Interview: Certified Professional Michael Gregg
- By Anne Martinez
- Published October 27, 2004
It is important to prepare for an exam in the way it is given. Michael Gregg's latest CISSP book will help you do just that.
Interview: Michael Gregg
Author: CISSP Practice Questions Exam Cram 2
Security continues to be on everyone's mind. The CISSP certification has again topped the list as one of the most sought after security certifications. Individuals preparing for this exam want to make sure they are fully prepared before attempting this difficult exam. That is why GoCertify has taken time to discuss with Michael Gregg, CISSP, author of "CISSP Practice Questions Exam Cram 2" what he thinks about the certification and how one may best prepare for the exam.
CISSP Practice Questions
Exam Cram 2
by Michael Gregg, CISSP
GoCertify: There are many different study aids available for those preparing for the CISSP Exam. Why should someone consider your publication?
Michael Gregg: Readers should consider my book because it is a great study aid. It is important to prepare for an exam in the way it is given. Since the CISSP exam is paper based, my book gives readers the real life experience needed to pass the exam. It also has a CD with all the questions included in an electronic form. Another good reason to choose this publication is that I was fortunate enough to work with Clent Dupuis as the technical editor. He maintains one of the most well know CISSP sites on the web, ccure.org. His feedback helped make this into one of the best CISSP products around.
GoCertify: Do you think it is possible for someone to just use study materials alone to pass this exam?
Michael Gregg: It depends, this is not an entry level exam and at with a cost of almost $500, it would be prudent to be well prepared before attempting the exam. Some individuals may have a good knowledge of all ten domains but if you don't, you'll need to spend extra time in areas in which you are weak.
GoCertify: How would you recommend someone prepare for the CISSP exam?
Michael Gregg: Go to the ISC2 website and download a copy of the CBK (Common Body of Knowledge). It will give you a good idea of what the test covers and what you'll need to know to pass. If an individual has a strong background in all ten domains, a review seminar, some reading, and a good book of test questions like my Exam Cram 2 book may be enough. For those that lack the depth and breadth of knowledge in all ten domains, a training class or more intense study will be required. One good choice would be Villanova University's CISSP course. I am one of the developers and will be teaching the course online in 2005.
GoCertify: What information would you like to pass on to our readers about the exam experience? How is the CISSP exam different from other exams?
Michael Gregg: The test consists of 250 multiple-choice questions. It is unlike Microsoft and most other IT vendor exams as it is not a computer generated test. This is a good reason to start practicing with paper based practice tests like you will find in my book. The candidate has up to 6 hours to complete the exam. Since the exam cost about $500 it is important to spend enough money on resources up front to ensure you'll pass on your first try. Eat a good breakfast before entering the testing area and make sure you've had a good nights sleep. Candidates must wait a few weeks to obtain their test results.
GoCertify: Why do you think there is such a continued interest in security and in the CISSP certification?
Michael Gregg: It's because security remains on the forefront of everyone's minds. Just look at the statistics. In the month of May 2004, 959 viruses were discovered. Before the Superbowl, several on-line gaming companies were threatened with DoS attacks unless they paid $25,000 to $50,000 each to prevent the attacks from happening. During July and August, some US website operators awoke to discover the websites had been hijacked by hackers and turned into the online home of dozens of videos featuring Osama bin Laden and other terrorists. Finally, laws such as Sarbanes-Oxley, Gramm-Leach-Bliley, and HIPAA have forced companies to spend additional amounts of time and money on security. These are just a few of the factors that will continue to push the growth of IT security.
GoCertify:Once individuals gain their CISSP, do they face any additional requirements?
Michael Gregg: Yes, once individuals have passed the exam, they will need to gain continuing education credits each year to maintain their certification. I think this is great, technology changes so fast, we all need to keep learning to keep current with our skills.
GoCertify:For individuals just entering the security field, what other certifications would you recommend?
Michael Gregg: Actually, I get asked this question frequently. I always recommend that individuals starting in security go for the Security + exam. It's a good base exam and covers a broad range of topics. After that, it all depends on the individual's goals. Several good second tier programs include the SSCP, SCP, CEH, and TICSA certifications.
GoCertify:What other related security fields do you see potential growth in?
Michael Gregg: Right now, it looks as if audit, assessment, and penetration testing are going to continue to be hot commodities. All of these blend nicely with a CISSP certification as it covers such a broad range of topics.
GoCertify:So, now that you have finished up this book, what is your next project?
Michael Gregg: I am currently finishing up development of a new security class. It's titled, "Assessing IT Infrastructure Vulnerabilities." I've been pleased to have developed it in conjunction with ISC2's training division. The first class is scheduled to be delivered in December 2004. I am looking forward to delivering it as I believe there is a real need to educate individuals and organizations on the different ways a security assessment can be performed. It's critical that organizations find their weaknesses before malicious hackers do!