post written by: Marc Chernoff

CISSP: A Formula to the Perfect Crime


If the formula to pulling off the perfect crime revolves around timing, and unarmed robbery is your thing, I know exactly where you can capitalize on the opportunity to make some really easy money.  Just setup shop outside of the nearest CISSP certification examination center.  Once a CISSP hopeful emerges from the brutal 6 hour (no breaks), 250 problem examination dungeon that’s chock full questions like…

“Of the subsequent four acceptable answers in situation X, which one is most likely not going to be the most practical option when the system users are not attempting Y?”

…That poor CISSP hopeful will be numb to life’s purpose, insensitive to his surroundings, and petrified of even the slightest thought of problem solving…  You could probably just ask for his wallet and wrist watch without any confrontation at all.

I took the CISSP exam yesterday, and it’s by far the toughest test I have ever taken.  I studied diligently for almost a month and I walked out of the testing center without the foggiest clue as to how well I performed.  Now I have to wait 2 damn weeks for the results!  A grown man may cry if I fail… and then it’s back to the library for another month.  Its hell…

Here’s an excerpt from a CISSP discussion board posting about the severity of the test.  This description is dead accurate:

ISC2 has done a tremendous job in keeping their questions fluid, relevant and updated. I could tell when I sat down and read the first five questions that this test was SERIOUS, and no amount of ANY practice test questions will save your ass on test day. The bottom line is experience, knowledge, know your theory 100%, and be prepared!

Is it true what everyone says, that you will finish that exam and beat yourself up until you know the results? ROGER THAT!! YES SIR, that’s an AFFIRMATIVE!! I’ve been through certification exams and taught for Microsoft, Novell, IBM, HP, Lucent, Proxim, the Department of Defense and the US Army, and all I can say is that you can tell when you sit down and read your first few questions, the CISSP is a “different breed of test.”

Some of you might think, “Well, how hard can it be, it’s all multiple choice right?” Just wait till you get in the exam, you’ll see what I’m talking about. Although I’m not a PhD or a test developer, it looked like each question was carefully worded to weed out the “certification mills,” brain dumpers, and anyone trying to fake their way through experience. That test WILL put you through your maximum cranial testing abilities! There are lots of, “All of the examples are true EXCEPT,” or “Which one of the following IS NOT.” It’s those little words EXCEPT and IS NOT that will throw you unless you read carefully and understand what you are reading. Let me say that again, READ-READ-READ carefully! One little word will trip the meaning of the question or the answer.

If I didn’t pass after sitting the exam, I knew exactly what it would take for me to pass it on round two: MORE READING! Practice test questions are good and necessary to give you a read on your strengths, weaknesses, timing and pacing through the exam. However, I can honestly say that if you don’t put the maximum effort into reading or getting a hold of as much study materials as you can for this test (reading, white papers, NIST documents, practice tests, audio MP3s, videos, whatever it takes), your chances of passing this test will diminish to almost no chance at all.

Download the ebook If you enjoyed this article, check out our new best-selling book.
Marc and Angel Subscription via Email And get inspiring life tips and quotes in your inbox (it's free)...

Enter your email address to get new articles delivered for free:



2 Comments

  • One of my coworkers was required to take this exam last fall. He had the same impression as you do. All he told me is that he felt as if someone had robbed him of his dignity after he left the testing center. I’m in a strict sys admin IT position, so I don’t have to take the CISSP. But I may attempt the SSCP or CEH at some point.

    By the way, I found your site through Technorati. Very clean! Great photos! :-)

  • I agree with the author to some extent. I studied religiously for about 3-4 months relying heavily on the ‘Official’ guide as well as the Shon Harris text. I answered a couple thousand questions and attended an Intense School boot camp testing the day after the boot camp ended. During the exam, I dug in deep and even relied some practical experience. But, I still walked out of the exam site wondering if I passed the exam.

    Sure there are questions on the exam that test your practical experience but, by and large, most of the exam is dedicated to testing your ability to apply theory. And by theory I mean a particular conception or view of something to be done or of the method of doing it; a system of rules or principles. As you know, the ISC2 also requires that you document your experience.

    DaVinci put it best…“He who loves practice without theory is like the sailor who boards ship without a rudder and compass and never knows where he may cast.” Then again, the wise and honorable Yogi Berra proclaimed that “In theory there is no difference between theory and practice.”

    Willness, I don’t want to discourage you but you’re better off waiting. Invest your valuable time and money in the CISSP when the time is right.

Leave a Reply