The first time I took my CISSP exam, I have taken it the way most people take it – knowing just enough to pass it was my aim, but I had to memorize things because I had no deep understanding of the concepts. This made me very disappointed. My goal has never been to secure as many certifications that can be attached to my name as possible. In fact, my personal belief is when I see somebody list 10 certification credentials beside their name in an electronic mail, on a business card, or CV – the person may have an ego issue that requires the individual to show off and brag about their credentials. So this person may excel in taking tests, but I cannot recall an actual situation where answering True Or False was needed to get a job done.

When I took my CISSP exam, no study guides were available, no books, and no sites for the CISSP exam. (ISC)2 was the sole body who provided training for CISSP. They had it for four days a week for two weeks at that time. The first week of training I could sense that my instructors did not really fully understand the subjects that they were teaching. I even questioned one of the instructors a question on Kerberos and instead of discussing the answer to me, he said, “You don’t need to know that for the test.” I was in shock. I could sense not only did he not know the answer, but his biggest focus was to help people memorize things that were going to be on the exam. After getting the same type of response to a few more questions, I just stopped asking. On the 3rd day out of the eight days of class, I decided not to attend anymore. We were discussing myriads of subjects at breakneck speed that I did not know and staying and sitting thru the class would mean I would just listen to more lessons and get nothing from it and get more frustrated.

Just would like to note that the two (ISC)2 instructors that handled the class I was in have always touted over the years that “Shon Harris learned from them” and (ISC)2 sales people claim the same thing today to fill more seats in their class. I have heard about these comments for years now. What the instructors from (ISC)2 and sales people do not mention to their customers is that I quit the class because it was of no use.

So after passing the CISSP exam and still not really knowing much about the various topics, I believed then that somebody should write a book on it. So I did. The first book I ever published was close to 1,000 pages long. I was a masochist.

There is a huge difference in memorizing concepts to be able to select the right answer to pass an exam versus knowing the concepts to be able to write a huge book and handle training courses on them. To be honest, I feel so fortunate and rewarded that I have had the opportunity to do both.

Now whenever I do consulting work, I more than frequently comprehend topics that my colleagues do not and I can “see” the topics at a greater level and how it influences other surrounding issues. I usually raise dependencies of certain solutions that the team has not considered. And for many years I have understood what a security program is truly made up of, which the industry is nowadays at last getting a grip on. I am for sure not the brightest bear in the bunch, but the extent of research I have had to do on the subjects contained in the CBK enables me to look at security holistically and not be lodged in comprehending security from one point of view only.

Article Directory: http://www.articlecube.com

Logical Security CISSP course provides comprehensive training in all 10 domains of the Common Body of Knowledge (CBK). Gain a complete and deeper understanding of CISSP by visiting http://www.logicalsecurity.com/education/education_courses_cissp.html.