Once people finish asking me how hard CISSP is, they often follow up with another question: Is CISSP worth it? As long as you have something to back it up with, I think the answer is a resounding yes.
Besides work experience, I probably get more questions about CISSP continuing education than anything else CISSP-related. Fortunately, keeping your CISSP can be a lot cheaper and easier than getting it in the first place was.
CISSP continuing education is measured in CPEs. You get one CPE per hour of “study.” Study is a pretty loose term. If you’re learning about security, you can probably find a way to make it count. You need to get 40 CPEs per year.
Several months ago, I started listening to security podcasts in the car during my commute. I probably have my annual CPE requirement tripled by now–I’ll go submit my 30 in a week or two, and I don’t see much point in tracking it beyond that–but, more importantly, I’ve increased my professional awareness. Read more
Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those pages in the CBK about phone phreaking.
I propose a new rule. I think it’s a very modest and very reasonable proposal. It has two parts.
1. No meeting can last longer than 6 hours (the length of the CISSP exam)
2. Material presented in said meetings may have no more than 250 items (the same number of questions in a CISSP exam)