Passed CISSP this morning!

Realist2001

If any of you remember my original thread you know I've been on this site a few months studying http://www.techexams.net/forums/isc-sscp-cissp/102359-new-here-studying-cissp.html

After about a year studying, really buckling down the last 3 months, I decided to give it a go.

Brief history. I'm a computer support specialist, aka computer tech, with very little IS experience outside of the security+ and a few security things here and there at work. I knew I didn't want to be a tech forever so I decided to pursue the Cissp to try to advance my career.

What/How I studied: I knew I was behind the 8ball compared to a lot of people on here who had years of experience so I had to work extra hard to make up for that. When I say that CISSP became my life, I'm not exaggerating.

- I read Shon Harris' book cover to cover, some chapters more than once, taking notes in a composition book.
- Took all the end chapter tests and reviewed any questions I missed while making sure I made note of said missed question in my composite book.
- Listened to her videos, every one of them in about 3 days. I read a comment that someone watched her videos to the point that she became attractive. I can cosign on that lol. Also listened to the videos to and from work.
-Took the practice questions on the McGrawHill site multiple times. Took the 1st set of questions before I got deep into studying, then took those and part 2 the last few weeks to gauge my progress.
- bought practice questions from transcender and cisspexampractice. Transcender actually felt harder than the real thing.

Test day: had to drive to Atlanta, abut 90 min drive so I got a hotel room. Test was at 8 so I ate a little breakfast and read over my notes. The actual test seemed, easier if that's even possible, compared to everything I studied. I didn't get many cryptography or Telecommunications questions which were my weaker domains. I seemed to have gotten more BCP/DRP, access control, info gov questions with a few of the other domains sprinkled in. Overall I felt like the test was only about 20-30 percent of what I actually studied.

With all that said, it was still a fairly difficult test but not overwhelming. I felt like I over prepared but that's better than not being. For those in my position and don't have the experience, as long as you have the will, you can pass, on the first try. Stay dedicated and focused and don't let not having experience deter you. Thank you all for your threads. They help motivate me.

So I have to get endorsed now. That's the next step right?

Find more posts tagged with

Comments

AverageJoe

Nice job! Yes, much better to be over prepared than to not be prepared enough. Your long drive just to be able to take the test is something I haven't experienced and adds a whole new complexity to certifications that I hadn't thought much about. I guess I've just been spoiled being in locations with local test centers. Congrats!

Expect

Good work! get the endorsement form ready a.s.a.p, it may take up to 4-5 weeks to get the final approval from ISC2.

Congrats!

Congrats!

Congrats

thanks everyone. I'm looking for direction to take the next step while I wait for endorsement.

Since I dont have much experience, I'm looking at "teaching myself" some of the things that used in security. Which software do companies use that I could maybe set up my own home lab and practice. My main concern is to get experience with some of the known things so that I can, 1) Maybe put it on my resume as having experience dealing with it and 2) being able to have a basic understanding so that when/if i get job interviews I wont say "I have no experience with that particular software or device"

Any suggestions?

Cyberscum

"Which software do companies use that I could maybe set up my own home lab and practice."

For what?

As you can imagine there a various IT security jobs out there as well as software availiable. Alot of the GOTS/COTS stuff you cannot obtain for use unless you have permission or $$$.

If your talking Pen testing/ Network sec why not just start with a cool distro like KALI, BACKTRACK, BACKBOX etc... Should give you an idea of how the tech works.

aftereffector

Like Cyberscum said, the answer will depend a lot on what particular facet of security that you would like to get into. If you want to be a pentester, there are a lot of applications and tools such as Metasploit, Kali / Backtrack, and so on... if you want to be an analyst, you would likely need to be familiar with SIEM software and applications such as Wireshark. I'm in GRC, so I don't deal with any software other than Excel, but I have to be very familiar with the regulations that govern the environment in which I work (currently DoD, so it's all DIACAP, NIST, FIPS, CNSS, and so on).

Otherwise, getting familiar with Python, Linux, and Wireshark definitely can't hurt.

Realist2001

That's the thing, I'm not sure what area I want to go in since i dont have that much experience in anything, security wise that is. My job deals with security here and there and we have to be aware of what's going on etc, and I dealt with SDLC at my job before, but nothing strictly security. That's why i needed examples and you guys gave me things that i needed. Since I'm not sure what area i want to go in, i want to try to get a general understand of all so that if I get interviews, i can at least know what I'm talking about and how to use the products.. So starting with the things you guys listed helps. I can start with Python, Linux, and Wireshark and go from there.

Before I go out and google, are there any free versions of these that I can play with?

Thanks for the help

Cyberscum

Realist2001 wrote: »

That's the thing, I'm not sure what area I want to go in since i dont have that much experience in anything, security wise that is.
Thanks for the help

LOL this is why people question the CISSP cert. I am not knocking you, its just funny... Anyway, dude all of the distros like kali, backtrack, backbox, wireshark are free.

www.distrowatch.com

Realist2001

Cyberscum wrote: »

LOL this is why people question the CISSP cert. I am not knocking you, its just funny... Anyway, dude all of the distros like kali, backtrack, backbox, wireshark are free.

www.distrowatch.com

No I understand what you are saying. I didn't take it as a slight. You have to look at it from people like me and our perspective. I have the A+, Security+, and Net+ with virtually nothing to show for it for the career I'd like to be in, which is security. I've dealt with software development but I don't think that's the area i want go in. So I had to find a way to get my foot in the door. I'm not one who expects a job now that I have the CISSP. Which is why I wanted to know the software/direction I needed to go now that I have it. I plan on setting up labs and practicing. In my mind, just like studying for the CISSP, I plan on learning wireshark, backtrack, etc. CISSP doesn't mean much if I don't know what I'm doing besides being able to take a test and pass. At the same time, I want a potential employer to see that I can be dedicated to learning the craft. We all have to start some where.

flipflop4567

Has anyone here taken the CAP exam? If so, does it have RMF material on the test or still DIACAP?

Cyberscum

@realist
NP I am glad that you have the will and determination to learn these things. There are way too many people in the ITSEC field that dont have a clue, or are unwilling to learn new things. If you have questions let me know.

☮ C-Scum

zxbane

flipflop4567 wrote: »

Has anyone here taken the CAP exam? If so, does it have RMF material on the test or still DIACAP?

From what others have posted recently the CAP exam is almost entirely RMF at this point. Do a forum search for "CAP" and you will find some reviews of the exam.