Book Review: CISSP Cert Guide (Pearson IT Certification, 1st Edition)

As an instructor I’m faced with the choice, over and over, of a thick, detailed textbook versus a more concise one. Thinner would be the easier choice, except that some authors manage to make their thicker books easy, even breezy reading. Other thick books are just … thick. Many of the A+ texts, for instance, go much, much deeper into details than the test they cover does.

This book, which is for the 10-domain test, strikes a very good balance. At 470-odd pages of actual reading material (less Glossary, Index and front matter), it’s a reasonable size for the cert courses I teach. I found it easy to cover 50 pages an hour, though I’ve got over 20 years’ experience with this area so not much slows me down. But I’ve dealt with many (many) books filled with page after page of thick, hard-to-read and hard-to-comprehend text, so many that the slimmer, more terse books tend to make me cautious. This one’s slim and terse and absolutely readable.

Tight texts like this work by using short, declarative sentences. They state facts, explain simply, and provide solid nuggets of useful information, but they also don’t supply many examples, don’t try to explain things using scenarios, and don’t provide much if any historical context. If you’re already the kind of network professional you’re supposed to be to test for this certification, this won’t be a problem. A couple of paragraphs of discussion can cover Kerberos just fine – for the initiated. If you’re trying to “leverage” your way to a higher certification (and it pays to know that if you can’t document five years’ experience, you get an “associate” certification), though, this may not be the book for you. Actually, if you haven’t done the real groundwork, this isn’t the certification for you, either.

One very strong point about the Pearson IT cert texts is the sample questions and tests. I’ve seen too many questions in sample tests from several sources that are mangled, ungrammatical, ambiguous or just plain incorrect, but not here. As a long-time technical editor, I appreciate the good, clear, concise questions and the use of multiple plausible answers that made me slow down and think before choosing. The chapter-end questions and sample tests also seem very much in what I’d label “(ISC)2 style” – there is little or no sneakiness about them, unlike the questions common on some certifications I could name but won’t. They’re short and clear: What’s the second step in a Business Impact Analysis? On which layer is the Internet destination address added? And you either know the answer or you don’t, simple as that.

It was a little sad that the CD that came with my book had some kind of manufacturing defect that looked a little like a tire had run over the edge of the disk, rendering it useless. Ironically, it really was useless: since I already have the Pearson test engine installed, the enclosed license code did the trick all by itself, downloading the latest version of the test and activating it. From there it was all joy for me. With any luck this was a sheer fluke no one else will run into.

Where I did see some weakness in the text was in the tables and diagrams. Personally, I never like matrix tables: a crosswalk of administrative controls against access control categories means almost nothing to me unless something entices me to look carefully at the rows of Xs. This type of table is often necessary for compliance documentation, but it makes for pretty dull reading in a textbook. And diagrams are best if they show relationships and flow. Eight gray bubbles in a row do NOT illustrate the complexity of the ticket-granting process, for instance. From my own experience writing textbooks, I know this is a tough area. Personally, I cheat: I hire a graphic designer and build the simplest, clearest flow diagrams we can make. And fortunately, in this case, not all the graphics are tables and rows-of-bubbles diagrams. Some, for instance the software development models, are pretty good. In fact seeing the waterfall model as an inverted view of the agile model gave me an interesting moment.

A really good glossary and index are gold for most of my students. You know how this field is: the acronyms are like a bowl of Alpha-Bits, and the nomenclature is thicker than the nearest competitor (psychology). In this book the glossary and index cover over 120 pages, which is to say a quarter the size of the reading proper. For a lower-level text it would be too much. For this cert it’s enough, but not too much. These things are not easy to build, and you’ll appreciate them when you’re scratching your head: where the heck did they define this?

I’d be confident to teach from this text immediately, and I’d be confident taking the test after reading this. At this point I’m still evaluating books for teaching the CISSP going forward, but the certification is looking like a winner because of the demand I’m seeing for it in the sectors I serve: labs, bases, government and education. For this class of student, this book is just about ideal.

Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications ( I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.

