My CISSP to PMP Experience
Richard R, CISSP, FITSP-M, PMP, MBA, Security+, Network+, Project+Purpose
Last Revised: August 2015
While there are a large number of CISSP-certified professionals in the workplace, and a larger number of PMP-certified professionals, holding the combination of CISSP and PMP certification is quite rare. I don’t know specifics, but I have only run into a few (if anyone knows a statistic I could quote, please contact me.) I have created this memoir as a reflection of my PMP Study Plan, which I patterned after my CISSP Study Plan (albeit on a compressed, or “crashed” schedule as I’ll discuss later on in this memoir) I hope that my writings are useful to other technical or information security professionals seeking to obtain PMP certification, or project managers hoping to obtain their CISSP certification. At the end of this memoir is a listing of resources I used and brief reviews of each.
I welcome feedback and questions which will help me improve this memoir as a resource for those who are working towards the CISSP or PMP certification. To ask a question or provide feedback, please contact me by email at cissp at avitria dot com - I'm always happy to answer questions from others working toward their CISSP or PMP certification. I also do one-on-one mentoring for the PMP and other certifications. Connect with me on LinkedIn if you'd like to establish a mentoring relationship.
If you enjoy this memoir, you might also appreciate my CISSP Study Plan Memoir as well as my thoughts on how to Become (and stay) a CISSP on a Budget.
First My Background
I’ve been an IT professional since late 1998 and have spent time in a technical role supporting a variety of industries including telecommunications, higher education, non-profit, commercial managed services and defense contracting. The list of job titles on my resume include GIS Analyst, Systems Administrator, Network Administrator, IT Support Director, IT Manager and most recently, Information Assurance Manager. As part of these positions, I have worked extensively with enterprise architecture including Windows, UNIX and Linux systems. In specific relation to project management, I have been involved in numerous large scale implementations and transitions supporting up to 35,000 users and I have supported annual IT expenditures over 10 Million Dollars. I am currently engaged as project manager on a software development transition project tasked with moving application sustainment capabilities from one supplier to another.
PMP vs. CISSP
First, how are they similar? They are both management exams, and a "management" perspective is required to correctly apply concepts on the exam (no, the CISSP is NOT a technical exam – anyone that believes that must not have ever taken the actual exam). Both certifications are based on a common body of knowledge, referred to as the CBK (CISSP) and the PMBOK (PMP). And both are considered to be difficult to obtain (although one is distinctly more challenging – keep reading.)
Next, how are they different? They are different in far more ways than they are similar. The PMP is focused on (you guessed it) project management while the CISSP focuses on ten various domains of information technology, security, business administration and telecommunications. Because of this, the CISSP is a much more broad certification (which makes it harder to obtain). The tests are significantly different – PMP is offered by Prometric and can be taken at any number of locations while the CISSP is offered only at special locations and is fully managed by other representatives of ISC2. I personally much prefer the way ISC2 handles their testing - except for the long wait for your results (with the PMP you have your results instantly.) For the CISSP you must be endorsed and approved after you take the exam, but for the PMP you must complete a lengthy application and be approved by PMI before you even attempt the exam.
Finally, which is harder? Having studied, prepared, and passed both exams and obtained both certifications I can attest that unequivocally, without reservation, the CISSP is a more difficult and more challenging certification from both a preparation and examination standpoint. The material is more complicated, the test is longer, the wait for the results is more agonizing, the endorsement and audit process is more grueling (ISC2 could take some project management lessons from PMI when it comes to internal business processes.) To compare them in a quantitative manner, with the CISSP being a 10, the PMP is an 8. (I’m not saying the CISSP is the hardest certification out there, just the hardest one I’ve obtained.) The PMBOK is a smaller pool of information to learn, the application process is easier (not easy, just easier), the testing is less stressful, and the exam itself is shorter as well as less difficult when compared to the CISSP exam.
Really? Seriously? Are You Trying to Kill Me?
I had been planning on working on the PMP certification for some time, and I knew that my organization saw significant value in obtaining PMP certification. I had just come off a streak of obtaining five certifications; Security+, CISSP, Network+, FITSP-M and Project+. When I reported to my supervisor that I had obtained the Project+ I indicated to him that I was going to “take it easy for a while” and put certifications aside while I focused on other things (namely a wife and children who are the true love of my life.) I had discussed obtaining the PMP, but I was not planning on making a concerted effort towards it until next year. A few hours later my inbox came alive with an email from my senior management indicating that I needed to “keep up the momentum and get the PMP.” I was caught in the crossfire – PMP, here I come.
It All Starts With The Study Plan
I learned an immensely valuable lesson preparing for my CISSP examination: It’s all about the study plan. A solid, realistic study plan is the difference between obtaining and falling short on what I consider to be “high end” certifications like the CISSP and PMP. I had to decide what resources I’d use, when I’d take the exam, and where. But there was a problem… I didn’t have all the time in the world like I had when studying for the CISSP (I took nine months to study for the CISSP). I can’t really go into details, but I had three months to take me from my current knowledge level with the Project+ to the heights of the PMP – one thing stood squarely in my way… The PMBOK.
