cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Re: CISSP Dilution

Hi,

 

I recently took the CAT test and passed. I wish if I could take the old exam (linear 250 questions). Personally I believe CAT is a bit tougher format to "Pass" the exam. I haven't studied for more than a few weeks. But, my overall experience in the field has helped me more, than all studies. Especially my last six years in the military. My plan was focusing on the few domains I had less experience on. I was confident about a few domains and was hoping to score 95% on those domains. I was more keen about learning the other domains deep. The study experience is much more valuable than certification. I don't know much about the pass rates, but have seen a lot of people failing too. Maybe we eventually will have someone who had experience on the linear exam taking the CAT and giving some inputs about the "easiness" of CAT. Given an option,  I will opt for the longer format.  I wouldn't want to see Dilution in an exam like CISSP, like it happened in lot of other certifications. 

 

 

just my opinion

 

Regards

 

 

 

Newcomer I

Re: CISSP Dilution

I made my 250 questions back in 2013 after over 15 years of daily work in securityland.
Took one week course to get idea about, which kind of language tricks there might be (I'm not native english speaker).
Spent little less than 3 hours on test. It was my life second hardest test, only Mensa test was harder Smiley Very Happy

Which brings my tought to actual topic; is there too many CISSP ?
It depends to what you compare that number. Here in Finland, we have around 500 CISSP, but we have over 2000 Mensa members.
SO; there definetly are not too many CISSP.

I think one thing of this gossip might come from social media and behaviour change, how new security practioneers are marketing themselves more openly than example 20 years ago. When I was working at Defence Forces (Army), I didn't market myself at anyway as it was not wanted nor desired to do so.

- Jra

Contributor I

Re: CISSP Dilution

> I am still having a hard to time to believe
> that answering 100 to 150 questions
> prove to anyone that you are dealing
> with what is called an Information
> Systems Security professional.

It shouldn't. There are scores of CISSPs out there who have never written a line of code, have responded to an incident, who can tell the difference between TFTP and FTP, who have actually implemented policy, and who use a computer daily for more than internet and email.

Yet we call them cyber professionals for some reason?!

Contributor I

Re: CISSP Dilution

@KaityEagle

> However, it is (ISC)² policy to not publicly
> disclose exact pass rates.

Why exactly is that? The lack of transparency here is concerning -- in other industries by way of comparison, their certification and licensing authorities expose such data.

 

You state it's ethical issue.  It's an ethical issue to be transparent about the process?  That's laughable... ETHICS is the very reason why most authorities ARE transparent about their processes!!!

Newcomer I

Re: CISSP Dilution

Hi,

 

It's not the number of questions that can decide the quality of the individual. You can ask a person 1000 multiple choice questions, but can't measure the true knowledge level. In some situations 3 or 4 questions can measure the knowledge and experience of a person. I think the "adaptive" method is far better than the subjective questions method or the longer objective format exam. You can design the questions so that a single question might be covering multiple domains. Remember that it's far tougher to choose from multiple right answers than filtering out the wrong ones. So the number of right answers for a single question may vary and it becomes a matter of perspective to choose the "RIGHT" answer. The more the number of right answers per question, the tougher the exam gets.I have met a lot of people (including a few who were teaching where I was taking training on information security), who couldn't answer the basic questions. They all had those fancy certifications. So the dilution is there in most certifications. I personally believe ISC2 should test in more depth, may be more than a few inches deep. The best thing I liked about the test is that cramming will not cut it like many other exams out there. And for a true security professional, the learning never stops and certifications are just milestones in the never ending journey. You have to love the learning part. I was at the receiving end of handling under qualified certified people a lot of times in my career. I didn't have a choice on the skill level of people I get to work with. Not an enviable position to be in.

 

Cheers, Happy learning

Highlighted
Newcomer II

Re: CISSP Dilution

Good morning,

 

I must respectfully disagree with you.

 

3 or 4 questions can certainly validate one single topic out of the 500 being covered by the CBK.

 

They refer to the CISSP as the gold standard, the all-encompassing certification.   

 

When the CISSP was released a few dozen years ago, the field of information security was nowhere as complex and as diversified as it is today.    At that time, people were getting certified after working in the field for years.  Now it is the opposite, certifications are entry level, where people get certified not to show their mastery of the subject but more to show they met the minimum requirements.

 

Bottom line, the new CAT test seems to be saving a lot of time for sure.  I had a student who completed his exam in 34 minutes with 100 questions.

 

Best regards

 

Clement

 

=========================================
Owner and Founder of the CCCure Family of Portals
Our quiz engine is at https://cccure.education
Our Learning Portal is at https://cccure.training
Community Manager

Re: CISSP Dilution

@mgoblue93 Historically, (ISC)² has not shared any pass rates publicly and this practice is unchanged by the update of the exam format. I will share your feedback on this issue, though. Thank you!

Viewer II

Re: CISSP Dilution

I'm a little late to this conversation, but I strongly disagree.

 

I belong to the subreddit r/CISSP and a Facebook group and I see the many posts about passing.  I feel that many people are quick to post their success, but few have the courage to post their failures.

 

I have failed this exam twice.  I'm taking my time before a third attempt and am studying more for the knowledge than for the certificate at this point.  I don't think it's diluted, but becoming more popular in the mainsteam tech community and thus has reached a wider audience.