I could find a better category to match my question I know it's not tech related but anyway...do you think it is ethical for training institutions to focus solely on passing CISSP exam?
I personally have found this actually very unethical, unprofessional and even concerning! if an training institution is highly focused on Only passing the exam, can we be sure that they deliver sufficient knowledge?
an argument might be: CISSP exam is the metric that ISC2 has put in place, so then Yes, what is wrong with that?
thoughts?
I compare the CISSP in a similar way to the British Computer Society (BCS) and New Zealand Institute of Technology Professionals (ITP),which I belong and maintain despite having left the UK. Both establishments have come together to follow the Chartered Information Technology Professional (CITP). Which is seen by industry in UK and New Zealand as the Gold Standard, in the digital acclaim world.
https://www.bcs.org/get-qualified/become-chartered/chartered-it-professional/
In order to obtain this is similar to the CISSP, pass an examination, which is based on experience and different scenarios. Obtain evidence and complete a package. Every five years one is subject to evidential scrutiny, of self development and continued maintaining ethics and professional integrity.
Passing the both the CISSP and concentrations, or even the CITP is an ongoing journey, of maintaining ones professional integrity and ethics. In both cases, it is possible for formal complaints to be made by employers, and as witnessed in the past for members to be censored privately or publicly.
Just passing the examination, is the commencement of a lifelong journey, a professional commitment, yes I passed the CISSP in the days of the 10 domains instead of eight, but went to do a concentration, which requires you to go back to basics and re-examine whether or not one is prepared for the next level.
These qualifications are hard earned, hard fought for some, but through determination, they provide a baseline upon which you can place your professional career as a baseline going forward.
Having recently become involved in the Pathway to Technology (P-Tech) as a mentor, helping young people to get a leg up in preparation for their journey's going forward makes, it provides an opportunity for professional giveback. Which all of us, could provide to individuals also at the commencement of their own individual journeys.
It certainly is not a wasted one, but something to look back upon, and wonder, how did we arrive at where we are right now. So keep and maintain motivation, it is not totally about us, it is about the others behind us and around us too. We have a job as a caretaker to understand and take action as necessary to protect others.
Regards
Caute_cautim
This may appear controversial, but I don't think passing the CISSP or any other ISC2 exam is key. It's simply a step to formalising knowledge as with any qualification. There will be people who hold the CISSP who struggle to apply their knowledge in an organisational context and similarly great practitioners who don't hold a specific formal credential. The CISSP and similar are often simply used as short cut to filter job candidates and so interviewers without a security background can get some assurance on the knowledge of the candidate.
Let's start with, what do you call the guy who finishes last in his class at med school?
Doctor!
I knew a guy back in the late 90s who was trying to get his MCSE. He failed every test like 7 times! But in time he passed them all and got it, and heaven help anyone who let this guy work on their servers. So yes, a certification is just a message and does not show how well you understand the material and your ability to comprehend things, which is what is really needed.
This is one of the reasons I am glad to see retry delays have been put in place!
John-
That was the best analogy. I actually was hesitant to bring those as examples so I am glad @JKWiniger did
@JKWiniger wrote:Let's start with, what do you call the guy who finishes last in his class at med school?
Doctor!
I knew a guy back in the late 90s who was trying to get his MCSE. He failed every test like 7 times! But in time he passed them all and got it, and heaven help anyone who let this guy work on their servers. So yes, a certification is just a message and does not show how well you understand the material and your ability to comprehend things, which is what is really needed.
This is one of the reasons I am glad to see retry delays have been put in place!
John-
Some people are just bad at taking tests. Failing a test isn't always a sign of someone who doesn't know what they are doing.
AFAIK, retry delays have been in place for some time. You seem to imply they are a recent thing.
It does bother me that some folks focus on just passing the test. I especially don't like seeing people who seem to want a 'brain dump' of the exam or actual exam questions as if they are going to memorize the answers.
The goal should be to learn the material. Basically the CBK. You should study or learn what is in the CBK. The test is against that CBK. Don't study against the test, or study just to pass the test. Study to learn/understand the CBK.
Using test banks should be more to help you understand the style of the questions you will get and help make sure you understand the information. I hate test banks that don't explain WHY the answer was right or wrong. (I like ISACA's QAEs for this reason).
Also, am annoyed that people assume official sample test banks are somehow the *same* as the real test questions or even retired questions. That's not how it works. To maintain their ANSI/ISO certifications, certifying bodies like ISC2, ISACA, SANS, etc need to keep separate their testing and training groups (SANS went to the extreme of separating the testing folks as GIAC). The people who develop test questions are not the same as the people who develop sample questions.
For me, when I studied for the CISSP, it was a way for me to refresh my knowledge on topics I hadn't dealt with since college, ensure I knew the stuff I currently work on, and fill gaps in my knowledge for areas that I didn't do much work in. The process of learning was just as valuable as passing the test itself, so again, I don't understand why some want to short-circuit this with just exam cram or studying only exam questions.
This is one reason I don't agree with those who poo-poo certs. I think that the process of having to learn and study to prepare for the cert is a valuable process that shouldn't be overlooked.
@emb021 this has me thinking of an unforgettable experience at an exam center many years back. A guy was coming out of the testing area after just failing his A+ and was rather pissed! He ranted about how the question were nothing like they ones he got online! I was in disbelief that this is what things had come to. Especially since I was required to take both the A+ and Network+ when they first came out so there was not such thing as a practice test or even a book to study, either you knew it or you didn't.
John-
> JKWiniger (Contributor I) posted a new reply in Tech Talk on 02-19-2020 09:30 AM
> I knew a guy back in the late 90s who was trying to get his
> MCSE. He failed every test like 7 times!
I remember one group where the guy we (a bunch of data comms, VAX and Unix people) considered the primo Windows guy failed the MCSE 3 times, and finally gave up. (I knew a Unix guy who *did* pass, first time. He'd never touched a Windows box, and claimed he answered every question by asking "Which answer would make Microsoft the most money?")
@rslade ok, now you made me laugh, but sadly it's so true! I know someone who has fail a certification exam numerous times. She would not let me help her study and even tried to blame for her failing, but that's another story. I did point out that you have to get into the mindset of who is providing the exam. You cannot pass the CISSP and CISM with the same mindset because each exam comes from a different place.
With Microsoft I will never forget the Exchange 5.5 exam, they had just gone to adaptive testing. The whole exam was 13 questions and 1 was on licensing. If you have 5 people accessing exchange from in the office and 5 accessing it with OWA, how many licenses do you need? I was actually pissed they made me drive to the testing center for that and send they should have just mail out a pass! hahah
And VAX, you had to go there! I hated that thing! Everything was so stripped down, I would have to telnet over to a Unix account and go out from there so I could look in my scroll back buffer and see the added spaces and other characters to get into those.. umm never mind... that was a friend of mine, ya that's always a friend of mine! hahah
John-