By Shon Harris

http://www.LogicalSecurity.com

I have been in the "CISSP world" for over 10 years now. I have taught it for 8 years around the world for corporate and government agencies. I have written books on it, developed products, webinars, study materials, etc.

Over the years I have noticed that the students who are attempting to achieve their CISSP certification have changed in their approach. Five years ago people studied material on their own for months before attending a CISSP bootcamp course. This is necessary because no one can really learn the extensive material that the CISSP exam covers in just 5 days. Over the last few years, I have seen a real switch in the approach of achieving this credential.

Since the information security market is continually growing and security professionals are in such high demand, many people are jumping into the industry without a solid foundation of knowledge and experience.

People who worked in information security five years ago and back had to be very self motivated to learn this trade because there were no security courses, books, websites, and resources available to them as there are today. These individuals had to have a solid system and network skill base in place because that is where security was in those days – just at the protocol and port level.

Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam. While many individuals want to increase their career opportunities and companies want to brag about the number of CISSPs on their staff – the individual, company, and industry are cheated with this approach.

While the CISSP exam is not made up of very useful and effective questions, the Common Body of Knowledge (CBK) is the crux to understand for any type of security today. If an individual has a solid grasp of the concepts and topics that make up the 10 domains of the CBK, advancement in a career is a given where just obtaining the CISSP certification is not.

I have taught classes where people have asked me what a MAC address is, what ARP does, asked me to explain Remote Procedure Calls (RPCs). Internally I cringe because I see that the person does not have a solid technical base. Although security is more than just technology, technology is still the important core that most security practices surround.

I also cringe when I hear students complain because there is too much information covered in the five day class. I agree that there is a tremendous amount of topics covered in a CISSP course, but it is only overwhelming if the person has not studied on their own for months before attending one of these courses.

Studying for the CISSP exam correctly can be one of the best investments you will ever make in your career, because all fields of security builds upon the foundational material that the CISSP exam covers.

Because of this shift from attempting to learn the material to just looking for brain dumps and other shortcuts, I have made a shift in my company’s CISSP offerings. Materials that we once charged for are now included in our CISSP offerings or free. Although this does affect our bottom line, I think it is critical that people actually LEARN the security information – otherwise we are all wasting our time.

We have changed our model of teaching by providing students with study material in several formats (CBT, on-line questions, MP3s, books, etc.) for free to help them properly prepare themselves for our five day CISSP course. People learn in different ways (reading, listening to lecture, doing) which is why we have developed several different formats for proper knowledge transfer to take place.

I know many people’s goal is to be able to have CISSP after their name on their business cards, but my and my team’s goal is to ensure that the effort of studying is directly beneficial to the individual, their company, and the industry over all.

For more information, please visit CISSP Training  or contact me directly at ShonHarris@LogicalSecurity.com.

We are all in it together, so it is important to help each other out as much as we can.