{"id":1846,"date":"2011-08-09T19:12:31","date_gmt":"2011-08-10T02:12:31","guid":{"rendered":"http:\/\/greg.porter.name\/wordpress\/?p=1846"},"modified":"2011-10-08T18:26:32","modified_gmt":"2011-10-09T01:26:32","slug":"passed-the-isc2-certified-information-systems-security-professional-cissp-today","status":"publish","type":"post","link":"https:\/\/greg.porter.name\/wordpress\/?p=1846","title":{"rendered":"Passed the ISC(2) Certified Information Systems Security Professional (CISSP) today"},"content":{"rendered":"<p><a href=\"https:\/\/greg.porter.name\/wordpress\/wp-content\/uploads\/2011\/08\/cissp-logo1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-1849\" title=\"cissp-logo1\" src=\"https:\/\/greg.porter.name\/wordpress\/wp-content\/uploads\/2011\/08\/cissp-logo1-300x300.jpg\" alt=\"cissp-logo1\" width=\"216\" height=\"216\" srcset=\"https:\/\/greg.porter.name\/wordpress\/wp-content\/uploads\/2011\/08\/cissp-logo1-300x300.jpg 300w, https:\/\/greg.porter.name\/wordpress\/wp-content\/uploads\/2011\/08\/cissp-logo1-150x150.jpg 150w, https:\/\/greg.porter.name\/wordpress\/wp-content\/uploads\/2011\/08\/cissp-logo1.jpg 400w\" sizes=\"auto, (max-width: 216px) 100vw, 216px\" \/><\/a><\/p>\n<p><strong>UPDATE!  CISSP granted to me on Sep 22, 2011!<\/strong><\/p>\n<p>Security is one of the many things I do.\u00a0 I chose to go after the <a href=\"https:\/\/www.isc2.org\/cissp\/default.aspx\">Certified Information Systems Security Professional (CISSP)<\/a> for a variety of reasons.\u00a0 One and perhaps the most important is that<a href=\"https:\/\/www.giac.org\/certifications\/dodd-8570\/\"> it is required for many, if not most, upper level IT jobs in the Federal Government, whether you are an actual Federal Employee or a contractor (DoDD 8570)<\/a>.\u00a0 So having CISSP is one of &#8220;those certifications&#8221; that are commonly listed on many job announcements.\u00a0 I got serious about studying for the CISSP at the beginning of 2011, and I took the ISC(2) CISSP examination for on July 23, 2011 in San Francisco.<\/p>\n<p>It takes ISC(2) a while to score the paper and pencil tests, but I received notification today that I passed!\u00a0 Whew!\u00a0 I didn&#8217;t want to have to take that one again.\u00a0 (I guess the score reporting times vary, but it took me 17 days, a couple of weeks, to get email notification.\u00a0 That&#8217;s in line with what ISC(2) says&#8230;)<\/p>\n<p><span style=\"text-decoration: line-through;\">I&#8217;m not officially a CISSP until ISC(2) <a href=\"https:\/\/www.isc2.org\/endorsement.aspx\">processes my endorsement paperwork<\/a>, I&#8217;m working on that.<\/span> <strong>UPDATE!  CISSP granted to me on Sep 22, 2011!<\/strong><\/p>\n<p>Read on for my thoughts about getting ready for the CISSP and what I did to prepare.<\/p>\n<h3>To recap ISC(2)&#8217;s turnaround times:<\/h3>\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td width=\"319\" valign=\"top\">Exam date:<\/td>\n<td width=\"319\" valign=\"top\">Jul 23, 2011<\/td>\n<\/tr>\n<tr>\n<td width=\"319\" valign=\"top\">ISC(2) notification of pass by email:<\/td>\n<td width=\"319\" valign=\"top\">Aug 09, 2011 <strong>(17 days)<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"319\" valign=\"top\">Endorsement faxed to ISC(2):<\/td>\n<td width=\"319\" valign=\"top\">Aug 15, 2011<\/td>\n<\/tr>\n<tr>\n<td width=\"319\" valign=\"top\">ISC(2) acknowledged endorsement rcvd:<\/td>\n<td width=\"319\" valign=\"top\">Aug 15, 2011 <strong>(Same Day!)<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"319\" valign=\"top\">ISC(2) awarded CISSP, notified by email:<\/td>\n<td width=\"319\" valign=\"top\">Sep 22, 2011 <strong>(38 days)<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"319\" valign=\"top\">Cert received via snail   mail:<\/td>\n<td width=\"319\" valign=\"top\">Oct 07, 2011 <strong>(15 days)<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><!--more--><\/p>\n<h2>Get the Proper Study Materials<\/h2>\n<p>This test, unlike most, covers a little bit of a *LOT* of subject areas.\u00a0 I doubt that any mortal human could pass it cold without some review.\u00a0 Get a couple big fat books and maybe some practice tests.