Let’s Do This Thing
First, I researched the available materials in use by others working towards the exam. Many people read the PMBOK, but not surprisingly, the PMP PMBOK (just like the official CISSP CBK guide) is dry like the salt flats and practically unreadable to most humans. My initial study plan was relatively simple; I would read the Rita Mulcahy book, listen to the PMPrepcast and watch the CBT Nuggets videos for the PMP. But how would I put it all together? I needed a class to help me understand all of the bits and pieces that held together the PMBOK. I researched a number of training providers, but ultimately I settled on ESI International’s PMP Power Prep course. Because of a business relationship (don’t ask) I was able to get a significant discount on the course, travel was combined with another trip to the area, and I stayed with family in the area so costs incurred were minimal..
Ok, So There Were Some Course Corrections
My study plan had to be modified. I don’t know why, but I couldn’t find a single book that I could actually READ. The Rita book is good, but I couldn’t stand it. (I’ll note here that I also had the same problem with the flagship author of the CISSP world, Shon Harris.) The PMPrepcast was great, but there were simply too many episodes to get through and by the time I finished one group of episodes I had already started to forget content from the earlier sessions. The shining star in my study plan was the CBT Nuggets PMP course – the videos were thorough, but fast-paced which worked better with my personal study abilities – I can digest a lot of data quickly, it just has to be in the right format for delivery. I will note here that I did find a book I thought I’d like (The Head First PMP), but by the time I started looking at it I had exhausted my prep materials budget and didn’t want to buy another book I wasn’t positive about. (I do plan to buy a used copy and review it in the near future.)
And That Has Made All The Difference
Leading up to my PMP course there is a single resource that made the difference in my studies. It opened doors, cleared the air and started connecting the dots for me. The resource is Deep Fried Brain. This site is a literal treasure trove of information for the studious PMP candidate. There are numerous great resources that can be found on this site, and I’ll share some of them at the end of this memoir. If there is one site I would suggest that everyone studying for the PMP exam look at, it would be this one. I have still not found any single site that has better information.
Let’s Plan the Plan to Plan the Plan
At this point I had about three weeks before my class. I had completed my application and after some repeated efforts to find a testing site and time that worked with my plan I secured my testing slot – it would be the Friday afternoon at the end of my week in the classroom. It worked out perfectly because the class ended at noon on Friday and my testing slot was for 1230 in downtown DC, just two subway stops over from the class location. I was working on the CBT nuggets videos, memorizing the process chart, and working on vocabulary off of various review sheets.
Become One With The PMBOK, Padawan
The first day of class our instructor reminded all of us that the only way to successfully master the PMBOK was to immerse ourselves and embrace all the project management goodness that is the PMBOK. I knew that was the case from my experience with the CISSP, and I had shown up ready to own it. The course was excellent and I would recommend it to anyone looking for that final piece of the PMP puzzle. We spent most of the time reviewing the PMBOK material and the study materials provided with the class were excellent, including a review manual, practice exam manual, dictionary of project management terms, yet ANOTHER copy of the PMBOK, a nifty formula card and a set of audio CDs (which were EXCELLENT – I ripped them and put them on my phone to listen to during my commute to and from class that week). I felt confident from the start of the class and was pleased to find that I was generally getting scores of 75% or more on the practice tests we did each night on our own time.
During that week, I spent between 13 and 14 hours focused on the PMBOK material each day. Two hours listening to audio CDs during the commute, eight hours in class, and then another three or four hours in the evening taking practice tests, reviewing the chapters from that day and previewing the content for the next day.
Time To Put The Rubber On The Road
By Wednesday afternoon I was hungry to eat the PMP exam for an afternoon snack. Feeling pretty good about things, but wanting to make sure I didn’t have any surprises I made a quick jump over to DC Thursday morning to simulate the afternoon of the exam. This step should be something anyone preparing for an exam should do – go to the exam location at least once before your actual exam so any potential stress will be minimized on the day of the exam – everything should be second nature, allowing you to treat the exam just like any other practice test.
Friday morning I went to the last few hours of class and then took off to head over to DC for my exam. I got to the center in good order, but I was greeted by a large crowd waiting to take other tests – there had to have been 25 people there crammed into a very small waiting area. The person working the front desk had the people skills of a rabid jackalope and took every available opportunity to speak condescendingly to other test takers. After half an hour of waiting the desk rodent indicated that any of us vermin still waiting for scheduled exams could reschedule without penalty – having put my life on hold for three months, I was fine with waiting a bit longer, and I encouraged those with me to do the same (mainly out of spite.) About fifteen minutes later, which was 45 minutes after my scheduled start time I was processed in like a slab of meat and shown to my testing stall. I then took that opportunity to go take the bio-break that I had not dared take while waiting due to the fear of losing my spot. After using the restroom and splashing my face with some water I was ready to do this thing. I sat down and went at it.
