 
My
CISSP to PMP Experience
Richard
R, CISSP, FITSP-M, PMP, MBA, Security+, Network+, Project+
Purpose
Last Revised: August 2015 While
there are a large number of CISSP-certified professionals in the
workplace, and a larger number of PMP-certified professionals,
holding the combination of CISSP and PMP certification is
quite rare. I don’t know
specifics, but I have only run into a few (if anyone knows a statistic
I could quote, please contact me.) I have created this memoir as a
reflection of my PMP Study Plan, which I patterned after my CISSP Study
Plan (albeit on a compressed, or “crashed” schedule as I’ll discuss
later on in this memoir) I hope that my writings are useful
to other technical or information security professionals seeking to
obtain PMP certification,
or project managers hoping to obtain their CISSP certification. At the
end of this memoir is a listing of resources I used and brief reviews
of each.
I
welcome feedback and questions which will help me improve this memoir
as a resource for those who are working towards the CISSP or PMP
certification. To ask a question or provide feedback, please contact
me by email at cissp at avitria dot com - I'm always happy
to answer questions from others working toward their CISSP or PMP
certification. I also do one-on-one mentoring for the PMP and other
certifications. Connect with me on LinkedIn if you'd like to establish
a mentoring relationship.
If
you enjoy this memoir, you might also appreciate my CISSP
Study Plan Memoir as well as my thoughts on how to Become
(and stay) a CISSP on a Budget.
First
My Background
I’ve
been an IT professional since late 1998 and have spent time in a
technical role supporting
a variety of industries including telecommunications, higher education,
non-profit, commercial managed services and defense contracting. The
list of job titles on my resume include GIS Analyst, Systems
Administrator, Network
Administrator, IT Support Director, IT Manager and most recently,
Information Assurance Manager. As part of these positions, I
have worked extensively with enterprise architecture including Windows,
UNIX and Linux systems. In specific relation to project
management, I have been involved in numerous large scale
implementations and transitions supporting up to 35,000
users and I have supported annual IT expenditures over 10 Million
Dollars. I am currently engaged as project manager on a
software development transition project tasked with moving application
sustainment
capabilities from one supplier to another.
PMP
vs. CISSP
First, how are they similar? They are both management exams, and a "management" perspective is required to correctly apply concepts on the exam (no, the CISSP is NOT a technical exam – anyone that believes that must not have ever taken the actual exam). Both certifications are based on a common body of knowledge, referred to as the CBK (CISSP) and the PMBOK (PMP). And both are considered to be difficult to obtain (although one is distinctly more challenging – keep reading.)
Next,
how
are they different? They are different in far more ways than they are
similar. The PMP is focused on (you guessed it) project
management while the CISSP focuses on ten various domains of
information technology, security, business administration and
telecommunications. Because of this, the CISSP is a much more broad
certification (which makes it harder to obtain). The tests
are significantly different – PMP is offered by Prometric and can be
taken at any number of locations while the CISSP is offered only at
special locations and is fully managed by other representatives of
ISC2. I personally much prefer the way ISC2 handles their testing -
except for the long wait for your results (with the PMP you have your
results instantly.) For the CISSP you must be endorsed and approved
after you take
the exam, but for the PMP you must complete a lengthy application and
be approved by PMI before you even attempt the exam.
Finally,
which
is harder? Having studied, prepared, and passed both exams and obtained
both certifications I can attest that unequivocally, without
reservation, the CISSP is a more difficult and more challenging
certification from both a preparation and examination
standpoint. The material is more complicated, the test is
longer, the wait for the results is more agonizing, the endorsement and
audit process is more grueling (ISC2 could take some project management
lessons from PMI when it comes to internal business processes.) To
compare them in a quantitative manner, with the CISSP being a 10, the
PMP is an 8. (I’m not saying the CISSP is the hardest certification out
there, just the hardest one I’ve obtained.) The PMBOK is a smaller pool
of information to learn, the application process is easier (not easy,
just easier), the testing
is less stressful, and the exam itself is shorter as well as less
difficult when compared to the CISSP exam.
Really?
Seriously? Are You Trying to Kill Me?
I
had been planning on working on the PMP certification for some time,
and I knew that my organization saw significant value in obtaining PMP
certification. I had
just come off a streak of obtaining five certifications; Security+,
CISSP, Network+, FITSP-M and Project+. When I reported to my
supervisor that I had obtained the Project+ I indicated to him that I
was going to “take it easy for a while” and put certifications aside
while I focused on other things (namely a wife and children who are the
true love of my life.) I had discussed obtaining
the PMP, but I was not planning on making a concerted effort towards it
until next year. A few hours later my inbox came alive with an email
from my senior management indicating that I needed to “keep up the
momentum and get the PMP.” I was caught in the crossfire – PMP, here I
come.
It
All Starts With The Study Plan
I
learned an immensely valuable lesson preparing for my CISSP
examination: It’s all about the study plan. A solid,
realistic study plan is the difference between obtaining and falling
short on what I consider to be “high end” certifications like the CISSP
and PMP. I had to decide what resources I’d use, when I’d
take the exam, and where. But there was a problem… I didn’t
have all the time in the world like I had when studying for the CISSP
(I took nine months to study for the CISSP). I can’t really
go into details, but I had three months to take me from my
current knowledge level with the Project+ to the heights of the PMP –
one thing stood squarely in my way… The PMBOK.