* * *

Book Review: Just about to fade away: thoughts on the CompTIA A+ Authorized Cert Guide, Third Edition

The A+ exam is nearing its rollover from the 801/802 tests to the 901/902 tests, and I’ll soon be doing my usual survey of new textbooks to teach from. It’s kind of the same decision every time: choose a smaller book that cuts to the point, which makes life easier on the student and directly addresses the tests, or choose a “big” book that really tries to be a comprehensive reference after the test. I don’t mind the big book model, as long as retired subjects are rightly removed and the material genuinely reflects both the new test and current computer tech.

This particular text from Pearson (which I was given by UNM for evaluation, and covers the 801/802 tests) runs over 1100 pages, and definitely falls into the “big book” camp. Now, when I use this as a class text, that’s not particularly a problem, because I tell students directly: don’t memorize POST codes or IRQs or I/O addresses, among many other things. Know the basics, and know how to look up the details. They’re right there in this book, in most cases – but you don’t need all this detail to pass the test. In fact, students can bog down in the exhaustive lists: video resolutions, processor sockets, floppy disk capacities: really? Far better that they spend their time learning troubleshooting techniques, and I’m glad to say they’ll find them here.

This book doesn’t try to artificially divide the subject matter of the two tests; functionally they’re about the same. That’s good, because it prevents a lot of the repetition I’ve seen in some texts. The topic areas are nicely divided, and work through a nice progression from the most elementary hardware to advanced Windows management. Personally, and as a teacher, I appreciate that.

I’ve found I have a strong preference for the Pearson practice tests, included in a CD in the book. The trend has been to online downloads, which aren’t bad in themselves, but often aren’t of such high quality. The offset is that online goodies often include things like videos and flash cards, which some students find really useful. What will this look like in the next version?

I’m waiting to see what the 901/902 edition looks like, particularly compared to its peers. This will be a whole new version of the A+, which means a total reset of the textbook market. This transition is never smooth, but if Soper, Prowse and Mueller can pull of another quality text, it will likely be my choice for next year’s classes.

* * *

Book Review: CompTIA Healthcare IT Technician HIT-001 Cert Guide, by Joy Dark and Jean Andrews

Since I’m evaluating so many books for IT courses, I’ve decided to start doing formal reviews here and on Amazon. I hope these are useful for other instructors like me.

Back in 2012 the HIT certification was brand new and materials were just coming out. I looked at some that I could only describe as ratty, which clearly were selling only because there was literally almost nothing else. Fortunately, there was this book, by far the best thing out there at the time. My copy was a review copy supplied by UNM.

It wasn’t perfect. In fact it looks very much like a first edition built for the first version of a new certification. I’ve been teaching CompTIA certs for some 15 years, and I’m pretty familiar with how they build tests. In this case I’d say they merged questions from the A+, Network+ and Project+ with strong doses of medical terminology and medical legal concepts. As other reviewers have noticed, the pool of questions on the sample test CD is pretty limited. They did, however, seem to cover the same ground as the actual test questions.

This cert was a snap for me because I’ve worked in medical and IT for over 20 years, and have taught the A+, Network+ and Security+ many times. But I’d have to agree that for a person coming into this field cold, this book alone wouldn’t be enough. You’d need to study medical terminology in more depth than you’ll get here, and build a background in security because you won’t get explanations of some pretty deep concepts you’ll be expected to understand for the test.

On the other hand, if you’ve got some experience in this field, this book does a good job of steering you toward the issues the test emphasizes: regulations and agencies, workflows, terminology and security. If you can get on top of the legal hierarchy, for instance, and you’ve already got an A+, you’re most of the way there.

Now, in 2015, I’ve taught this certification with successful students. But I’m surprised, after looking online, that there is still little to compete with this book for a detailed class text. The newer materials I’ve seen are mostly “cram school” stuff, which some people like but I don’t. If I do see continued interest in HIT cert classes this will be my text, but I’ll also be looking for more functionally complete materials. Given what I’ve seen of Joy Dark’s writing, a second edition will be much better. The real test is going to be adoption of the HIT certification itself as a credential, and that I’m still waiting to see.

ISBN-13: 978-0789749291 ISBN-10: 0789749297,

* * *