My CISSP Journey, Part 2: Writing Exam Questions

In Part 1 of this series, I wrote about my experience studying for and taking the CISSP examination in an era when no study books were yet available. In this part, I discuss my experience writing questions for the CISSP exam.

A year or so after earning my CISSP certification, I was contacted by (ISC)² about my potential interest in a workshop where we’d be writing questions to be used in the CISSP exam.

A year earlier, I wrote my second book, Sun Certified System Administrator for Solaris 8 Study Guide. While I was writing that book, Sun Microsystems flew me out to their Broomfield, Colorado training center where I’d be trained in writing certification exam questions – the book would contain numerous sample questions. Sun wanted to be sure that these questions aligned with their methodology.

I accepted the (ISC)² invitation. The workshop was held in a meeting room in a hotel near the Seattle-Tacoma airport.  A dozen or so infosec professionals were there, accompanied by two (ISC)² persons who officiated over the workshop.

I’m constrained from sharing all of the details of the workshop, but I can say this: even back in the early 2000s, (ISC)² was concerned that the test had too many questions that relied only on test takers’ ability to memorize facts. We were to write scenario-based questions that depend more upon work experience than the knowledge of facts.  I sensed that this was a recent change, perhaps owing to persons with virtually no work experience being able to pass the exam merely because they could remember many things they did not necessarily understand.

In later years, I would learn that other organizations also prefer certification exam questions that rely more on experience than the knowledge of facts and terms.

In Part 3: proctoring CISSP exams.

In Part 4: writing a CISSP study guide.

In Part 5: earning the CISA and other certifications.

In Part 6: continuous education and CPE recordkeeping.

In Part 7: paying it forward.

Advertisement