What Do CISSPs Really Know?
I have been in the "CISSP world" for more than 10 years now. I have taught it for eight years around the world for corporate and government agencies. I have written books on it, developed products, webinars, study materials, and so on.
Over the years, I have noticed that the students who are attempting to achieve their CISSP certification have changed in their approach. Five years ago, people studied material on their own for months before attending a CISSP bootcamp course.
This is necessary because no one can really learn the extensive material that the CISSP exam covers in just five days. Over the last few years, I have seen a real switch in the approach of achieving this credential.
Because the information security market is continually growing, and security professionals are in such high demand, many people are jumping into the industry without a solid foundation of knowledge and experience.
People who worked in information security five years ago and longer had to be very self-motivated to learn this trade because there were no security courses, books, websites, or resources available to them as there are today. These individuals had to have a solid system and network skill base in place because that is where security was in those daysjust at the protocol and port level.
Sadly, too many people are achieving their CISSP certification through the memorization of key components that they will most likely see on the exam (like many other certifications.) While many individuals want to increase their career opportunities, and companies want to brag about the number of CISSPs on their staff, the individual, company, and industry are cheated with this approach.
While the CISSP exam is not made up of very useful and effective questions, the Common Body of Knowledge (CBK) is the crux to understand for any type of security today. If an individual has a solid grasp of the concepts and topics that make up the 10 domains of the CBK, advancement in a career is a given, whereas just obtaining the CISSP certification is not.
I have taught classes in which people have asked me what a MAC address is, what ARP does, or to explain Remote Procedure Calls (RPCs). Internally I cringe because I see that they do not have a solid technical base. Although security is more than just technology, technology is still the important core that most security practices surround.
I also cringe when I hear students complain because there is too much information covered in the five-day class. I agree that there are a tremendous number of topics covered in a CISSP course, but it is only overwhelming if the person has not studied on their own for months before attending one of these courses.
Studying for the CISSP exam correctly can be one of the best investments you will ever make in your career because all fields of security build upon the foundational material that the CISSP exam covers.
Because of this shift from attempting to learn the material to just looking for brain dumps and other shortcuts, I have made a shift in my company’s CISSP offerings. Materials that we once charged for are now included in our CISSP offerings for free. Although this does affect our bottom line, I think it is critical that people actually LEARN the security informationotherwise, we are all wasting our time.
We have changed our model of teaching by providing students with study material in several formats (CBT, on-line questions, MP3s, books, etc.) for free to help them properly prepare themselves for our five day CISSP course. People learn in different ways (reading, listening to lecture, doing) which is why we have developed several different formats for proper knowledge transfer to take place.
I know many people’s goal is to be able to have CISSP after their name on their business cards, but my personal goal (and my team’s goal) is to ensure that the effort of studying is directly beneficial to individuals, their companies, and the industry over all.
We are all in it together, so it is important to help each other out as much as we can.
For more information visit http://www.logicalsecurity.com.