After going through the studying and taking of the test, here are some brief facts:
- The test consists of 250 multiple choice questions.
- Test taker has six hours to complete the test.
- Test consists of a booklet (containing questions) and Scantron with number two pencils for the answers (yes, the same Scantron sheets used in grade school in the 80s and 90s.
- Test costs $600 to take.
ISC2 is a non-profit organization so why am I paying $600 for a pencil and Scantron test? Where exactly does my money go? Also, for a security test I did not get searched for any electronic devices so if I had a cheat sheet on my phone then it wouldn't be hard to put it in my lap if I chose to do so. If the proctor was in fact watching, I could simply excuse myself to the restroom as that was permitted as well...
My biggest complaint is the actual content of the test though. There are ten domains that the prospective CISSP candidate is expected to master yet the test was a farce when compared to the daily experiences of a security professional. I actually had one question where the correctness of the answer simply came down to whether I knew the difference between the words "objectivity" and "subjectivity". How in the world does that make me equipped to handle real world incident response?
All in all, I think the CISSP should consider some serious revamping to bring the level of value one would expect from someone who carries the credentials.
Oh, and don't think you will get results of the test in any short time frame - took me nearly two months to find out I passed.