It's been 2 days since sitting my CISSP exam, which I experienced with difficulties and the unlikeliness that I would pass 1st time. Though this isn't a shock considering it's reported that 81% of individuals fail on their first attempt. During the penultimate day, I investigated this shocking figure by reviewing blogs and forums to hopefully grasp an understanding to why so many candidates fail. Turned out EVERYONE was talking about their stresses and personal emotions rather than talking about the fundamental aspects of the exam. I asked myself, "why the heck are people talking like this?". If the topic was about school plays or getting your first period I'd understand, though this was a credited yet highlight professional examination.
After I underestimated the CISSP written exam achieving only 60% back in July 2012 (the pass rate is 70%), I decided to retake the exam though this time it was available to take it electronically. Pass or fail, I wanted to express my experience. It's gut-wrenching to even write this though recently I failed the electronic exam retake by 1.5%.
Out of the 10 domains, this is probably the easiest. It's fairly intuitive because it's packed with tangible knowledge that you can soak-up and digest in preparation for the exam. You will hear that the CISSP exam is a mile long and an inch deep meaning it covers a lot of topics without going too much into detail. There are topics that are much deeper though this one is fairly simplistic.
Risk, as I mentioned, is highly valuable for corporate decision making. It allows the steering committee to review the risk assessments and allows them to make tactical or strategic decisions. When you approach upper management highlighting firewall ACL configuration deficiency require many man-hours, they will initially reject the idea because of the expense and probably the fact that they wouldn't have a freaking clue whatsoever on the issue. Instead, if you stress the severity and the business impact the firewall misconfiguration may cause, then the decision makers could relate and understand the technical issues. The decision makers are ultimately responsible and therefore would have to mitigate the risk meaning they would have to approve the request or accept the problem.
Access Control is all about the security features that control how users and systems communicate with each other systems and resources. The objective is to protect the systems and resources from unauthorized access.
The basis of the taking the certification shouldn't be tangibly measured on the average CISSP Certification Salary after the exam, but it should be more focused on constructing your career strategically. That said, people often use their salary as a measuring metric and being a CISSP certified individual certainly supports that salary boost.
OK now what? Well, you could sit back for 3 years with a smug impression on your face then re-take the exam (not recommended by the way),
or you can maintain your CISSP status by collecting CPE (Continuing Professional Education credits) points over the 3 years and avoid another 6-hour exam (recommended!)
I was fascinated in the salary when you're associated with the CISSP certification. I blogged about this in the
'CISSP Certification Salary of 2013' post though as
we've jumped into 2014, I wanted to understand if the trend has continued to expand.