CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: I've waited long enough

  1. #1
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default I've waited long enough

    Time to hunker down and finally take the CISSP. I've got the big yellow official book already, only to find out today that there's a black 2nd edition out. I use cccure.org for their material. I've also got one other book - can't remember it off hand.

    Does anyone have any advice, recommendations, etc.?

    I've heard a few rumors about the test, as follows. Can anyone confirm/deny any of these for me?
    1. Answer like a manager (from a manager's point of view).
    2. The answer will be what ISC2 wants, not necessarily what is best practice or used in the real world.
    3. The more general (least specific) answer is usually the right one.

    Anything else I should know?

    Thanks everyone...
    - boldin
    CISSP
    CCSE/R65

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    17

    Default Re: I've waited long enough

    The best way to think of the CISSP material is being 100 miles wide but only an inch deep. You need to know a little about a lot. When I obtained my CISSP in 2001 there weren't any prep guides other than a recommended reading list of 40-50 books published by ISC2. In my opinion it is most important to objectively determine which domains you are weakest in and study up on those areas. It is also important not to wonder how you are doing while taking the exam as you will have absolutely no idea whether or not you passed when you depart the test facility. So try not to waste brain cycles evaluating your own performance, you're going to need every last one of them for the exam.

  3. #3
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    19

    Default Re: I've waited long enough

    I sat the exam in 2005, then again last year, as I didn't keep up my CPEs while I took over a year off work.

    Both times I used Shon Harris' book (different edition each time), along with a few revision notes and practice questions from cccure. That, along with my experience, was all I needed.

    I'm not sure I'd really agree with any of those 3 rumours you've heard. People talk a lot of rubbish about it, but I would say just read the books, practice with example questions, then use your knowledge and experience to answer the exam. Don't get too hung up on it.

    In the exam, make sure you allocate your time properly, and DON'T WASTE TIME MARKING ANSWERS IN THE BOOK!!! They repeatedly tell you to mark your answers on the sheet, but there's always some numpty that marks the book, then gets in a mad panic in the last 5 minutes.

  4. #4
    Join Date
    2009-06-10
    Location
    NE Ohio
    Posts
    1,202
    Rep Power
    15

    Default Re: I've waited long enough

    Good luck boldin. I took a CISSP Prep Course with GlobalKnowledge and the instructor was very good. Now that I have my CCSE R70 out of the way, I'm aiming for the CISSP in August.

    Good luck!

  5. #5
    Join Date
    2006-09-26
    Posts
    3,200
    Rep Power
    20

    Default Re: I've waited long enough

    Quote Originally Posted by belvdr View Post
    Good luck boldin. I took a CISSP Prep Course with GlobalKnowledge and the instructor was very good. Now that I have my CCSE R70 out of the way, I'm aiming for the CISSP in August.

    Good luck!
    Belvdr,

    I would have a lot of repsect for you if you pass either the CCMA, CCIE or Juniper JNCIP/JNCIE. Those are truly hard exams. No dis-respect to anyone with CISSP but the CISSP certification is completely useless.

    It is a ridiculous and stupid exam that even my wife passed the exam after spending about 2 days studying for it. My wife also hold a CCIE Security and she manages about 5 people with CISSP and none of them even know how to run "tcpdump".

    I myself also have CISSP as well and it took me about 3 days preparing for the exam. It is a stupid exam. Anyone who put CISSP cert on his/her resume, I will grill them really hard on during the technical interview.

    My 2c

  6. #6
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    19

    Default Re: I've waited long enough

    I know what you're getting at cciesec, but my guess would be that ISC2 doesn't care that those CISSPs don't know how to run tcpdump - they would say that it's not a goal of the exam.

    I found plenty of the questions drew on my general experience, not necessarily stuff I had specifically studied for. Given that, it wouldn't surprise me that your wife, an experienced CCIE (is anyone in your family not a CCIE? ;-), was able to pass it.

    Regards its worth, often it's just one of those things that you need to do if you're looking for a new job - it's just a way for HR to reduce the pile of CVs. Personally I found some of the study interesting where it covered areas that I don't normally have much exposure to. YMMV

  7. #7
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    In my case, I must have it before I get promoted - government contractor and all...