Let’s
Do This Thing
First,
I researched the available materials in use by others working towards
the exam. Many people read the PMBOK, but not surprisingly,
the PMP PMBOK (just like the official CISSP CBK guide) is dry like the
salt flats and practically unreadable to most humans. My initial study
plan was
relatively simple; I would read the Rita Mulcahy book, listen to the
PMPrepcast and watch the CBT Nuggets videos for the PMP. But
how would I put it all together? I needed a class to help me
understand all of the bits and pieces that held together the
PMBOK. I researched a number of training providers, but
ultimately I settled on ESI International’s PMP Power Prep course.
Because of a business relationship (don’t ask) I was able to get a
significant discount on the course, travel was combined with another
trip to the area, and I stayed with family in the area so costs
incurred were minimal..
Ok,
So There Were Some Course Corrections
My
study plan had to be modified. I don’t know why, but I
couldn’t find a single book that I could actually READ. The
Rita book is good, but I couldn’t stand it. (I’ll note here that I also
had the same problem with the flagship author of the CISSP world, Shon
Harris.) The PMPrepcast was great, but there were simply too
many episodes to get through and by the time I finished one group of
episodes I had already started to forget content from the earlier
sessions. The shining star in my study plan was the CBT Nuggets PMP
course – the videos were thorough, but fast-paced which worked better
with my personal study abilities – I can digest a lot of data quickly,
it just has to be in the right format for delivery. I will note here
that I did find a book I thought I’d like (The Head First PMP), but by
the time I started looking at it I had exhausted my prep materials
budget and didn’t want to buy another book I wasn’t positive about. (I
do plan to buy a used copy and review it in the near future.)
And
That Has Made All The Difference
Leading
up to my PMP course there is a single resource that made the difference
in my studies. It opened doors, cleared the air and started
connecting the dots for me. The resource is Deep Fried Brain. This
site is a literal treasure trove of information for the studious PMP
candidate. There are numerous great resources that can be found on this
site, and I’ll share some of them at the end of this memoir. If there
is one site I would suggest that everyone studying for the PMP exam
look at, it would be this one. I have still not
found any single site that has better information.
Let’s
Plan the Plan to Plan the Plan
At
this point I had about three weeks before my class. I had
completed my application and after some repeated efforts to find a
testing site and time that worked with my plan I secured my testing
slot – it would be the Friday afternoon at the end of my week in the
classroom. It worked out perfectly because the class ended at
noon on Friday and my testing slot was for 1230 in downtown DC, just
two subway stops over from the class location. I was working on the CBT
nuggets videos, memorizing the process chart, and working on vocabulary
off of various review sheets.
Become
One With The PMBOK, Padawan
The
first day of class our instructor reminded all of us that the only way
to successfully master the PMBOK was to immerse ourselves and embrace
all the project management goodness that is the PMBOK. I knew
that was the case from my experience with the CISSP, and I had shown up
ready to own it. The course was excellent and I would
recommend it to anyone looking for that final piece of the PMP
puzzle. We spent most of the time reviewing the PMBOK
material and the study materials provided with the class were
excellent, including a review manual, practice exam manual, dictionary
of project management terms, yet ANOTHER copy of the PMBOK, a nifty
formula card and a set of audio CDs (which were EXCELLENT – I ripped
them and put them on my phone to listen to during my commute to and
from class that week). I felt confident from the start of the class and
was pleased to find that I was generally getting scores of 75% or more
on the practice tests we did each night on our own time.
During that week, I spent between 13 and 14 hours focused on the PMBOK material each day. Two hours listening to audio CDs during the commute, eight hours in class, and then another three or four hours in the evening taking practice tests, reviewing the chapters from that day and previewing the content for the next day.
Time
To Put The Rubber On The Road
By
Wednesday afternoon I was hungry to eat the PMP exam for an afternoon
snack. Feeling pretty good about things, but wanting to make
sure I didn’t have any surprises I made a quick jump over to DC
Thursday morning to simulate the afternoon of the exam. This step
should be something anyone preparing for an exam should do – go to the
exam location at least once before your actual exam so any potential
stress will be minimized on the day of the exam – everything should be
second nature, allowing you to treat the exam just like any other
practice test.
Friday
morning I went to the last few hours of class and then took off to head
over to DC for my exam. I got to the center in good order,
but I was greeted by a large crowd waiting to take other tests – there
had to have been 25 people there crammed into a very small waiting
area. The person working the front desk had the people skills
of a rabid jackalope and took every available opportunity to speak
condescendingly to other test takers. After half an hour of
waiting the desk rodent indicated that any of us vermin still waiting
for scheduled exams could
reschedule without penalty – having put my life on hold for three
months, I was fine with waiting a bit longer, and I encouraged those
with me to do the same (mainly out of spite.) About fifteen
minutes later, which was 45
minutes after my scheduled start time I was processed in like a slab of
meat and shown to my testing stall. I then took that
opportunity to go take the bio-break that I had not dared take while
waiting due to the fear of losing my spot. After using the restroom and
splashing my face with some water I was ready to do this
thing. I sat down and went at it.
