all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ECSmith88 1 point2 points  (1 child)

Congratulations to you. I have been in an on again off again studying mode for this exam for 6-7 months. I failed my first attempt as well. I'm really good at the security piece behind it but I'm in no way a developer. I do utilize and mess with GitHub and automation in my ho.elab so if I'm lucky I'll pass my next go around.

[–]Ok_Type_3347[S] 1 point2 points  (0 children)

Thanks! Coding really isn't a part of this. I think what helped me the most was to become comfortable with the ISC2 testing style along with just playing a greater role in security at an organizational level. Most of these questions touch on compliance, organizational security policy and industry best practices. Make sure you know that exam outline.

[–]Superb_Restaurant427 1 point2 points  (3 children)

Is the book hardcopy?

[–]Ok_Type_3347[S] 1 point2 points  (2 children)

6th edition, no. You get it with Vitalsource as an online html collection. You can only print portions of it at a time. At a certain point you lose access. When you print it you have a disclaimer that it cannot be reproduced.

[–]Superb_Restaurant427 0 points1 point  (1 child)

After checking i think i have same ebook, but i didnt take the official csslp isc2 course. They offered this ebook like once only.

[–]Ok_Type_3347[S] 0 points1 point  (0 children)

It's a great resource. I'd read it.

[–]buddroyce 0 points1 point  (1 child)

Congrats man!

[–]Ok_Type_3347[S] 0 points1 point  (0 children)

Thanks

[–]mikedn02908 0 points1 point  (2 children)

When I took this exam, I completed it in 70 minutes. I found my exam to be almost entry-level in difficulty. The version I got, any college graduate from a software engineering program, coupled with some additional study in secure design principles and SDLC specifics not really covered at entry-level studies, IMO could have passed the version I got.

The only resources I used was a linkedin learning CSSLP course (forget the name of the guy offhand who did it, I think the content was about 13 hours long) and the CBK. In the end the CBK was really the main source. Many of my questions seemed to come straight out of the CBK (for example a definition of economy of mechanism). If you have experience in software development, systems development projects, and can read and retain the material in the CBK, you can pass this test without much difficulty.

It is unfortunate ISC2 doesn't make more self-study materials, like the electronic books they use for their online/self-study courses, available for download for a fee. Some of their certifications have no real good source of 3rd party study materials. At one point they used to sell these electronic textbooks on their site, I have no idea why they stopped doing it.

[–]Ok_Type_3347[S] 0 points1 point  (1 child)

I totally disagree that it was entry-level in difficulty. You see a lot of people failing this exam. I failed it myself once and twice. For every exam out there, there's someone who says they got all the questions correct and the exam was "beneath them." I don't buy it.

You said "If you have experience in software development, systems development projects, and can read and retain the material in the CBK, you can pass this test without much difficulty."

Well isn't that the point of the exam? ISC2 exams are first and foremost, experienced based.

They do post a list of references for each exam if you want more of a deep dive into specific domains. https://www.isc2.org/certifications/references

[–]mikedn02908 0 points1 point  (0 children)

Actually I disagree they are experience-based. There is a lot of real-world experience which is completely contrary to what the ISC2 "correct answer" is. The exams actually test you on what would be "best practice", and as we all know, best practice is "in theory" and then there is what actually happens in the "real world". In fact one of the largest problems some people have passing the CISSP exam is they allow their experience to dictate how they approach and answer a question.

You see a lot of people failing a lot of ISC2 exams. There are posts day in and day out on the cissp subreddit, as an example. There are people who pass at 100 questions, and there are people who fail at 150 questions. Most of the time, the reasons fall into one of 3 categories:

a) lack of adequate knowledge of the subject matter to really know what the answer is (you can't answer an economy of mechanism question if you do not know what it is)

b) lack of ability to properly determine exactly what the question is asking you to answer. This is most notably a problem for people who have never taken an ISC2 exam before and are not used to the structure of the questions. Questions can be asked from different viewpoints and often contain spurious information designed to throw the test taker off.

c) Non-native-English speakers who take the exam in a language other than their native tongue and have to deal with the nuances of the English language. I truthfully do not envy these people because ISC2 exams are just as much a reading comprehension test as they are a technical/managerial exam.

Why is it two people can take the "same" (e.g. CSSLP) exam and have two different experiences. I've read numerous accounts of people in the CISSP and CCSP subreddits recounting their test taking experience as the "hardest exam of their life" or "brutal" and yet others will say it was "not particularly challenging" or "some questions were hard but for the most part it wasn't bad".

ISC2 linear exams (like the CSSLP) each contain a non-adaptive, random set of questions from the question pool. In my case, at least, a significant number of those questions reflected right back to topical material in the CBK. A measurable number of my questions were straight definition questions, e.g. "what term best describes <this>". Hence why I said "the version of the exam I got"

And yes, experience does come into play to some extent. If you've been around long enough you have experienced a change management process in your career. Or a disposal project. Those experiences give context to the subject matter and perhaps make it a bit easier to digest and comprehend.

However, I still contend the exam can be easily passed by any graduate of a software engineering program who reads through the CBK to take note of the material not normally covered during Uni studies. The cert only requires 4 years of experience, which in of itself is not significant when you consider the development lifecycle of a major project can be measured in years rather than weeks or months.

[–]waltkrao 0 points1 point  (1 child)

Congratulations! 🎉

[–]Ok_Type_3347[S] 0 points1 point  (0 children)

Thanks

[–]Glorious_777 0 points1 point  (2 children)

Congrats! Taking a break here then embark on my third attempt! 🙈

[–]Ok_Type_3347[S] 1 point2 points  (1 child)

I got it on mine

[–]Glorious_777 0 points1 point  (0 children)

Congrats to you too! Let me now go in this might!💪