Home page logo

educause logo Educause Security Discussion mailing list archives

Re: recommendation for a cissp bootcamp
From: Paul Keser <pkeser () STANFORD EDU>
Date: Tue, 9 Dec 2008 16:24:44 -0800

Hash: SHA1

Well put.  I would have to agree.  I studied for (and passed) my CISSP
on my own during the 1st 2 courses of my MS in Information Assurance.

It would have been a piece of cake if I had waited until completing my
MS but main thing I did notice was how much more depth my master program
went into.  They basically expanded all the 10 domains into separate

After completing the masters program it definitely reinforced my initial
feeling that the CISSP was 10 miles long and 2 feet deep.

I have heard nothing but good things about our local ISSA chapter's
review course.  It actually costs less than the included materials would
on their own I believe.  Everyone I know that *relied* on a bootcamp
type class failed the first time and had to study and try again on their
own.  Those that studied on their own and used a bootcamp to augment
their training were successful.

- -PaulK

Paul Keser
Assoc. Information Security Officer
Stanford University
GPG Fingerprint:  DBA3 E20F CE91 28AA DA1C  4A77 3BD9 C82D 2699 24FB

Lovaas,Steven wrote:
Since this is a *higher education* security list, I have to chime in here. Don't
get me wrong, I see value in technical training such as SANS provides. But the
CISSP has never been about certifying technical knowhow. It's about a broad
awareness of the field, the kind you need if you're going to be talking security
both to network/system folks and to management/finance/legal as well. It's about
breadth, of the kind you get in a Master's degree. When there *were* no MS
programs in infosec, taking boot camps and the like for the CISSP was the best
way to get that kind of knowledge (other than live experience).

But now there are a number of great degree programs at all levels, and we ought
to be encouraging our peers -- the ones who want to get into security in some
depth -- to be acquiring academic credentials. After a master's program, you can
walk in and take the CISSP exam with no further preparation and not break a

Some of these high-quality programs are online, and can be done from the comfort
of your gaming console (I mean, PC) while working full-time. I happen to be
partial to the program at Norwich University, where I got my MS and have taught
from time to time. My classmates are all out working in the field, and I've had
many doors open to me (including a PhD program) because of the knowledge and
contacts I made there.

So I won't bash SANS and all the rest... I just don't think they're the
appropriate answer to every question.


Steven Lovaas, MSIA, CISSP
IT Security Manager
Academic Computing & Network Services
Colorado State University
Steven.Lovaas () ColoState EDU

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doug Markiewicz
Sent: Monday, December 08, 2008 12:20 PM
Subject: Re: [SECURITY] recommendation for a cissp bootcamp

All of the bootcamps are just CBK reviews.

Eh, good point.  I would recommend one of the 3-5 days @ 8-hours/day variety
over a 6-7 days @ 10-12 hours/day variety where your
brain is total mush afterwards.

There is no way for someone to pass this exam without the prerequisite

Well if you can memorize a book, you can pass the test.  I've seen plenty of
that.  If you don't have the experience, you can still
sit for the test and become an Associate of ISC2.  Whether you have the
experience or not, I think the prep and testing taking are
an interesting experience.
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]