The Early Days of Training For CISSP Exam

When I took my CISSP exam, I was like most people who take it – knowing just enough to pass it was my aim, but I had to memorize things because I had no deep understanding of the concepts. This made me very disappointed. My goal has never been to secure as many certifications that can be attached to my name as possible. In fact, my personal belief is when I see someone list 10 certification credentials beside their name in an electronic mail, on a calling card, or curriculum vitae – the person may have an ego issue that requires the individual to show off and brag about their credentials. So this individual may excel in passing examinations, but I cannot recall an actual situation where responding True Or False was required to get a job done.

At the time that I took my CISSP exam, study guides were non-existent, no books, and no websites for the CISSP exam. (ISC)2 was the only one who offered training for CISSP. It was like four days a week for two consecutive weeks at that time. The first week of training I could tell that my instructors did not really fully understand the concepts that they were teaching. I even asked one of the instructors a query on Kerberos and instead of explaining the answer to me, he said, “You are not required to understand that for the exam.” I was very shock. I could tell not only did he not know the answer, but his main pre-occupation was to assist people memorize facts that were going to be on the exam. After getting similar responses to a few more queries, I just stopped asking. On the 3rd day out of the eight days of class, I left. We were going over myriads of subjects at the speed of light that I did not know and staying and sitting thru the class would mean I would just listen to more lectures and learn nothing and get more frustrated.

Just would like to note that the two (ISC)2 instructors that handled the class I was in have boasted over the years that “they taught Shon Harris” and (ISC)2 sales people claim the same promotional gimmick today to fill-up their classes with more students. I've been hearing about these comments for years now. What the (ISC)2 instructors and sales people do not tell their potential clients is that I stopped attending the class because it was useless.

When I passed the CISSP exam and still not really understanding much about the diverse subjects, I thought that someone should write a book on it. So I did. The first book I ever published was close to 1,000 pages long. I was a masochist.

There is a great difference in memorizing subjects to be able to pick out the correct answer to pass an exam versus understanding fully the topics to be able to write a huge book and teach courses on them. To be honest, I feel so luck and honored that I have had the opportunity to do both.

These days whenever I do consulting for companies, I more than frequently understand subjects that my colleagues do not and I can “see” the concepts at a deeper level and how it affects surrounding issues. I usually bring up dependencies of specific solutions that the team has not considered. And for years I have a clear understanding of what a security program is truly built upon, which the industry is nowadays finally getting a grasp on. I am certainly not the smartest bear in the gang, but the extent of research I have had to do on the subjects within the CBK allows me to view security holistically and not be stuck in understanding security from one point of view only.

Don't be left behind. Get a comprehensive CISSP training from Logical Security. Visit http://www.logicalsecurity.com/education/education_courses_cissp.html.