Oh, ISC(2), how I have blocked you from my mind.
It’s often said that you need to know much of everything to get your CISSP (Certified Information Systems Security Professional). You need to know information security “a mile wide and an inch deep.” That’s a very accurate description.
When I took my CISSP exam, it was before they were online or in a testing center; you had to fly to the testing location, wherever it was being held on that weekend (they weren’t every weekend; it was like once a month or something). The testing sites would be in this time zone or on that continent, and you had to plan out months in advance, schedule the test, book the flight, book the room, etc.
I took my test in Denver because cheap flights were coming out of Provo Airport on Frontier, I think (they no longer fly out of Provo, but there are now two airlines that do, and the prices are still cheap).
When I was studying, and remember, I’m self-taught — I have a bachelor’s degree in Music Composition, of all things — I had a lot to learn. I had two textbooks and was reading through them and identifying every term and acronym I didn’t know. I would circle it and underline the definition or full words, and then my wife would spend the next day going back and making flashcards for me (this was back when we had wee children, and she could watch them more easily than when they could run and break things). Ultimately, I had a stack of flashcards about six inches thick. And I just went through them over and over and over and over. And over and over. One of the books had practice tests, and I didn’t want to take one until I had finished studying, which let’s face it, is only the night before the test.
So I fly to Denver, expecting to be smack dab in the middle of the rocky mountains, and finally be in a mountain town, I mean, this is the home of the mile-high stadium, and supposedly has better snow than we have here in Utah (not true). When I got in the taxi to the hotel, I was flummoxed. Everything was flat as a pancake. I asked where the mountains were, and the taxi driver pointed west and said, “You see those bumps on the horizon? Those are the mountains.” I was SO disappointed. And I realized the beautiful mountain in my backyard is as good as I could ever need. Denver is a lie. Fight me.
There were four other people in the taxi to the hotel with me, and I found it odd that we were all going to the same hotel (it wasn’t a swanky thing, but a bit of a dive in the middle of nowhere Denver). I asked if any of them were in IT (I didn’t want to be SO nerdy as to ask about the niche of InfoSec — I’m much more confident now), and was surprised (kinda) that they all were, and they were all coming to take the CISSP exam, and they had all attended a BootCamp where you were guaranteed to pass the exam, or you’d get to do the BootCamp again for free. I felt inadequate as I swear the two pounds of note cards in my backpack grew heavier. They would all get together for dinner, and I was invited, but I wanted to study. So I walked down the street to the Noodles N Company, got the new Buffalo mac n cheese, and took it back to my room. I sat down with my computer, started the practice test, and lost my mind. I didn’t know the answer to over half the questions. I FAILED the practice test. I freaked out and started crying. I had planned so long, spent the company money, and shouldn’t even be trying to be in security. I ran through the cards again and was frustrated that I had chosen all of these things to highlight and study when I so clearly missed the boat and I was going to look SUCH the fool and those other people were smart and took a BootCamp so they were going to ace it. Ugh.
I took the second practice test and failed again. I called my wife and said I was a failure and wasting all this money and should hide until my plane went home. She talked me down and convinced me to do my best.
The next morning, I went to the hotel diner to get a bite to eat before the test — the test is six hours, no lunch break. The group from the taxi was there, and we talked. They seemed so excited, and I was hoping you couldn’t see that I was a fraud and hadn’t slept a wink and had tear streaks down my face. We exchanged email addresses to keep in touch.
We went upstairs to the ballroom (which seemed like a very ghetto version of the Overlook Hotel ballroom), and there were eight rows of tables, five tables to a row, and all tables were separated. There were two seats at every table, spaced as far apart as they would go. We had our bubble sheets and the sealed booklet. We were given two pencils; if we needed a sharp one, we were to close our book and raise our hands. Proctors patrolled us to make sure we didn’t look around, no notes, no whispering, etc. It was very tense.
When we began, I started using a technique I had been told previously where you go through and answer the easy ones, the ones you know you know. Then you go back and answer the ones you have to think just a little about, and then you dig into the ones you do not know. I went through and was pleasantly surprised that I could easily answer more than half the test (a voice in my head said even though I thought I knew them, I was probably wrong but confident). Two hours had passed. I went back and went through the second pass, and oddly started to feel more confident. I recognized the questions and was more than 50% sure I had the answer. This took another hour and a half, and I began to hear huffs and puffs around the room.
I went back and did my third pass, and there were a few that I simply did not know. I don’t know where I would have picked up the answers, but it was as foreign as Greek. Besides those, I was able to work through the answers and determine my best guess. After four hours and about 20 minutes, I was done. As I was closing my book and getting ready to stand up, I heard a yell and jumped at the sound. I turned around to see where it had come from and just caught a guy standing up and flipping his table. He was cursing and yelling and wasn’t having a good day. The proctors grabbed him and his table-mate and walked them out, and the rest told us to freeze and not move until they had regained control. So I waited for a bit until they said we could continue. I stood, went to the back, and turned in my test and booklet. The guy at the check-in table said we’d have results by Thanksgiving (this was September). I went to my room and crashed.
The next day, we all caught the same taxi again to the airport, and I was surprised to hear them all flustered and saying that they hadn’t studied that or hadn’t studied this either, and it sounded like they weren’t confident about their test takings. I wasn’t either, but I didn’t want to tell them I felt better as the test went on as it sounded like they felt more frustrated.
We didn’t hear by Thanksgiving. We didn’t hear by Christmas. We finally heard in February — FOUR months after they said we would. I hated waiting. The email from ISC(2) was pretty matter-of-fact and didn’t seem to express the accomplishment I thought I had. “Congratulations, you passed your exam. The next steps…..” Nevertheless, I PASSED!! I emailed the group from the taxi the great news and asked if they passed too. None of them did. I felt bad.
Anyway–that was my experience getting my CISSP. It’s easier to take the test today, but that’s not the hard part, it’s the learning InfoSec a mile wide and an inch deep. Why am I talking about all this? My first class in my Masters’s program is Fundamentals of Information Security, and it’s all ISC(2). I am studying the OSI stack again. I am studying the advances in internet speeds as protocols and technology advanced. I’m back to knowing how to make a cross-over cable and the difference between T568A and T568B wirings. Ugh. I don’t understand why I need to know this stuff. If I ever had to wire an RJ45 cable, I’d GOOGLE IT, and no one would care!
Oh well. I’m back in school. And you do what you’re told. How can you eat your pudding if you don’t eat your meat?
0 thoughts on “Starting My Master’s Degree”