Ok, I took the CSSLP exam. I got a 688 out of 700 today. I took the official online ISC2 course with a week's online webex training (which was different from the online work). I used the flash cards and all the resources. Out of the 175 questions there were quite a few questions not associated with the flash study cards or what appear to be from the office student guide. There were also questions about modeling (I will not name them due to not talking about what was on the test), but the models were never referenced in the official study guide. If I would have known I would have refreshed on the associated models. Not sure what is going on here, but I would expect the resources to review and understand to be successful in the exam would be in the Official Student Guide. It would hope someone from ISC2 would please comment on this concern.
@MDChris Thank you for reaching out to us and I'm sorry to hear about your exam. Let me congratulate you on deciding to pursue the CSSLP certification. The exam itself is designed to gauge the candidates real world professional experience across the 8 domains and by doing is considered one of the more difficult (yet rewarding) certifications to acquire.
The study materials are built from the CSSLP Exam Outline and your knowledge of the CSSLP Domains and professional experience together will prepare you for the exam.
Thank you for the kind words. To your point that is exact the concern of the exam I took. It did not appear that, "The study materials are built from the CSSLP Exam Outline and your knowledge of the CSSLP Domains and professional experience together will prepare you for the exam". The course work, study guide, and flash cards had no modeling (i.e. Bell Lapadula, Biba, etc.) information or questions whatsoever. I am of the understanding pervious versions of the CSSLP did have modeling and I could see from previous study material this information was included. The never version of the exam, from what the instructor said, were not supposed to have these questions and the current study material I got from ISC2 reflected that as well. This is where I am concerned.
@MDChris I understand and have brought your concerns to our Education team. Please know, our Education team is consistently reviewing and evaluating course material for all (ISC)² certifications.
I feel your pain. I feel like ISC2 is misleading when it states project managers, business analysts and other non technical SMEs can study and pass this exams. Out of 10 of us currently studying for this cert, only the 2 technical SMEs have passed so far. 1 director failed, 2 out of 7 PMs have also failed and the rest of us PMs are thinking of throwing in the towel. There are very few resources to study, plus we are not technical nor do we have security background. So per ISC2 FAQ & the POC who responded to you, we definitely need life experience that we don't currently have and was hoping to study & pass this cert to help us obtain the life experience & become better PMs with regards to the security aspect of the systems we implement or upgrade. Most, if not all reviews I have seen so far re this cert states, we need life experience, a little bit of 'this' & a little bit of 'that' because the All in One book or the ISC2 book of knowledge (both of which I have) is not going to be sufficient. I don't understand how ISC2 could change the exams in June 2017 and not update their books or provide more effective resources/guidelines? I was so excited when I read the initial sales pitch on why PMs are great candidates that I gathered 6 of my co-workers & convinced them to take it. Now I'm so disappointed. We've spent months preparing for this & there doesn't seem to be a light at the end of the tunnel. I don't want me studying to go to waste so I'll have to look for another security cert from other organizations that are geared more to the managerial aspects as I don't want to be the SME/doer. I just want to understand & manage while ensuring applications are addressing the necessary security policies.
I also hope to hear back from the ISC2 team regarding my response.
Another not happy tester here as well. I too took the same CSSLP clas as MDChris, completed all of the courseware, studied the flash cards, and re-read the official 3rd edition Student Guide.
I would like to say that the test is not a measure of how well you understand the concepts, practices, and fundementals of the Software Development Lifecycle (SDLC). You will not get rewarded for your hardwork after completing a test similar in grammatical wording and sentence structure to the samlpe questions.
It's unfortunate that the measurement is not whether you can demonstrate you knowledge and wisdom in an orderly fashion, but whether you can deal in chicanery and diabolical subterfuge. It's so poorly written I thought they downloaded the wrong exam.
I'm at the point of deciding whether this certification is a must-have.
Agree totally. Don't think for a second they don't have an ISC2 monitor quietly watching this community forum. Problem is they're not going to do anything until it affects their bottom line. I e-mailed ISC2 after my issue in late May and got the, Sorry about your bad luck . . . wish you well when you take your test again. Then someone else I know got an e-mail from one of the ISC2 reps that said . . . . If you take our official ISC2 and fail . . . we'll pay for your exam within one year of when you took the class. I got three problems here. 1. I did not think the exam was reflective of the course materials in my instruction . . . . 2. If I re-take the exam what's going to prevent the same thing from happening again? . . . . and 3. Where's the consistency from ISC2? You get different answers from different people in the same organization. Come on! Where's the consistency?
If you read through these boards, you will find that there is no single source of material that will prepare you for an (ISC)² exam. The recommendations that you will consistently get are to use many references, to take lots of practice tests and to earn (much of) the required experience prior to sitting for the exam. (ISC)² exams are all about ability to apply your knowledge and experience in real-world situations. Although important, "book knowledge" is not enough to pass (ISC)² exams.
I have never heard of (ISC)² itself offering free retakes, although some of their partners do include the costs of the exam as part of the class tuition. Could you please post a copy of your friend's letter with the free retakes offer? There are many people on this board that would like to cash in.