Yesterday I sat the CISSP exam.

It is not really my idea of fun to sit for 6 hours on a Sunday chewing on a pencil and filling in circles on an answer sheet. Last time I did this was for my GCSE's 18 years ago. The exam can last up to 6 hours with 250 questions. I must say that after 3 hours I was starting to wish I was finished!

The CISSP is regarded by many to be 'the certification to have' in Information Security. It covers 10 domains of knowledge and whilst the examination questions don't test an in depth knowledge of each, the more familiar you are with them the better.

Like with most certifications, there is a debate about their value in the field.
Bad : Good:

To some extent it is a snapshot of a certain set of criteria at a particular point in time (much like a driving test or MOT for your car). One of the differences with the CISSP is that you have to continue to be exposed to security related information to gain CPE points to retain your certification.

The questions are not designed to be have technical depth, so don't expect to be asked about the 4 stages of Rijndael operations per round. However generic questions regarding contol mechanisms are more likely to be asked.

All in all, I think it is a very worthwhile certification and the questions are designed to make you think, rather than just select answers parrot fashion.

One of the more annoying features of the exam is I now need to wait 4-6 weeks to get the results :(