Ok, I took the CSSLP exam. I got a 688 out of 700 today. I took the official online ISC2 course with a week's online webex training (which was different from the online work). I used the flash cards and all the resources. Out of the 175 questions there were quite a few questions not associated with the flash study cards or what appear to be from the office student guide. There were also questions about modeling (I will not name them due to not talking about what was on the test), but the models were never referenced in the official study guide. If I would have known I would have refreshed on the associated models. Not sure what is going on here, but I would expect the resources to review and understand to be successful in the exam would be in the Official Student Guide. It would hope someone from ISC2 would please comment on this concern.
Since you took both exams, which one was harder?
It's hard for me to compare the CISSP and CSSLP in terms of difficulty.
The CISSP is a generalist exam which requires a shallow understanding of a broad range of topics. Whereas the CSSLP is a specialist exam which requires a deeper understanding of a narrower range of topics.
I passed the CISSP a number of years ago, so I don't remember the test that well. I do remember that I didn't do a lot of studying before I took and passed the CISSP exam.
For the CSSLP I prepared much more thoroughly, so even though it is probably a harder exam my preparation meant I completed it the fastest (in seconds per question terms) out of all the ISC2 exams I've taken, which in theory meant I found it the easiest.
You also have to factor in the CSSLP was the latest out of six ISC2 exams I've passed (the CISSP was my first) so by the time I took it I was very well acquainted with the style of ISC2 exams which helps, and the knowledge I gained from studying for each of them has been useful for any subsequent exams.
I passed the CSSLP earlier today. It was harder than I thought it would be but I think the questions were very well-crafted. For prep I read the AIO guide and the tests that came along with it. I watched a training course on cybrary but I think it is very high-level but a good aid to assure yourself about concepts. A lot of the tricky questions put me in situations that I remembered being in during my job. So definitely studying and knowing the material is one thing and helps but knowing how to apply it helps too. So if you have also dealt with situations/processes mentioned in the book, I don't think you will have too many problems passing the test. For reference, I have worked in the InfoSec division of a large company for the last 10 years developing/architecting information protection and code signing systems.
Overall, I think the CSSLP questions are a great balance between knowledge and application of that knowledge.
For those that have passed the exam. What would you recommend in order to study/do to pass the exam? (I've been tasked to pass the exam by work to get it by June and this thread has not inspired much confidence )
Firstly, to add some balance, read the other thread where there has been a 100% pass rate!
Then read the exam outline - there are currently two as the exam is being updated and a new version will take effect in September this year so read the current one given your target date:
Decide which tasks/subtasks you have experience in or knowledge of for each domain as defined in the exam outline.
Review the suggested reference list and read any references you feel will help plug any gaps identified when you reviewed the exam outline:
Finally, finish off by reading one of the main all encompassing references such as the CBK or the Essential CSSLP. This will help reinforce any new concepts learned and help tie all your knowledge and experience together framed in the context of the CSSLP exam.
NB - you can get a discount on the CBK as you're already a member - review the Member Benefits section of the main member portal for details - or buy the Essential CSSLP as it's much cheaper but covers the same content.
I've said it many times, but don't let this thread put you off - the CSSLP exam is nowhere near as bad is as is made out in here.
Good luck with your studies and the exam!
Firstly, thank you AlecTrevelyan for the link to the other thread. I was unaware of it and it is much more balanced then this one.
Secondly, people fail exams. Which is a good thing. Would you want a cert where you just need to read a few books and pass with no experience?
I took the CSSLP exam 4 years ago. It was hard, but fair. There were a few questions that were not covered in the Official guide nor the All in One. But, that is where experience comes in.
Please read he thread Alec posted. Also, please don't be discouraged.
6 or 7 member of the org I work for took the CRISC cert exam, some multiple times. The one who finally passed did it on their third try. I thought I was doomed. Passed it the first time by a fair margin.
Don't give up if you think you have the knowledge, experience and common sense.
I just took it for the 3rd time yesterday and still failed. I passed the Sec+ a couple of months ago and was feeling pretty good about it so I decided to give CSSLP another shot. But nothing has changed, there are 2 'sample' question books that are the exact questions from the websites of questions that are nothing at all like the questions on the exam.
But I did find Phil Martin's Essential CSSLP, the material seemed to be good, but I guess not enough.
Last week I failed in my second attempt. 3 of my colleague failed as well. Not sure what's going on with CSSLP exam evaluation process. I think I am done, not going for third attempt. So frustrating.