Overview

My Certified Information Systems Security Professional indicates that I have a wide breadth of knowledge in several security fields.

This certification is fairly far along the (ISC)2 certification path

  • The SSCPSystems Security Certified Professional indicates a good understanding of security and is generally held by senior security professionals.
  • The CAPCertification and Accreditation Professional indicates that one has sufficient security knowledge to perform security assessments and risk analyses and is generally held by auditors and consultants.
  • The CISSPCertified Information Systems Security Professional indicates a deep knowledge of security issues and how they relate to business. It is generally held by CISOs, CSOs or Senior Security Engineers.
  • Past the CISSP, there are CISSP concentrations focusing on Architecture, Engineering, and Management.

History

I first became interested in the CISSP when I heard that it was the only security exam to get the ISO/IEC qualification. Out of curiosity, I went on line and tried a practice test. I did surprisingly well, so I thought I’d give the real exam a try. I signed up, thinking that studying for the CISSP would be a nice break when I got tired of working on my RHCE. I was so naive.

In reading the study guide it became quickly apparent that I was in a lot deeper than I had planned. While it is a multiple choice exam, it is not easy. It covers a lot of data, and it is hard to keep it all in your head at the same time. When I realized this, I 1) flipped out, and 2) revised my plan.

In the new plan, I read a chapter a day from the study guide, and took the sample tests. When done with that, I went back to the beginning, and retook all the sample tests. From the results of this, I constructed my own study guide for just the questions I had missed, and studied that for a day. Then I took the tests again. When I was averaging 97%, I went out and got another study guide. I did the tests in this one the same way. I then went back and took all the tests on the CD of the first book. When I was getting a 97% on all practice tests that I was taking, I took two days off, and took all the tests again, to determine what I actually knew and what was crammed.

After all of this, I managed to get my custom study guide down to just twelve pages. This is what I studied on the plane, in the hotel, and for a few hours before the test. I then sat down and took the test. As it turns out, I passed. It was, however, not easy.

Study Tips for the CISSP

  • Take extensive notes as you go.
  • Take all the practice tests many many times.
  • When you miss a question on a practice test, understand why you were wrong.
  • Don’t think this is a stupid question. There is no guarantee that the real test won’t have stupid questions.

Test Tips for the CISSP

  • Bring high-protein snacks and drink.
  • Don’t drink too much, or you’ll lose precious time in the bathroom.
  • Answer the questions you know first, go back to the others later.
  • Go through the test many many times before committing to your answers (I did six passes).
  • If you don’t know the answer, mark off the answers you know are wrong, then come back to it later.