Upholding the Second Canon
The second canon of the (ISC)² Code of Ethics advises security professionals to act honestly, among other things. We want to do our part to uphold the second canon. Here are the top three CISSP myths, debunked.
“Fact” 1: There are Valid CISSP Exam Braindump Sites
An exam braindump refers to a site that hosts “real” exam questions and answers that are available for purchase. These sites claim that they have somehow acquired (ISC)²’s bank of exam questions, and all you will need to do on test day to pass the exam is regurgitate the right answer to the question you have already seen, word-for-word.
Aside from running the risk of being illegal, the exams offered on these sites are as real as a TCB’s reference monitor. These sites are quintessential social engineering. Watch out for promises on sites like “Real exam questions taken from the current pool of questions,” “Free updates, available within 1 week of any change in the real exam,” and “Testing Engine Downloaded Instantly After Purchase, Simulating Real Exam Environment.”
These sites will even show you customer testimonials as proof of their authenticity. For example, on braindumps.com, “Juliana” from New Jersey writes in, “I passed with an exceptional score of 89 marks in CISSP examination!” Juliana, you need a 700 to pass. Also, if you pass the exam, you don’t find out your score. But you wouldn’t know this, Juliana, because you’re a made up person.
“Betti” from Miami shares, “CISSP examination was all about programming and networking…I took help from Braindumps and commenced the preparation I proudly say that I scored 90 in my examination. All thanks to Braindumps” (Too bad braindumps.com doesn’t help with basic grammar and syntax…)
Thanks, Betti, for presenting some “alternative facts” and bringing us to Myth #2.
“Fact” 2: The CISSP Exam is a Technical Exam
We know it’s tempting to believe Betti and that the exam is all about programming and networking, but it’s not. In fact, those topics are mentioned in just two domains (8 and 4), which cover just 22% of the exam. Rather, the exam is a managerial one.The ultimate goal of the exam is to create cyber managers: cyber professionals that possess security prowess alongside managerial competence. As the official CISSP exam outline shows, one of the largest focuses of the exam is business-related topics such as business continuity plans, business impact analyses, and disaster recovery strategies.
Indeed, this managerial focus is part of the challenge of the exam; the exam requires resisting the temptation to choose the technical solution, and instead thinking like a senior manager and prioritizing topics such as business concerns, financials, and personnel safety.
Thinking like a manager is a specific lesson included in our test day strategies. We teach you how to pick the answer choice that a senior manager would, even if you don’t have any management experience. Learn more in one of our previous blog posts.
“Fact” 3: You Need Five Years of Experience to Take the Exam
Here’s the reality: You need five or more years of experience in two or more domains to become fully certified, but you can take the exam at any point. If you pass the exam before earning five years of experience, you can enroll in the Associate of (ISC)² program. This program allows candidates to upgrade their resume and knowledge while they are gaining the necessary experience to become fully certified. And here’s another fact: Just being associated with (ISC)² pays off — literally. According to a 2015 Global Information Security Workforce study, (ISC)² members reported a 35% average higher salary than non-members.
Get the Facts
At CyberVista, our course takes a student-centric approach. We know braindumps are tempting. We know thinking like a manger is hard. And we know sitting for the exam with fewer than five years of experience is daunting. But we can help you avoid sketchy shortcuts, think like a manager (not an engineer), and help you pass the exam the first time, even if you have fewer than five years of experience. Learn more here.