    So, off to the races...
    - boldin
    CISSP
    CCSE/R65

  8. #8
    Join Date
    2009-06-10
    Location
    NE Ohio
    Posts
    1,202
    Rep Power
    15

    Default Re: I've waited long enough

    Quote Originally Posted by cciesec2006 View Post
    Belvdr,

    I would have a lot of repsect for you if you pass either the CCMA, CCIE or Juniper JNCIP/JNCIE. Those are truly hard exams. No dis-respect to anyone with CISSP but the CISSP certification is completely useless.
    I would like to aim for the CCIE, but to be honest, I'm not in a consultant/services role. I'm an employee for one company so I'm not sure having the CCIE is really beneficial for me (I'm not engineering a lot of solutions). I'd also like to have the CCMA, but it seems nobody knows about it but Check Point.

    Quote Originally Posted by cciesec2006 View Post
    It is a ridiculous and stupid exam that even my wife passed the exam after spending about 2 days studying for it. My wife also hold a CCIE Security and she manages about 5 people with CISSP and none of them even know how to run "tcpdump".

    I myself also have CISSP as well and it took me about 3 days preparing for the exam. It is a stupid exam. Anyone who put CISSP cert on his/her resume, I will grill them really hard on during the technical interview.

    My 2c
    As northlandboy stated, it's a way to rise above the rest during the initial phases. Additionally, it's not a technical exam; it's aimed more for security managers and the like. They need to see the entire security picture, not just one aspect of it (which is another reason I want it). If someone has only the CISSP, that's one thing, but if they hold other certs, then it makes for a well-rounded individual, just like my B.A. in Business Administration. :)

    You might also consider that you and your wife passed it easily because you are experienced in many domains already. Therefore, much of it is review.
    Last edited by belvdr; 2010-05-16 at 21:29.

  9. #9
    Join Date
    2008-04-22
    Location
    Israel
    Posts
    43
    Rep Power
    0

    Default Re: I've waited long enough

    Quote Originally Posted by cciesec2006 View Post
    Belvdr,

    I would have a lot of repsect for you if you pass either the CCMA, CCIE or Juniper JNCIP/JNCIE. Those are truly hard exams. No dis-respect to anyone with CISSP but the CISSP certification is completely useless.
    That's funny, as I can support the opposite ;) So everything is relative and depends on situation. We have had a guy in our Support (Service Provider) with CCIE R&S that was still configuring Outlooks/DSLs/Edimaxes as he didn't fit "CCIE commensurate with experience" . And there was Security department manager (CISSP) that was very technical and earned almost trice as much (even before becoming a manager) .
    So dont know about technical knowledge it gives but general impression is that
    better job/salary it does provide (CISSP) . Not to say that all sort of auditing-comply market demands CISSP on auditors stff (take PCI e.g.).
    About CCMA will have to agree - useless to the individual holding it.

    Disclaimer: I hold none of those myself , yet [just bare CCSP,CCSE++]
    Cheers
    Taking challenges one by one.
    http://yurisk.info

  10. #10
    Join Date
    2007-10-31
    Location
    Great Plains - USA
    Posts
    161
    Rep Power
    16

    Default Re: I've waited long enough

    Quote Originally Posted by boldin View Post
    Time to hunker down and finally take the CISSP. I've got the big yellow official book already, only to find out today that there's a black 2nd edition out. I use cccure.org for their material. I've also got one other book - can't remember it off hand.

    Does anyone have any advice, recommendations, etc.?

    I've heard a few rumors about the test, as follows. Can anyone confirm/deny any of these for me?
    1. Answer like a manager (from a manager's point of view).
    2. The answer will be what ISC2 wants, not necessarily what is best practice or used in the real world.
    3. The more general (least specific) answer is usually the right one.

    Anything else I should know?

    Thanks everyone...
    I received an email from SANS today regarding CISSP online instruction. It may be of interest if you have the funds available. See here for the details: SANS vLive! - MGT414 - Eric Conrad

    They also have a bonus offer........
    *BONUS OFFER!
    We are excited to announce that any student who registers for MGT414 and enters promo code AUTHOR will receive an autographed copy of Eric's brand new book, "CISSP(R) Study Guide," when it is published by Syngress this summer. It will be a great supplement to your SANS course materials!
    CISSP Study Guide

    Kind regards,
    dbrown

  11. #11
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    I've found that (ISC)^2 has released a second edition of the big yellow book, now affectionately known as the big black book.

    Here's the Amazon link to it. A cursory review tells me it is a much easier read and seemingly more relevant/focused than the last book. It also seems a bit smaller (not much). The Transcender practice exam comes with it, but only like 100 or so questions. Not a bad deal around $45 for the "official" study guide and software - compare that with Check Point's courseware and that's a several hundred dollar savings.

