cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gphalpin
Reader I

Does Adaptive Exam Devalue the CISSP?

Hi Everyone, 

 

This may have been covered a few months ago when the news was first announced, but I just recently learned the CISSP exam became adaptive. Colleagues asked me about my exam experience. That was three years ago when the exam was up to 6 hours long and 250 questions. So I showed them the web site to go over the domains, exam info, etc. 

 

I was very surprised to see the exam (English language) is now 100-150 questions. While the material is still demanding, I think the CISSP had a strong reputation as the premier information security certification because it was so rigorous with 250 questions. It was a long, tough exam. And people respected (sometimes grudgingly) those who passed. 

 

At 100-150 questions, does this devalue the CISSP? The Security+ is 90 questions. People used to believe the CISSP was several notches above Security+. Now people might think the CISSP is just one notch above or lump them together.  

 

I'm not trying to take anything away from those who passed the adaptive exam. I'm concerned about the long term implications this has on the value of the CISSP certification in the eyes of IT security professionals.  

 

Thanks,

 

Greg

 

 

45 Replies
Beads
Advocate I

@dreastans;

 

I finished the Security+ in 32 minutes and the long form CISSP in 95 minutes. Neither of which struck me as being difficult exams to pass. The caveat here is that I had many years of experience under my belt before I even bothered with the certifications.

 

In a word: meh. Though I do enjoy the complaints from people who should have never taken the exam as being "too hard" or the guy who compared taking the exam to "male child birth", whatever that means but its always stuck with me.

 

I have passed all kinds of exams to include some 40 IT and InfoSec exams, working on number 41, only failing one (NT 3.51 Workstation) back in the day and it was adaptive.

 

Suspect those who had to travel to the exam, stay overnight and sit for the exam with other test takers long for the more ceremonial, long form as we had to invest so much into it. Taking the exam back then meant having to invest a considerable amount of time and effort to be somewhere on a certain weekend, limited availability, often traveling  hundreds of miles hoping you'd pass. Wait six weeks to see the results and framing your ISC(2) CISSP pencil in the same frame as your certificate. Today you can schedule the exam once a month until you pass, immediately get the results and your all but a newly minted CISSP. Not much nostalgia to it.

 

For those of you who took the exam 15 years ago, keep in mind that the pass rate was very low - 20 percent or so? Today its much higher so yes in many ways the exam is easier but not because of CAT but due to the number and quality of the training materials available. Go out to Amazon and search for CISSP and you will see what I mean. Fifteen years ago you sat through a Shon Harris class and digested that tome of a book. No, not an easy task.

 

Now imagine me on my porch screaming: "You young whippersnappers don't know how good you have it! Books, materials and YouTube videos practically spoon feed the material to ya! Why back in my day we had to read InfoSec materials on clay tablets and share documents on 300 baud modems to get anything done! Now, get off my lawn!"

 

Its different and yes I suspect we have more people passing the exam on regular basis than in the past.

 

- b/eads

 

 

NGiaco
Viewer III


Beads
Advocate I

Personal attacks have never been welcome here on this board, perhaps you should like to rethink your stance before attacking people or better yet, delete such a post.

 

Answered the question honestly and in a forthright manner based on my experience with both examples. Nothing more, nothing less.

 

If you think either exam is too difficult get some more experience before you throw rocks and get back with us.

NGiaco
Viewer III

My apologies. 

Lamont29
Community Champion

I will answer that with a BIG FAT NO!

 

Back when I were in elementary through high school, algebra and calculus were performed by hand. You had to write it out and make no mistakes in justifying your answer. However, if I had a choice between such an "old school guru" or a person who has mastered how to perform and render these answers using the tools of Python programming or Microsoft Excel - give me the tools person! Today, we need INFOSEC people who can handle volume, and one can only achieve such results by their mastery of the tools. So, if one is agile enough to take advantage of the tools and techniques to obtain the answers and retain that knowledge - then more power to them.

 

The older version of the test gave 6 hours for 250 questions. You could go back and correct a question if your memory was triggered later in that test. Today, test takers have 100 less questions, but only a fraction of the time. Today, candidates better be sure of their answers, because there's no going back on a previous question after you have answered it! The old testing is mentioned by those who took it as some kind of litmus test of superiority of sorts - it's not. Based upon the metrics that I have compared, the CISSP exam did not become easier than the 250 question test. As we move forward, the training methods have become more targeted to counter the inherent difficulty in the adaptive testing.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
CEMyers
Newcomer III

A test is a test and rules of participation are rules of participation.  Most knowledge exams test the candidates ability to follow the rules and procedures as much as it does the knowledge being tested.  Multiple choice answers also had the failing of testing language and grammar as much as knowledge and usually boiled down to 3/4 (similar?) wrong answers and a 50/50 chance between two of the right answer.  What the industry needs is not simple knowledge and the ability to follow the rules and pass a test but the ability to display a mix of skill, experience, and knowledge.  The adaptive test, by testing in depth areas coming across as week, arguably addresses that need more appropriately.  The CISSP moves, necessarily, with the time to keep it current and relevant.  Testing methodology does the same.  The adaptive exam is simply the next step in the evolution of the CISSP.  Both methods and results had relevance for their time and both will go the way of the dodo with the next welcomed evolution. I salute everyone who attempts this journey and look forward to their continued professional development and involvement in the profession and the community.