You Will Make it ! ...I Did It and Passed on 09/01

BOUAISSIBOUAISSI Member Posts: 5 ■□□□□□□□□□
First of all, I would like to thanks all of you of this website, all the ones who posted and shared information, tips, hints…the ones who motivated the others, and even the ones who s***y things. Special thanks shoaibfaruqi , jt2929 for their great posts.

As you can imagine, I passed the CISSP exam on September 1st in AmsterdamJ. To be honest with you when I received my paper and the girl said “Congratulations”, I was quite surprised and asked her: “Are you sure? Maybe your system is messed up!”
Couple of days after, I am still not conscious that I finally got it after all that time I spent. For your information, I passed it on my first try and during my preparation it happened to me so many times to “hit the wall”. I have only to advices for that: “Never, never, never give up!” and “Work hard!”.

My background
I am not a technical guy. I just studied economics and finance at university. Once I started working 15 years ago, I barely knew how to use Word and Excel!
I was an IT consultant, then moved to IT Audit 8 years ago and just these last 9 months I have been assessing IT risks in an “IT security team”. To be honest with you, I barely know how a firewall looks like, or how to write in Java language (I first thought we are talking about Javanese icon_study.gif ).

That said, I still have a good understanding about risks and see the big picture. Only when it comes to talk with technicians or geeks, I got lost. Additionally, I am still leading IT audits and therefore having the opportunity to discuss with people from different areas (CIO, CISO, Technicians, Compliance, …) therefore I have a good knowledge and overview of an organization from an IT perspective but more important than that as an entity which is pursuing objectives and for which IT is only a service. Oh forgot, even if I don’t have a Cisco, MS, ….or any technical certification, I have the CISA though J (and for the records, for the one who passed the CISA, nothing to compare with CISSP..this latest one is way much difficult!...For the ones who have the CISSP and willing to pass the CISA, give it a shot! ..You will just need to learn how to think as an auditor..instead of thinking as a security professional).
At last, and for the ones who were still reading till this point and not snoring, English is not my first language …actually maybe it is my 4th or even 5th. But I am quite proficient in reading, conversing or working in English (we do work in French in Luxembourg btw…oh yeah sorry did not say that: I am leaving and working in Luxembourg …but I am not Luxembourgish though).

Why taking the CISSP?
That’s a good question? Why would you take it as you are not very familiar with some areas (Network and Telecom in particular)? While you need to spend lot of times to prepare it? Well, it was just an opportunity and a coincidence! It was not in my plan, however as the certification was budgeted in my company for FY15 and the guy who was supposed to take it moved out….My boss (due to the fact that for the first time in my career working in IT Security) proposed that I took his place and gave it a shot! I had no pressure, did not have to pay for it out of my pocket…anyways it was a good investment and a good learning for me to gain a better understanding of IT Security and have a deeper knowledge.
I liked reading and learning new things and find it always good to have a new professional certification on your resume which will hopefully will help you in your career but is also good for your ego as you can have it proven independently that you know and your knowledge is recognized worldwide.


Some basic tips
  • Discuss with your family about your plan. They have to understand you and be very comprehensive with you. I would like again to thank my fiancée who was a great support and very patient with me (not easy to sleep when you someone preparing a Nespresso late at night, or opening / closing to door to go smoke outside 5 times late at night).
  • Set realistic goals and achieve them!. Do not overestimate yourself and do not underestimate yourself either: you gonna make it! It’s just question of time and how hard you work. Spend some time reading and some time answering questions (even about chapters you already went though). This will help you up to date and refresh you memory.
  • Set a date for the exam: do not procrastinate! Once you have a date, you will work hard and know how much it will take you to get there!
  • Use a variety of books and questions ….but not too much: I don’t know how people can read 3-4 books…just focus on 1 or 2, …but read them well in order to understand …not only to read! Same with the questions, here you can use thousands of different questions but be sure that you will never have exactly the same question in the test! Questions are just helpful to assess your readiness, but more to teach you and help. Therefore, I suggest you to read carefully the answer and explanations (the one in cccure were the best by far)
  • If you have the chance, work in group or with one colleague! It is really motivating and you will use your time more efficiently and you guys could be a great support to each other, …and what it takes you 2 hours to understand ..and you still don’t get it..your friend/ colleague might explain that to you in 5 min (Thanks G. for correcting my understanding of the smurf attack)
  • Once again Never, never, never give up! You will the wall, you will panic, you will see different responses from one book to another, you will not understand a concept, you will have your Thai neighbor locking the building door behind you while you went out to smoke, you will make a prep test 3 days before the exam and have a score of 60%....don’t panic! You will make it! If I did it, you will make it then…. J
  • Finally, if you feel too tired, hitting a wall….have a break sometimes…life is too short to be small. I did not hesitated to have one week at the beach in July, and relaxed doing nothing…I took one step back in order to have more energy afterwards!


