Tuesday, February 26, 2019

Skills Incentive Program (SIP) and CISSP

I passed the Certified Information Systems Security Professional (CISSP) test and I'm so glad that's done! I previously wrote a little about Skills Incentive Program (SIP) pay at the end of this post when I first started with the Foreign Service. They've tweaked the rates to an extra 10% or 15% pay for 3 years depending on the level of the certification.

CISSP is a 15% cert so that'll be awesome after I finish the paperwork, receive the certificate, submit it to the SIP panel for review (only meets every 2 months), and then HR finally processes it for Finance to add it to my pay. It'll easily be summer before I start seeing the fruits of this labor but it'll continue for 3 years. If history repeats then it'll continue for 5 extra months even though I told HR 2 months early and repeatedly begged them to stop it until they finally did. Finance gladly takes back the overpayment in sizable chunks until the HR induced debt is repaid. They always do. Regardless, it's a great benefit!

My original intent was to keep SIP going throughout my career but I did let it lapse half-way through my last assignment. There aren't so many approved certifications on the list that I'm truly interested in knocking out. Additionally, Caracas had a 30% hardship differential so that was a big pay bump for those 2 years. Riga is only 5% so my incentive to get that incentive pay is higher now.

If you're interesting in the CISSP then you may ask how I passed. In my case, I think most of the credit goes to 27 years of exposure to the 8 domains of the test. I reviewed some study material but I leaned heavily on my own knowledge base and work experience.

I suggest looking through some quick guides at Thor Teaches. I've seen recommendations for these two in particular but watch out for a few typos and errors:
If you go through some study material and feel lost anywhere, then be sure to deep dive in those areas. I felt pretty good reviewing everything but I hit some test questions that seemed particularly deep and nothing I remembered seeing in review. I hoped they were one of the 25 questions on the test that don't count. There's 25 questions that are only there to be evaluated for future test inclusion. Yes, the test includes questions being tested on us instead of testing us. The test is adaptive with 100 to 150 questions if it needs more questions to properly evaluate you. It has a 3 hour limit no matter how many questions it asks.

I ended with 100 questions after 1 1/2 hours. I was a little worried that it figured out I was a failure too easily. I only felt good about maybe half of the test so I had my doubts. It didn't say on the screen if I passed and just said to go get my printout from the test administrator. She didn't have the printer so I had to wait for it to come from somewhere else in the building which compounded the expectation anxiety. Fortunately it was a passing result.

I read CISSP for Dummies because I like my learning to be humorous. It wasn't as funny as I wanted, but it threw in some jokes here and there to help keep my attention. The book had a lot of familiar stuff for me but in some ways it only scratched the surface. Fortunately the test is more about application of knowledge instead of memorizing the thickest CISSP book you can find. You can work your way to a probable answer if you have enough breadth of knowledge and the right mindset. See the videos below for those mindset tips.

Watch this video from Larry Greenblatt about the CISSP 2018 update. It has a summary of what the test is like with tips on how to approach it. It's also worthwhile to enjoy the Spock and Kirk tip at the end which I used on many of the questions. My gut served me well this time.

Here's a good video from Kelly Handerhan on the CISSP mindset to help you pick the kind of answers they're looking for here. A question may have several factual answers listed, but they often enough ask for the BEST answer of the four. It isn't enough to just pick the right answer which can feel extra cruel at times.

I tried finding a good overall review video and found this older one from Joseph Delgadillo which does the trick. There are longer video series available but this is the video equivalent of a quick guide. There's a few rough spots where he mumble skips words or contradicts himself so pay close attention to the slides while watching it.

Good luck!

1 comment:

  1. Guess I'll keep my CISSP active, in case I make the cut.