I hope you're well aware of the pass rate from the new CAT format. It has sky-rocketed. Comparing between the reddit/facebook/techexamforums, it's clearly apparent that more people are passing, daily, with minimal effort. What used to be, 3 months of hard work studying the entire CBK from head to toe along with thorough, comprehensive practice testing to attain this elite certification, others have been spending just a few weeks to pass the CISSP exam. I studied for the CISSP religiously, every day for 3 months to pass this exam. I worked hard for this so it pains to see others, with minimal effort, pass the same exam, at a higher frequency since the format changed to CAT.
And to no surprise, the word is getting out, everyone who has been studying for this is being told to go ahead and jump on it without wasting more time or before ISC2 realizes that they may just have made this exam significantly easier. The ease of attaining this cert now isn't fair to all those who studied, laboriously to attain it.
Pre-CAT,Certified Information Systems Security Professional
I used to hear horror stories about taking the exam. Today people tell a much, much different story. The exam is now simply used as a benchmark or checkbox to admission for most security positions.
If you knew what you were doing before, knowledge and experience now take a back seat to increasing certified individuals for a little in demand market.
At over 125,000 passed exams it really cannot nor should not be considered "difficult" any longer.
I just passed it Wednesday and it was pretty tough... I wouldn't want to do it again. I memorized the Conrad book and could probably write it from scratch.
I reached out to a few people online who (as you said) passed after studying "only a few weeks" and found some surprising hidden facts.
For example, in one case the individual had technically studied for "only four weeks" -- yet when pressed he opened up and stated he had taken those four weeks off work, studied 10-12 hours per day nonstop, and had 18 years hands-on security experience at multiple levels. He also stated there was "no way" he would have been able to study "just a few weeks" while working a full-time job and not having that extensive experience behind him. Others had similar stories -- overstudied, many years experience, or some combination.
So I'm not sure I would completely accept public statements as the only source, since there will be a bit of availability bias there as well -- more people will want to brag about passing than admit failure, regardless of the test method used.
I'll also add that a colleague of mine just passed a few weeks ago and rated it as the most difficult test he has ever taken in his life. And he has 20+ years IT experience.