My study plan:

I started reading the Shon Harris AIO in April 2015….and read it cover to cover till August 2015. In July, I booked the date of 1st September to take the exam and therefore I had a deadline a real goal.
Guys: I don’t know how some of you can prepare for the exam in only 6 weeks or less…but for me, I did not want to have only a CISSP life (even though it was the case the last week J ). Like most of you, I have a job which takes me about 8-10 hours a day, I have to take care of my house and all personal stuffs, …and above all..I am getting ready to be a father soon (in a couple of weeks). Therefore, my plan was to start reading ONE book first, to gain an understanding of all areas and to assess/identify my weaknesses. So I choose the Shon Harris AIO (as the official CBK was not released yet in April)…and to be honest I did not regret my choice. The book is very complete and easier to read….and you have less mistakes than the CBK (yeah even me who is not technical but auditor though, noticed lot of errors the CBK and some responses to the questions were not accurate….do they really review what the write and sell????).

I kept track of my progression
in reading and at the end of each domain I was taking the Shon Harris questions and her book, or the Mac Graw Hill questions and even the Skillset ones (which are not great and provide you with incorrect response sometimes…but it is still a good way to improve and check your knowledge).
I got the CBK book as well end of June, and I staring reading it as well…once I finished the AIO, in order to have the new added chapters and latest update. However, I hated! The writing is really bad and it was not structured really well (maybe because I just downloaded an electronic version and had it printed out J…but I did the same with the SHarris and it was way much better presented).

So till end mid of July, I was just working for the exam about 2 hours a day…whenever I had time, I read some sentences, a concept, or even google it to gain a better understanding…and during my lunch time at the office..made 25 questions on skillset or Shon Harris SW. Use your time efficiently and you will not regret it!
And btw, it was a great challenge and fun to see your progression in the tests…and the fact that you can score more than 80% or 90%....but then I figured out that I was doing almost the same tests and responding to same questions over and over…OK I was happy to know better and gaining a deeper knowledge….but I was not convinced! I knew that somehow I was lying to myself and knew my weak areas! Be careful, do not make that mistake: do not consider answering correctly to the same set of questions will help you! Use a variety of tests and keep on doing at first only new questions!
So, after reading the books and keeping track of my progression in responding the questions, for the last 2 weeks, I wrote notes for each of the chapter and kept the “Quick tips” pages and most important pages for each chapter (that said, my “notes” were about 100 pages of concepts and definitions!).

For the last week, I had the chance to have 5 days off offered by the Luxembourgish government to prepare for the exam (Thank you Grand Duc). My last week was intense, I was working every day from 8 to 10 hours :
  • Reading my notes and understanding all concepts in details (like crypto…need to tell you about the Caesar Cipher? Or the DES/3DES/ PKI …great fun !)
  • Went to read in details again (and for the 3rd time) the chapter about Network and Telecom my weakest area (sorry I am not technician)….till I got it …J (ok I still cannot see how an IDS / IPS or a packet looks like and I guess I will have more chance in my life to meet an Ewok than an IDS)
  • And I was doing from 200 to 300 questions a day (in my good days). I bought the CCCure questions for 1 month (45$) ..but did around 1800 questions in 7 days with CCCure (and did again around 300 questions from Shon Harris and CBK combined) and understanding in details the response. (ok to be honest, I skipped around 10 explanations as I was done with the concept ..And assumed that they will never ask about it).
  • I did 2 times 250 questions and 2 times 200 questions: not gonna tell you my score ….as it meaningless. Remember the score during the preparation is not as important as you think …it s just give you some information on your readiness and could be a good motivator J …(or the opposite)