Just a word of caution to other test-takers. Prometric locations seem to vary a bit in the "harshness" of their tratment of test-takers and adherance to policies. At my facility I was not allowed to take anything into the exam room and I had to turn out my pockets as proof of this. (I was glad I don't use a colostomy bag because they probably would have made me remove it.) I was not allowed to carry in anything from the outside. I had to use the provided pencil and scrap paper (not suprising), and I was not allowed to carry in a calculator (this was suprising). I mention the calculator because most other candidates have reported being allowed to carry one in, so your mileage may vary. The calculator built into the testing app is clunky and a pain to use, so bring your own calculator and try to take it in - just don't expect to be able to take in your TI-85.
So
What Was It Like?
I
can’t discuss the specifics of either exam since that would not be
ethical, but I can
compare the PMP exam to the CISSP exam since this memoir is
targeted to those who already hold the CISSP certification.
Where the CISSP exam is
detailed and intricate, the PMP exam is vague and obscure.
Where
the CISSP exam makes you apply concepts, the PMP exam forces you to
always be thinking “what comes next in the process chart”.
Where the CISSP exam appears to have been thoroughly vetted by
well-educated and detail-oriented professors of the CBK, the PMP exam
is frustratingly poorly written – seriously… it’s not hard because it’s
hard, it’s hard because it’s poorly written. It’s hard to
explain it, and I can’t help but think they make it that way on
purpose, but I was very surprised by the poor quality of the exam
itself – the graphics were non-standard and inconsistent, the wording
was off occasionally and grammar was poor at times. If you’re
getting ready to take the exam and you want to understand that part of
it better, shoot me an email and I’ll do my best to explain.
So
How Did I Do?
I
cruised through the exam, stopping only once to push back from the
computer and stretch my back. In one hour and forty-five minutes I
completed the exam and after reviewing about a dozen questions I had
marked for review I pressed the submit button. I was nervous,
but not scared. I passed. I was above proficient in all but two areas
which were scored at proficient. I happily walked out of the
building, put my earphones on and listened to my official study music
(Mat Kearney) and took the subway and the bus back home to relax for
the rest of the weekend.
So
How Did The CISSP Help With The PMP?
First
and foremost, when studying for the CISSP I spent a lot of time
learning *how* to take tests. I read about how to evaluate
multiple choice questions; I learned how to rule out bad answers and
how to answer with a manager’s mindset. The CISSP exam and
the PMP exam are similar in that good test taking skills will certainly
help you out. Both exams are long and fatigue may set in if
you are not up to it physically or mentally.
So
What Resources Did You Use?
Here
is a list of resources that I used and a few comments about each
one. This is not an exhaustive list (especially due to my
limited 3-month study window).
The
Deep Friend Brain PMP – This site was the most useful resource during
my studies and I found numerous excellent resources through this site.
A
thorough listing of PMP study resources. (Check out the free resources
at the bottom.)
Lessons
Learned from those who have passed the PMP exam. This is the place to
go for ideas which will help you assemble a solid study plan based on
your learning style.
http://toastresearch.com/2010/09/02/project-management-for-people-that-dont-want-to-manage-projects/
The
title says it all: Project Management For People That Don't Want To
Manage Projects. This blog post gives a great 10,000 foot view of the
principles of the PMBOK, translated into a form that is more easily
digested by technical folks. The author also links to serveral
resources he found useful.
An
excellent resource for doing flashcard-style activities. I learned the
process chart by playing the “games” through this site.
The
Project Management Prepcast - this is a video podcast that helps
prepare candidates for the exam. While I did not use the video version,
I did use the older audio version. The episodes are very detailed and
great for focusing on specific concepts. They are not a 10,000 foot
view - very much a down-in-the-weeds podcast.
I
cannot stress how important basic multiple-choice testing skills are in
this process for both the PMP and CISSP. While improving your
test-taking skills is not a way to get around learning the actual
content, it will help you apply the concepts in the exam scenario.
While this write-up focuses on law, the concepts therein are completely
applicable. I often tell candidates for both the CISSP and PMP that you
should spend at least 10 percent of your time on test-taking skills.
Your test-taking skills can mean the difference between success and
failure on these exams.
This
is another good write-up regarding preparing for the PMP exam, how to
approach the questions, how to complete your application and more.
Caution - it's written from the Rita Mulcahy perspective, so there is a
Kool-Aid factor to it. While I did not read the Rita Mulcahy book, I
did use the PM Fast-Track exam simulator and highly recommend it.
Head
First Labs free practice quizzes. The question pool is not large, but
it contains very realistic questions which are a good representation of
the actual test. I tried many online quiz engines, but this
was the only one realistic enough to recommend.
This
is the classroom course I took. I realize not everyone has
the ability to attend a course, but let me assure you, with a solid
study plan, sufficient time and a good mentor, this exam can be passed
without a course to give you that extra kick.
|