Just a word of caution to other test-takers. Prometric locations seem to vary a bit in the "harshness" of their tratment of test-takers and adherance to policies. At my facility I was not allowed to take anything into the exam room and I had to turn out my pockets as proof of this. (I was glad I don't use a colostomy bag because they probably would have made me remove it.) I was not allowed to carry in anything from the outside. I had to use the provided pencil and scrap paper (not suprising), and I was not allowed to carry in a calculator (this was suprising). I mention the calculator because most other candidates have reported being allowed to carry one in, so your mileage may vary. The calculator built into the testing app is clunky and a pain to use, so bring your own calculator and try to take it in - just don't expect to be able to take in your TI-85.
So What Was It Like?
I can’t discuss the specifics of either exam since that would not be ethical, but I can compare the PMP exam to the CISSP exam since this memoir is targeted to those who already hold the CISSP certification. Where the CISSP exam is detailed and intricate, the PMP exam is vague and obscure. Where the CISSP exam makes you apply concepts, the PMP exam forces you to always be thinking “what comes next in the process chart”. Where the CISSP exam appears to have been thoroughly vetted by well-educated and detail-oriented professors of the CBK, the PMP exam is frustratingly poorly written – seriously… it’s not hard because it’s hard, it’s hard because it’s poorly written. It’s hard to explain it, and I can’t help but think they make it that way on purpose, but I was very surprised by the poor quality of the exam itself – the graphics were non-standard and inconsistent, the wording was off occasionally and grammar was poor at times. If you’re getting ready to take the exam and you want to understand that part of it better, shoot me an email and I’ll do my best to explain.
So How Did I Do?
I cruised through the exam, stopping only once to push back from the computer and stretch my back. In one hour and forty-five minutes I completed the exam and after reviewing about a dozen questions I had marked for review I pressed the submit button. I was nervous, but not scared. I passed. I was above proficient in all but two areas which were scored at proficient. I happily walked out of the building, put my earphones on and listened to my official study music (Mat Kearney) and took the subway and the bus back home to relax for the rest of the weekend.
So How Did The CISSP Help With The PMP?
First and foremost, when studying for the CISSP I spent a lot of time learning *how* to take tests. I read about how to evaluate multiple choice questions; I learned how to rule out bad answers and how to answer with a manager’s mindset. The CISSP exam and the PMP exam are similar in that good test taking skills will certainly help you out. Both exams are long and fatigue may set in if you are not up to it physically or mentally.
So What Resources Did You Use?
Here is a list of resources that I used and a few comments about each one. This is not an exhaustive list (especially due to my limited 3-month study window).
The Deep Friend Brain PMP – This site was the most useful resource during my studies and I found numerous excellent resources through this site.
A thorough listing of PMP study resources. (Check out the free resources at the bottom.)
Lessons Learned from those who have passed the PMP exam. This is the place to go for ideas which will help you assemble a solid study plan based on your learning style.
The title says it all: Project Management For People That Don't Want To Manage Projects. This blog post gives a great 10,000 foot view of the principles of the PMBOK, translated into a form that is more easily digested by technical folks. The author also links to serveral resources he found useful.
An excellent resource for doing flashcard-style activities. I learned the process chart by playing the “games” through this site.
The Project Management Prepcast - this is a video podcast that helps prepare candidates for the exam. While I did not use the video version, I did use the older audio version. The episodes are very detailed and great for focusing on specific concepts. They are not a 10,000 foot view - very much a down-in-the-weeds podcast.
I cannot stress how important basic multiple-choice testing skills are in this process for both the PMP and CISSP. While improving your test-taking skills is not a way to get around learning the actual content, it will help you apply the concepts in the exam scenario. While this write-up focuses on law, the concepts therein are completely applicable. I often tell candidates for both the CISSP and PMP that you should spend at least 10 percent of your time on test-taking skills. Your test-taking skills can mean the difference between success and failure on these exams.
This is another good write-up regarding preparing for the PMP exam, how to approach the questions, how to complete your application and more. Caution - it's written from the Rita Mulcahy perspective, so there is a Kool-Aid factor to it. While I did not read the Rita Mulcahy book, I did use the PM Fast-Track exam simulator and highly recommend it.
Head First Labs free practice quizzes. The question pool is not large, but it contains very realistic questions which are a good representation of the actual test. I tried many online quiz engines, but this was the only one realistic enough to recommend.
This is the classroom course I took. I realize not everyone has the ability to attend a course, but let me assure you, with a solid study plan, sufficient time and a good mentor, this exam can be passed without a course to give you that extra kick.