Having a CISSP certification I know it is more than just passing the test. You are not certified as a CISSP until you have another CISSP attest to your qualifications and you submit a detail resume of your security experience by domain to (ISC)2 auditors. If the auditors do not feel your experience is sufficient you don't get the certification.
I cannot discuss the test or the testing strategy [(ISC)2 CISSP NDA] but (ISC)2 makes it known that not all the questions on the exam have the same point value and some questions have no point value at all. Dave David Wieneke, CISSP, GSEC, MIT IT Security Engineer Security Operations CUNA Mutual Group 1.800.356.2644 Ext. 7753 dave.wien...@cunamutual.com Common Purpose. Uncommon Commitment. All information contained in this message is privileged, confidential and intended for the sole use of the individual(s) named above. If you are not the intended recipient, you are advised that any dissemination, distribution or copying of this communication is prohibited. If you are not the addressee or the person responsible for delivering this to the addressee, or have received this e-mail in error, please notify us immediately by returning the original message to the sender by e-mail and deleting the material from any computer, and destroying printed correspondence. -----Original Message----- From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf Of Wall, Kevin Sent: Wednesday, April 14, 2010 10:25 AM To: 'Gary McGraw'; Matt Parsons; Secure Code Mailing List Subject: Re: [SC-L] any one a CSSLP is it worth it? Gary McGraw wrote... > Way back on May 9, 2007 I wrote my thoughts about > certifications like these down. The article, called > "Certifiable" was published by darkreading: > > http://www.darkreading.com/security/app-security/showArticle.jhtml?artic leID=208803630 I just reread your Dark Reading post and I must say I agree with it almost 100%. The only part where I disagree with it is where you wrote: The multiple choice test itself is one of the problems. I have discussed the idea of using multiple choice to discriminate knowledgeable developers from clueless developers (like the SANS test does) with many professors of computer science. Not one of them thought it was possible. I do think it is possible to separate the clueful from the clueless using multiple choice if you "cheat". Here's how you do it. You write up your question and then list 4 or 5 INCORRECT answers and NO CORRECT answers. The clueless ones are the ones who just answer the question with one of the possible choices. The clueful ones are the ones who come up and argue with you that there is no correct answer listed. ;-) -kevin --- Kevin W. Wall Qwest Information Technology, Inc. kevin.w...@qwest.com Phone: 614.215.4788 "It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration" - Edsger Dijkstra, How do we tell truths that matter? http://www.cs.utexas.edu/~EWD/transcriptions/EWD04xx/EWD498.html This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________