Books
  • Shon Harris AIO CISSP All-in-one exam guide (Read it cover to cover…for me the best and even it does not cover all the latest areas…it s more than 90% and it is well writter – questions are good and explanations are fair)
  • Official CISSP CBK 4th edition (read 7 out of 8 domains; did all questions – did not like it – lot of mistakes)
  • Eric Conrad 11th Hour- read the 4 first chapters for my weakest domains…it s a good resume ….I will advise reading it ..only the last days


Questions

- CCCure - freepracticetests.org (~1800 questions, Pro, 78% average) (watch Larry's video for a coupon code ). They are very helpful as you will learn a lot from the answers and explanations! Do not skip them !
- Shon Harris All In One Software: old questions, but still a good basis to understand and to get familiar with the questions and concepts…did the 927 questions and scored 79% (after many attempts ..)
- Skillset - I used this a few times for practice exams and found it to be almost useless. A lot of the questions have incorrect answers, but the comments under the questions by other users were sometimes useful.



The test

We (me and my colleague) arrived at Amsterdam one night before…and our hotel was just 1 min away by walk from the exam center!

The day before and night before my plan was to do nothing! ….But I will lie to you in telling you that! I have been re reading my notes for the x times from 10pm till midnight….and even woke up at 7 to read till 8.30.
Exam is at 10.30 am! …Needless to say that on my way to center …I smoked 3 cigarettes…(I know we were in Amsterdam….but it was not advisable to do what you bad guys think!).

We entered the test center and we had our pics taken, signed digitally and oriented to a computer to start the test and finished it in less than 6 hours! …Guys, first questions is always tricky ! ..It could be a good motivator for your start….or kill you (as you will say “what….I will have 249 more questions like this one? “….My first question : ….just didn’t know..and flagged it…second question, had an idea..answered but was not sure, so I flagged it ! …I guess out of the first 20 questions in Flagged 50% J….The more questions I had, the more I was comfortable with: they are not like any of the questions in the tests you had to prepare…they are more high level ..and few technical..

They want to assess your skills as a manager and how to address in THE best way a risk (or the least you will do). So think as a Manager .God..the more I was answering questions…the more I was thinking , Ok between 60 and 70% won’t be bad, …and after 125 questions…I started thinking …hmmm maybe more than 50% will be a good score…Most of the time, 2 responses were a non-sense ..and 2 responses were Ok. (thanks guys). Few questions (maybe less than 20%) were really technical and you had to know the exact reponse!

At that time, I was thinking …why I had to learn all these keys length, the different, Common Criteria EAL…the test did not address in super details ..even if for 3-5 questions, I had to say that the concept they asked was “Bell Lapadula”, or “use her private key to encrypt”…or something like “Protection Profiles are used in ….Common Criteria) J.
After 185 (or 200 ..I can’t remember), I started to be done and had a break for 10 min….And I was still having 4 hours ! …So I came back ..and answered the remaining questions in less than 1 hour…and decided to go through the questions I skipped (did not answer). So I reviewed and answered 26 questions…At that time, as we say in the Casino “Les jeux sont faits” ..so I was answering without any pressure, based on my knowledge….I reviewed the questions I flagged and changed only 3-4 responses….and I had spend till there 4 hours! ..So I started reviewing all the questions..reading the question and my answer…and feeling more comfortable ..my answer was not that stupid…. J …as one my bosses used to say “The most beautiful women in the world cannot give you more than she has”….
After 100 questions, I was done….I said time to leave…with still 95 min to go ! …
I left …when to see the girl at the front desk …and you know the end J..(I mean the end till the point where I passed…because what happens in Amsterdam, stays in Amsterdam icon_cool.gif ).

.....The End

It was a great adventure I started in April 2015 and finished on the 1st of September. It was not that easy but the time you spent, what you learn worth all those sacrifices...I am happy of what I learned, I can …and having been applying lot of concepts and stuffs I learned during my preparation phase… I am more recognized in my profession, it’s good for the ego….but most important than any of what I said: I am gonna be a father soon :) (ok a CISSP father, but not sure if that changes anything for my baby)

Next …
I wishing all success and hard luck in this tremendous adventure…If I made it (and others before you)..you will make it! No matter what happens, how difficult or easy it looks, just believe in yourself…and be proud!icon_cheers.gif

Ps: may you need any electronic document or notes, please do let me know!

Cheers
K

Comments

  • twodogs62twodogs62 Member Posts: 393 ■■■□□□□□□□
    Major congratulations!!! You enthusiasm shows.
    congrats on baby coming too!!!
  • freedom777freedom777 Member Posts: 32 ■■■□□□□□□□
    BOUAISSI, thank you for sharing your experience and journey on becoming a CISSP! I enjoyed reading your post and your encouragment to "never, ever give up". I have been studying since August and sometimes I can feel overwhelmed to the enormous amount of material to study and learn. But somehow I continue to push through..especially when I read posts like yours that offer motivation and encouragement to all of us who are trying to pursue the same goal.

    Congrats! and also becoming a new Father soon!

    I would like to review and use your electronic notes as you mentioned in your post if possible.
  • CLICKCLICK Member Posts: 88 ■■■□□□□□□□
    Great post..thanks for sharing..CONGRATS on a well deserved pass !
  • jt2929jt2929 Member Posts: 244 ■■■□□□□□□□
    Congrats on the pass and thanks for the writeup!
  • rajpoot296rajpoot296 Member Posts: 27 ■■■□□□□□□□
    thanks for sharing the experience and congrats!
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
  • Me86Me86 Member Posts: 20 ■□□□□□□□□□
    Congratulations on everything Mr de la Boétie !
  • EburonEburon Member Posts: 29 ■□□□□□□□□□
    Félicitations, et merci pour l'information précieuses!
  • kukkukukku Member Posts: 130 ■■□□□□□□□□
  • shamim.secshamim.sec Member Posts: 24 ■□□□□□□□□□
    Congrts... A great achivement.
    Would u please shareelectronic document or notes.
  • gvamsik1gvamsik1 Registered Users Posts: 1 ■□□□□□□□□□
    Congrats BOUAISSI... Superb achievement. Could you please share your electronic document or notes.
  • pinnopinno Registered Users Posts: 3 ■□□□□□□□□□
    Cher Bouaissa.....Great post !

    Congrats and thank you for the excellent write up!

    Chaleureuses félicitations pour la naissance de votre bébé.

    I would greatly appreciate it if you kindly share your electronic document or notes. Merci
  • Swimfan2516Swimfan2516 Member Posts: 42 ■■■□□□□□□□
    Congrats on passing!!
  • BOUAISSIBOUAISSI Member Posts: 5 ■□□□□□□□□□
    Thanks guys ...and hard luck for all the guys who will be taking the exam..

    Sorry I tried to upload my notes in here....however it s not working icon_rolleyes.gif..as most of the doc are pdf ones (even zip is not accepted)...

    if s.o has some infos ....I will do it..

    And thw Mado ;) ...special cacedédi ..icon_pirat.gificon_pirat.gificon_pirat.gif
  • RobicusRobicus Member Posts: 144 ■■■□□□□□□□
    You whooped that test. Congratulations on all the hard work and success!
    What's Next? eLearnSecurity's eCIR

    MSISE, CISSP, GSE (#202), GSEC, GCIA, GCIH, GPEN, GMON, GCFE, GCCC, GCPM, eJPT, AWS CCP
  • freedom777freedom777 Member Posts: 32 ■■■□□□□□□□
    BOUAISSI,

    Try replying to the thread and select "Go advanced" instead of "quick reply". Then scroll down to "Additional Options" and click on "Manage Attachments". From there you should be able to upload your files and attach them.
  • BOUAISSIBOUAISSI Member Posts: 5 ■□□□□□□□□□
    yeah thx for the info..

    however on "Management attachments" you have ': Valid file extensions: gif jpe jpeg jpg png txt vnm"

    I cannot attach any other file ! ..even though I try to **** ..sorry!
  • freedom777freedom777 Member Posts: 32 ■■■□□□□□□□
    BOUAISSI,

    If possible, can you email me the files and I can try to upload and attach them?
    My email is thankyou411 at gmail dot com
  • hermit84hermit84 Member Posts: 19 ■□□□□□□□□□
    congratulations
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Congratulations! Thanks for your detailed information on your preparation and exam experience. It is very helpful and encouraging!
    When you go the extra mile, there's no traffic.
  • pinnopinno Registered Users Posts: 3 ■□□□□□□□□□
    Bouaissa.....Great post !

    Congrats and thank you for the excellent write up!
    I would greatly appreciate it if you kindly share your electronic document or notes please. Many Thanks
  • melvinfzmelvinfz Member Posts: 44 ■■□□□□□□□□
    Congratulations !! :)
Sign In or Register to comment.