Another piece that contributes to the thinking that you have to learn security incorrectly for the exam is the INSTRUCTORS. I cannot tell you how livid I have become over the years where I hear instructors tell students that they just need to memorize the CISSP type of answers, even though that is not really how it works in real life. This is a case of the blind leading the blind. Many people have wanted to work as CISSP instructors for my company over the years and many of them failed because of this exact issue. The instructor does not fully understand the specific topic, so he takes a copout and says that it is wrong but you have to know it anyway for the exam. Unbelievable, but this is a common practice in CISSP courses.

So is the CISSP exam is out of date, irrelevant, and subjective? Only if you do not put the effort into actually understanding the concepts that are covered on the exam.  For example, you may have learned the ‘canned’ definition of the TCB and security perimeter, but what do they have to do with the real world? You can only know and understand if you put in the effort. If you just want to just get your CISSP and memorize the ‘canned’ definitions, don’t ask me for a job and I hope I don’t work on any consulting team with you.

The best compliment I have received over the years is when someone comes up to me after my class and says, “No matter if I get my CISSP or not, this class really opened my eyes to the world of security.”

Part 5 of 5 extracted from an original article written by Shon Harris entitled:

The CISSP Exam is Out of Date, Irrelevant, and Subjective
Busting through the Myths of the CISSP Exam

Read Part 1 - CISSP Exam – Learning Above Technology And Understanding Security In A Holistic Manner

Read Part 2 - Training For CISSP – The Early Days

Read Part 3 - Preparing For CISSP Exam – Is It Really A Waste Of Time To Learn About The Wide Spectrum Of Topics Covering Security?

Read Part 4 - Learning Security Through The View Of CISSP Versus Reality