\u00a0 These are the ones I used:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.amazon.com\/Official-Guide-CISSP-Second-Press\/dp\/1439809593\/ref=sr_1_2?ie=UTF8&amp;qid=1312926931&amp;sr=8-2\">Official (ISC)2 Guide to the CISSP CBK, Second Edition<\/a>, Harold Tipton.\u00a0 Although this is sometimes cold and humorless, I like that it is straight to the point.\u00a0 I wound up using it and preferring it to the more popular Shon Harris materials.<\/li>\n<li><a href=\"https:\/\/www.amazon.com\/CISSP-All---One-Guide-Fifth\/dp\/0071602178\/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1312927033&amp;sr=1-1\">CISSP All-in-One Exam Guide, Fifth Edition<\/a>, Shon Harris.\u00a0 Shon Harris has a lot of CISSP prep materials, videos, seminars, etc.\u00a0 A lot of people have used them and like them.\u00a0 Although I studied this book, I preferred the official ISC(2) guide above.<\/li>\n<li><a href=\"https:\/\/www.amazon.com\/CISSP-Video-Course-Shon-Harris\/dp\/0789739631\/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1312927254&amp;sr=1-1\">CISSP Video Course<\/a>, Shon Harris.\u00a0 A colleague let me borrow his copy of this.\u00a0 It&#8217;s long, and I didn&#8217;t watch the whole thing.\u00a0 I picked topics areas I was weak in and just watched those areas.\u00a0 Shon Harris very helpfully at times during the videos makes statements like &#8220;you *REALLY* need to know this, you&#8217;ll see it again&#8221; while she&#8217;s stomping her foot.\u00a0 If she says that, pay attention!\u00a0 That&#8217;s a guaranteed test question.<\/li>\n<li><a href=\"https:\/\/www.selftestsoftware.com\/dept.aspx?dept_id=10100\">Kaplan SelfTest CISSP practice exam<\/a>.\u00a0 I have used this vendor&#8217;s practice tests for many exams, I&#8217;m happy with them.\u00a0 Their questions are at least somewhat like what you&#8217;ll see on the real examination.<\/li>\n<\/ul>\n<h2>How I studied<\/h2>\n<p>Even if you have a good background, there&#8217;s a lot to cover.\u00a0 You need time.\u00a0 I started out about six months in advance and got my materials together.\u00a0 I have the luxury of having about 90 minutes a day on the bus, riding back and forth to work.\u00a0 I used that time to study.\u00a0 I&#8217;d take a &#8220;big fat book&#8221; and a small laptop with the practice test loaded on it.\u00a0 I tried to take the practice test and read some out of the big fat book morning and night, five days a week, for six months.\u00a0 I literally took the practice test hundreds of times.\u00a0 Towards the end I was missing maybe one question, getting 95% on average or better, every time.<\/p>\n<h2>Registering for the exam<\/h2>\n<p>Unlike most certifications, ISC(2) manages all aspects of the CISSP.\u00a0 They don&#8217;t out source it to Prometric or some other test vendor.\u00a0 You register for the exam at<a href=\"https:\/\/www.isc2.org\/default.aspx\"> the ISC(2) web site<\/a>.\u00a0 It&#8217;s one of the more expensive exams to register for, I paid $549.\u00a0 Be careful to pick the right test date.\u00a0 It costs $100 to reschedule the exam.\u00a0 I registered long in advance, and then it turned out I had a family wedding on the date I paid for, so I had to pay the $100 fee to move it.<\/p>\n<h2>A Bit More About The Exam<\/h2>\n<p>This exam is &#8220;paper and pencil&#8221; &#8211; you actually fill out the little bubbles on a Scantron form and turn the paper in.\u00a0 No other test I have ever taken from any vendor was done like this.<\/p>\n<p>My test was on a Saturday morning.\u00a0 I think this is the usual time for tests to be scheduled.\u00a0 Since the tests are paper based, and require elaborate logistics, proctors, etc., they are not given too frequently, and they are only given at limited urban test sites.\u00a0 I live in California, and my choices were basically San Francisco or Los Angeles, about once per quarter.\u00a0 My test was given at the Embassy Suites hotel near San Franscico Airport (SFO).\u00a0 What I did is book a room for the night before, drive up the day before, spend the night, get up all bright-eyed-and-bushy-tailed, eat a good breakfast, and report at the test site at 0800.\u00a0 Don&#8217;t be late!\u00a0 They lock the doors.\u00a0 (I waited until about a month out to make hotel reservations, and the hotel was full!\u00a0 Boo.\u00a0 I got a room at a nearby hotel.