Introduction to the CISSP-ISSEP Exam

April 28, 2011 By Mitchell Rowton 4 Comments

The Information System Security Engineering Professional (ISSEP) is a CISSP concentration that specializes in security engineering. In addition to the ISSEP, there are two other CISSP concentrations, the Information System Security Architecture Professional (ISSAP) and the Information System Security Management Professional (ISSMP). The ISSAP overlaps with many of the technical concepts from the CISSP, the ISSMP overlaps with many of the management aspects. The ISSEP is an entirely different animal with a distinctive U.S. government flavor to it.

CISSP-ISSEP

About the Exam

The ISSEP exam is made up of 150 questions and has a four hour time limit. Like other ISC2 test, 25 of these questions are used for research purposes only and are not counted when determining your grade. You need a 700/1000 to pass the exam. The domains and questions were developed by ISC2 in conjunction with the U.S. National Security Agency (NSA). Because of the NSA’s participation in question development, you may notice a different style and tone between ISSEP and CISSP questions.

[Read more...]

Filed Under: General Information Tagged With: , ,

10 Ways to Get Free CPE’s for Your CISSP

April 23, 2011 By Mitchell Rowton 3 Comments

Free CPEThe CISSP certification is automatically renewed after three years as long as you have stay on top of the minimum Continuing Professional Education (CPE) credits and Annual Maintenance Fee (AMF). CPE’s are divided into two groups. Group A CPE’s cover “Direct Information Systems Security Activities” and align with one of the 10 Common Body of Knowledge (CBK) domains, while group B CPE’s cover “Professional Skills Activities.” ISC2 provides the following ideas for getting CPE’s.

  • Attending educational courses or seminars
  • Attending security conferences
  • Being a member of an association chapter and attending meetings
  • Serving on the board for a professional security organization
  • Volunteering for a government, public sector and other charitable organizations, including (ISC)2 volunteer committees
  • Completing higher academic courses
  • Providing security training
  • Publishing security articles or books
  • Participating in self-study courses, computer-based training or Web casts
  • Reading an information security book or subscribing to an information security magazine

[Read more...]

Filed Under: General Information

CISSP Salary Survey and a Grain of Salt

April 13, 2011 By Mitchell Rowton 1 Comment

CISSP SalaryI don’t trust salary surveys because they don’t take into account all of the variables that go into a persons salary. These variables include location, experience, education, certifications, and the company. Most salary surveys only take into account one or two variables and completely ignore the others. While these other variables do get included within an “average” this average can be so much different than your salary range that it doesn’t do any good to know it.

Will a CISSP in West Virginia make the same salary as a CISSP that lives in Chicago? Of course not. If you are a new security analyst that just obtained a CISSP, you probably won’t make as much money as a senior CISO that has had the CISSP for years. Likewise, some consulting businesses offer high reward salaries, while also offering high risk (and more travel). Will a high school dropout make as much as a CISSP with a doctorate? You can see how these wildly different scenarios make for a wildly inaccurate salary survey.

[Read more...]

Filed Under: General Information

5 Tips for Passing the CISSP

April 9, 2011 By Mitchell Rowton Leave a Comment

1. Don’t sweat the details

Five tips for passing the CISSPIt’s easy to get caught up on details, especially memorizing facts. While the CISSP does have detailed answers that depend on you knowing facts, it’s much more important to understand concepts. Don’t get me wrong, you have to put in the effort required to memorize terms and concepts, but you can’t rely on this to pass the exam.

We all know that many of the questions are difficult. You will either immediately know the answer or you won’t. When you don’t know the answer you have to count on your understanding of the concept to help you pick the most likely answer based on the intent of the question.

2. Studying for the CISSP is like learning to subnet

Remember when you learned to subnet? At first it seemed like voodoo black magic that inexplicably produced answers that couldn’t be explained. That’s because you need to apply multiple concepts at one time in order to subnet. As you learn to subnet, you first learn one of the concepts. This creates the strange sensation of learning something, yet not getting any closer to understanding it. After you learn all of the basic concepts then you suddenly have an “ah ha” moment and understand the entire process. The CISSP is the same way.

[Read more...]

Filed Under: General Information Tagged With: ,

The First Thing You Should Do After Deciding to Take the CISSP

March 2, 2011 By Mitchell Rowton 2 Comments

Schedule it. That doesn’t mean to mentally pick a date that you plan on taking it. It means you go to ISC2′s website, pick a date, location, and pay for the exam. When you’re done with that, go tell everyone you know that you scheduled the CISSP.

CISSP ScheduleDoing this creates stress. In the post “How I failed the CISSP“, I talked about how stress is a great motivation. If you don’t have a healthy amount of anxiety then you will be less likely to put in the hard work.

First, if you fail the test you will loose the money you spent on it. ISC2 doesn’t give refunds for failed test. I know this from personal experience. Second, its very embarrassing to admit to your friends and coworkers that you failed the test. Especially if they have already have the CISSP certification. I also know this from personal experience.

[Read more...]

Filed Under: General Information

How to Register for the CISSP Exam

January 27, 2011 By Mitchell Rowton Leave a Comment

To register for the CISSP first go to ISC2′s exam search page. This page handles the registration for the testing and training. If you only want to schedule the exam and not training, make sure you set the “type” drop down selector to “examination”. Otherwise you’ll spend 10 minutes trying to find the perfect location and date, only to learn that the exam isn’t open to you.

Register for CISSPUnless you live in a really big city it’s best to only select your Country/State, and then just scroll through the options for city and date. The examination locations are usually either an educational institution or a hotel. I’ve taken test in both and prefer hotels. For me, the examinations are usually a long drive and early in the morning. So I prefer to stay in the hotel, get  a good nights sleep, and wake up to a nice breakfast.

If you’re taking the exam following training then the vendor will set up the exam for you, all you will have to do is fax them paperwork.

[Read more...]

Filed Under: General Information Tagged With: ,

ISC2 Sends Erroneous Exam Notifications

November 27, 2010 By Mitchell Rowton 2 Comments

I took the CISSP-ISSEP, failed. Took it again, failed again. Just got an email saying “woops” you actually passed, there was a grading mistake. My mind went through the following phases

  1. Disbelief that this could actually happen, when I first got the email I almost ignored it
  2. Anger and frustration (I wanted to sue them on Judge Judy for the 1 million dollars worth of mental anguish they caused me)
  3. Happiness and a feeling that weight had been lifted off my shoulders

My ISSEP score was exactly the same both times I took it. Depending on the weight of the questions I failed by either one or two questions. I’m still not exactly sure if I passed both times or just the first time. They did reimburse me for the second exam because I didn’t need to take it.

[Read more...]

Filed Under: General Information Tagged With: , ,