    Yes, I know it's not an apples to apples comparison.
    - boldin
    CISSP
    CCSE/R65

  12. #12
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    Has anyone seen cccure.org's free quizzes? I went there last night after using their free engine for months and now it looks like they want to limit me to 25 question quizzes and a total of 30 quizzes before they start charging me money. Is this a new policy of theirs? I didn't see any reference to it on the site before last night when it all of a sudden asked me to provide a separate login for the quiz site, which was never required before.

    Thanks...
    - boldin
    CISSP
    CCSE/R65

  13. #13
    Join Date
    2009-06-10
    Location
    NE Ohio
    Posts
    1,202
    Rep Power
    15

    Default Re: I've waited long enough

    I had never seen that before either. For one reason or another, the CISSP seems to be taking the path of the MCSE in the late 90s. Everybody and their brother were scrambling to take it. It became more of a buzzword than a valid test of knowledge. I'm not sure I'm going to take it now.

  14. #14
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    I've noticed the same thing. Many of the CISSPs that I know are undeserving (or at least seemingly so) in that they are good test-takers but lack real-world knowledge. Don't get me wrong, I'm not saying all CISSPs fit this category, just some of the folks I've seen recently.

    In my position, I can't get promoted without the CISSP or one of the other DoD 8570 equivalents, so I'm stuck with the one that is most commonplace and most widely accepted - the CISSP - just for practical reasons...

    Thanks,
    - boldin
    CISSP
    CCSE/R65

  15. #15
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    I've confirmed it - the cccure.org testing engine is now $39.99 US for 6 months. Otherwise, you get 40 quizzes, limited to 25 questions each.

    This started literally the night that I was going to start using the quizzes. I'm scheduled to take the exam on August 15th and now I've got to pay money for something that has been free forever - 'til now. I log on to the site, setup my first quiz, then it stopped responding. The site went down, came up 10 minutes later and now it's a pay service.

    Great timing!

    Anyone have any suggestions for practice tests to help me gauge my progress as I study? I don't care if I have to pay for it. I've got an email off to Clement to see if there's a good reason why it went pay instead of free...
    Last edited by boldin; 2010-07-25 at 15:32.
    - boldin
    CISSP
    CCSE/R65

  16. #16
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    18

    Default Re: I've waited long enough

    For whatever it's worth, back in 2002 when I took the test I found the cccure.org quizzes were the most help.

    Ray

  17. #17
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    I've heard the same thing from every CISSP I know.

    For what it's worth, Clement responded to my email and upgraded me to a paid account for free until I take the test on 15AUG10.

    Just be sure to tell folks, if you recommend the site, that it's now a pay site. But from what I've gathered it's still the best source of information I've seen.
    - boldin
    CISSP
    CCSE/R65

  18. #18
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    Wish me luck! I'm off to take the test first thing in the morning. Hopefully there'll be one more CISSP in the world by the time I'm done (or at least my test is graded).

    Thanks for the support everyone. I'll pass along anything I can about the test once I get out of there (and back from the bar).
    - boldin
    CISSP
    CCSE/R65

  19. #19
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    Ok, all I can say is study, study and then study some more. Use multiple sources: books, study guides, practice exams, etc.

    Every version is seemingly different, but know the common criteria, architecture models, hashing algorithms and know how different connection and encryption schemes work and what they are primarily used for.

    You have to know things well enough to describe the "most" or "least" relevant answer - even though they aren't necessarily completely correct.

    Very tough - I feel like I failed miserably. But, from what I hear, that's a good sign...
    - boldin
    CISSP
    CCSE/R65

  20. #20
    Join Date
    2008-11-23
    Location
    Atlanta, GA
    Posts
    542
    Rep Power
    15

    Default Re: I've waited long enough

    It was a good sign. I passed the test - just found out today.

    Now for the endorsement process.
    - boldin
    CISSP
    CCSE/R65

Page 1 of 2 12 LastLast

Similar Threads

  1. log_unification_error: Log chain too long !!!
    By boldin in forum IPS Blade (Formerly SmartDefense)
    Replies: 1
    Last Post: 2009-03-22, 19:26
  2. The text is too long. Please shorten it.
    By danjun in forum About This Discussion Board
    Replies: 1
    Last Post: 2009-03-12, 10:57
  3. Can you see how long a tunnel has been up?
    By menz456 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2008-10-31, 09:18
  4. DNS data is too long
    By Hitman in forum IPS Blade (Formerly SmartDefense)
    Replies: 3
    Last Post: 2008-09-12, 13:05
  5. How long is a user connected?
    By tnkflx in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2008-08-20, 14:05

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •