Passed my CISSP!
Woo. Mostly studied the Shon Harris book. Wrote my own study guide and practiced off the included CD. I had "CISSP for dummies" but it was a terrible read and not nearly as helpful as the Shon Harris book.
On a less fun note, one of my new co-workers just failed hers a few days ago. I guess that is good, relatively speaking?
On a less fun note, one of my new co-workers just failed hers a few days ago. I guess that is good, relatively speaking?
Comments
Congrats on your passing. Great achievement. Did the Sec+ help in prepping for CISSP? Are you able to share the study guide you put together? Is it in soft form?
Unfortunately, the way I ended up going was writing most of the things I wanted to learn into a kind of ghetto Python 3 flash card system that allowed you to do flash cards on chapter, question type, etc. Mostly, studying on how to script more efficiently and effectively in Python coincided with my study time so I tried to mix the two.
Snippet of an older version...
Apologies if that doesn't help much. By far and away the best study resource I used was the Shon Harris book. I can't emphasize enough how helpful that was.
Also, I would say that Sec+, while nice, is even more rudimentary compared to CISSP; while not hurtful, it is like stepping on a step-stool to try to ascend to the roof of a two story building. Hopefully that makes sense.
Thanks for all the info.
Know everything network security related from switches, (layer 2 and 3) to routers (layer 3) to IDS/IPS to Web Application Firewalls (WAF layer 7).
Get to know SSL from front to back, as well as its former TLS. (We need competent security people at the helm to help us make the rest of the world understand why keeping legacy SSL and older Operating Systems on-line for too long does not equal an acceptable risk...Go look up POODLE malware and you'll get a better understanding of what I am talking about).
DEEP dive into white papers and articles (MANY are free when you join groups and forums on LinkedIn) about how we are tacking security issues, Risk Management, Risk Acceptance, Compliance and Governance.
KNOW the subtle differences between SDLC and ITILv3. Both are process driven, and have the same number of steps, but depending on the project, you'll need to know when and how to use one or the other.
THEN, and only then should you really decide to try and take on this beast of a test. There is nothing wrong with being an associate for ISC, but outside of cheating the exam--and yourself--, experience is key to passing this test for most people.
There are a lot more people taking and passing the CISSP, so you need to know your stuff if you plan on interviewing after getting the cert for mid-senior level positions. CISSP is not as coveted as it was. Where it was once the crown jewel of InfoSec, it's now more of the Industry standard, as I am seeing 50-60K per year jobs out there that require or 'prefer' a candidate to have it. And it goes without saying that the six-figure jobs out there definitely require the cert PLUS at least 5-7 years of verifiable InfoSec experience, so don't expect this job to make your wallet instantly thicker, unless you already have the requisite time in the field prior to.