Several of my friends passed the CISSP exam recently, and told me that it isn’t as technical as I told them it would be.
They said it was more of a security manager certification.
In fact, in the boot camp they attended, the instructor said the same thing…that years ago it was much more technical, but when they redid the security domains from 10 down to 8, it really changed.
Others think they have been ramping the CISSP requirements down for a few years.
If the CISSP has changed that much, I wonder if it’s closer to ISACA’s CISM (even if that’s true, I still value ISC2’s certs over ISACA’s).
Perhaps that’s why ISC2 created the CISSP concentrations, which supposedly take the CISSP cert to the next level: the CISSP-ISSAP credential in architecture, the CISSP-ISSEP credential in engineering, and the CISSP-ISSMP in management.
For free videos on the concentrations, see this post, FREE CISSP Cert Webcasts from ISC2.
I told my friends that they better know their crypto and physical security to pass the exam; that’s what was stressed when I took it. They told me they had the most exam questions about the software development cycle.
If you took the CISSP a while ago or recently, I’d like to hear your opinion…