When I took my CISSP exam, I was like most people who take it – I knew just enough to pass the exam, but I had to memorize things because I did not fully understand them. This made me very disappointed. My goal has never been to get as many certifications following my name as possible. In fact, my personal opinion is when I see someone list 10 certification credentials after their name in an e-mail, on a business card, or resume – the person may have an ego issue that requires the person to show off and brag about their talent of passing tests. So this type of person may be great at taking tests, but I have yet to run into a situation in real life where answering A, B, C, or D was required to get a job done.

At the time that I took my CISSP exam, there were no study guides, no books, and no websites for the CISSP exam. (ISC)2 was the only one who offered training for CISSP. They had it for four days a week for two weeks at that time. Attending a CISSP class back then requires you not to only listen to classroom lectures but also complement them with your own research and focused analysis of the CISSP topics as CISSP was still in its infancy during that time.

So after passing the CISSP exam and still not really knowing much about the various topics, I thought that someone should write a book on it. So I did. The first book I ever published was close to 1,000 pages long. I was a masochist.

There is a great difference in having to know topics to be able to choose the right answer to pass a test versus knowing the topics to be able to write a huge book and teach courses on them. I honestly feel very lucky and honored that I have had the opportunity to do both.

Now when I do consulting work, I many times understand topics that my fellow consultants do not and I can “see” the topics at a greater level and how it affects surrounding issues. I commonly bring up dependencies of certain solutions that the team has not thought about. And for years I have understood what a security program is truly made up of, which the industry is now finally getting a grasp on. I am certainly not the brightest bear in the bunch, but the level of research I have had to do on the topics within the CBK allows me to view security holistically and not be stuck in understanding security from only one point of view.

Part 2 of 5 extracted from an original article written by Shon Harris entitled:

The CISSP Exam is Out of Date, Irrelevant, and Subjective
Busting through the Myths of the CISSP Exam

Read Part 1 - CISSP Exam – Learning Above Technology And Understanding Security In A Holistic Manner

Read Part 3 - Preparing For CISSP Exam – Is It Really A Waste Of Time To Learn About The Wide Spectrum Of Topics Covering Security?

Read Part 4 - Learning Security Through The View Of CISSP Versus Reality

Read Part 5 - CISSP Exam – Having The Right Perspective On The World Of Security