\u00a0 Don&#8217;t wait to get a room if you plan on doing this.)<\/p>\n<p>The test experience is what I imagine a bar exam, or a medical examination to be like.\u00a0 It&#8217;s formal.\u00a0 People have their work clothes on.\u00a0 No flipflops.\u00a0 Most of the guys had jackets, some had ties.\u00a0 There was a large room, that holds maybe 50 test takers.\u00a0 When you come in the first time, they check your name on the roster, check your ID, make you sign in, and issue you a test taking location.\u00a0 There was an army of proctors, maybe 6, constantly circulating in the room.\u00a0 You have to leave all personal effects in a pile at the rear of the  room.\u00a0 The only thing you can have at the table is a bottle of water.\u00a0  No cell phones.<\/p>\n<p>At 0800, they asked you to sit at your designated spot at the empty tables.\u00a0\u00a0 The head proctor, in a very Army style voice, goes over the rules.\u00a0 No talking.\u00a0 Raise your hand for assistance.\u00a0 Don&#8217;t move unless you ask.\u00a0 Use only our pencils, etc.<\/p>\n<p>The test booklet is maybe 40? pages.\u00a0 The questions are printed on it.\u00a0 You are allowed to write in the book, so feel free to scribble notes, cross out obvious distractor questions, etc.\u00a0 You do have to turn this in later, but the only answers that count are the ones you put on the Scantron bubble form.<\/p>\n<p>For the CISSP, you have a couple hundred questions and six hours, so there&#8217;s not a lot of time to linger.\u00a0 My test started at 0900, so I had until 1500.\u00a0 No lunch break.\u00a0 If you thought to bring food, you can ask to stand up, go to the back of the room, and eat a snack.\u00a0 I ate a big breakfast, but I didn&#8217;t bring any food or drink.\u00a0 They did provide water.<\/p>\n<p>The room was cold.\u00a0 I&#8217;d bring a light jacket in case you get cold.\u00a0 They will allow one test taker at a time to use the bathroom, and you are escorted by a proctor who waits outside the door.\u00a0 I used the bathroom once.<\/p>\n<p>When I started, I ignored the Scantron answer form, and did all my work in the test booklet.\u00a0 I went through all the questions in one pass.\u00a0 I didn&#8217;t come across more than one or two I had no idea about.\u00a0 I skipped those.\u00a0 The others, I usually could cross out at least a couple of obviously wrong answers.\u00a0 I did the first pass in about two and a half hours.\u00a0 I then took a bathroom break and got a drink of water.<\/p>\n<p>The next pass, I finalized all answers.\u00a0 I went from front to back in the book and answered every question in the book.\u00a0 Ones I didn&#8217;t know, I made my best guess on.\u00a0 You are not penalized for wrong answers, so answer every question.\u00a0 This took another hour.\u00a0 I got another drink.<\/p>\n<p>Third pass through was to transfer all the questions to the Scantron answer form and fill in the bubbles.\u00a0 This took about an hour.<\/p>\n<p>Final pass through was to basically make sure I did the Scantron correctly.\u00a0 This took longer than I thought, about half an hour.<\/p>\n<p>That was it!\u00a0 Turned it in at about five hours elapsed.\u00a0 I had planned to stay until the bitter end, but after five hours I was sick of looking at it.<\/p>\n<h2>The Hard Part, Waiting for the Scores<\/h2>\n<p>Since the Scantron paper forms have to be gathered up and sent in by the proctors to be scored, it takes a while.\u00a0 If you think about it, it&#8217;ll be something like 3 weeks &#8211; a few days to be mailed, a few days to sit around, a few days to be scored, a few days to be reported&#8230;\u00a0 You get the picture.\u00a0 It&#8217;ll take a while.\u00a0 I took the test on July 23, I was notified by email from ISC(2) on Aug 9.\u00a0 If you Google around, you will find people reporting up to 6 weeks before the scores are reported.<\/p>\n<p>The email I got looked like (personal stuff redacted):<\/p>\n<pre>From: (ISC)2 Customer Support &lt;customersupport@isc2.org&gt;\r\nDate: Tue, Aug 9, 2011 at 1:37 PM\r\nSubject: (ISC)2 Examination Results ISC2:99999999999\r\nTo: greg@greg.porter.name\r\n\r\nGregory\r\nPorter\r\n&lt;address redacted&gt;\r\nUnited States\r\n\r\nID\/Examination number: 99999999\r\n\r\nDear Gregory Porter:\r\nCongratulations! We are pleased to inform you that you have passed\r\nthe Certified Information Systems Security Professional (CISSP\u00ae)\r\nexamination - the first step in becoming certified as a CISSP.