
I have taken the old version of the CISSP exam twice and passed both times. While I have not taken the adaptive form of the test, my cube-mate took it and described his experience. While it is great to see people's reaction when they were told it was a 6 hour, closed book test, that's just for fun. I guess some see it a right of passage. I see that as reserverd for small talk at parties.
I studied hard, but I am also a skilled test taker. With the old format, the distibution of questions on the domains was fixed. You could mark questions for review and sometimes you could get a clue on the question which stumped you from other questions.
I believe the new test focuses on content and removes the factor of test taking skills. Its new format gives you no place to hide. It finds your weakness and keeps up the pressure.
The goal of the test is to ascertain the knowledge of the candidate and I believe the new test format does that.
I plan to go for my CISSP-ISSEP and I will not take the test lightly.
I do not think the adaptive exam is any easier than liner exam in fact after taking both types in the past I would say that it is harder but you do not encounter many exams which are 6 Hours or even 5 Hours with some of the SANs exam. Also the reason that ISC2 changed the format was not down to making the exam more efficient or harder it was cost as Pearson Vue was complaining.
Additionally the way I found out about the change was down to quite a few people going for exam in my company which was unheard of so I enquired. The first thing a colleague said to me was that new exam was only 3 hours and only 100-150 questions, so for anyone to say that the duration is not a factor is wrong. If the London Marathon went down to 13 miles and based on your performance you could stop at 10 miles they would be inundated with applications.
What's challenging about the CAT over the Security+ is that you cannot go back and answer a question again or review it later. Second, the test feels much, much harder than any other exam I've ever taken (and I've taken a fair few). Security+ was a cakewalk compared to the CISSP.