\r\n\r\nThe second step in the certification process requires submission\r\nof two additional items:\r\n\r\n1. A COMPLETED ENDORSEMENT FORM. The endorsement form and instructions\r\nare available for download at www.isc2.org\/endorsement.aspx. Please\r\nmake sure you sign and date the APPLICANT AGREEMENT section on page 2.\r\n\r\n2. YOUR RESUME\/CV. Please provide a copy of your resume\/CV along with\r\nyour Endorsement in one email (Note: your resume\/CV should be the same\r\nas the copy you give to your endorser).\r\n\r\nPlease include the following information:\r\n\r\nCompany name and address for each employer.\r\nContact name\/supervisor and phone number for each position held. If\r\nthe position was located outside of the United States, please include\r\nan email address.\r\nPosition held - title with dates (including month and year).\r\nDetailed description of your duties, as they pertain to the domains of\r\nthe CISSP CBK.\r\n\r\nFor detailed information about the experience requirements, please\r\nvisit www.isc2.org\/cissp-professional-experience.aspx.\r\n\r\nPLEASE BE AWARE THAT YOUR CERTIFICATION APPLICATION CANNOT PROCEED\r\nWITHOUT THESE TWO DOCUMENTS.\r\n\r\nPlease have your endorser mail, fax or email these items to:\r\n\r\n**If you need endorsement assistance you may mail, fax, or email these\r\nitems to:**\r\n\r\n(ISC)2 Programs\r\nAttn: Endorsements\r\n33920 US Hwy. 19 N., Suite 205\r\nPalm Harbor, FL 34684\r\nUSA\r\n\r\nFax: +1.727.683.0785 or +1.727.786.2989\r\nEmail: programs@isc2.org\r\n\r\nPlease allow 6 weeks for processing. It is not necessary to call or\r\nemail us to determine if your documents have arrived prior to that\r\ntime, as it will slow down the process. Please do not send multiple\r\nfaxes or emails of your documents unless requested by (ISC)2.\r\n\r\nAll examination applications are subject to random audit of experience\r\nassertions prior to (ISC)2 issuing a certificate. If we do not select\r\nyour application for audit, your certification shall be issued upon\r\nreceipt of both your properly executed Endorsement Form and Resume\/CV.\r\nIf we select your application for audit, we will send you a separate\r\nemail communication describing fully the process and requirements.\r\n\r\nShortly after we complete the audit of your Endorsement Form and\r\nResume\/CV, if applicable, your certificate will be printed and your\r\nmembership package will be shipped to the ADDRESS LISTED ABOVE. This\r\npackage will contain your certificate, ID card, welcome letter, and\r\nCISSP lapel pin gift certificate, which you can redeem at the online\r\n(ISC)2 Company Store.\r\n\r\nCongratulations again on your successful performance on the CISSP\r\nexamination! We look forward to receiving your completed Endorsement\r\nForm and Resume\/CV in order to move forward with the certification\r\nprocess.\r\n\r\nIn the meantime, please visit our Website (www.isc2.org) for detailed\r\ninformation about the endorsement and certification process. Should\r\nyou have any questions regarding the process, feel free to contact us\r\nat programs@isc2.org.\r\n\r\nSincerely,\r\n\r\n(ISC)2<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>UPDATE! CISSP granted to me on Sep 22, 2011! Security is one of the many things I do.\u00a0 I chose to go after the Certified Information Systems Security Professional (CISSP) for a variety of reasons.\u00a0 One and perhaps the most&hellip; <a href=\"https:\/\/greg.porter.name\/wordpress\/?p=1846\" class=\"more-link\">Continue Reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1846","post","type-post","status-publish","format-standard","hentry","category-content"],"_links":{"self":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1846"}],"version-history":[{"count":55,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1846\/revisions"}],"predecessor-version":[{"id":1877,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1846\/revisions\/1877"}],"wp:attachment":[{"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/greg.porter.name\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}