Cissp for technical folks

Hi all, I was wondering if you all have any tips for individuals interested in pursuing the CISSP, but have been technical in their careers rather than managerial. I know years ago when I picked up a CISSP book I think I fell asleep reading the first page...

How does a technical person approach this (besides just choosing the non-technical answer)?

Find more posts tagged with

Comments

g33k3r

I haven't taken the exam yet but here are my thoughts. My background has been in System Administration with a more recent focus on security. From the study guides I've read, there is a surprising amount of technical content considering I too have heard it is manager exam. I've learned a great deal of non technical information which helps me understand the business's point of view. From what I've read here is that your technical background will help but you do need to understand the non-technical portions as well. There aren't any shortcuts. Like other exams, sometimes it comes down to understanding what the question is really asking. I fear Larry Greenblat's comment that sometimes it is a test of the English language.
[h=1][/h]My 2cents!

Ertaz

SaSkiller wrote: »

Hi all, I was wondering if you all have any tips for individuals interested in pursuing the CISSP, but have been technical in their careers rather than managerial. I know years ago when I picked up a CISSP book I think I fell asleep reading the first page...

How does a technical person approach this (besides just choosing the non-technical answer)?

I am eagerly looking forward to taking it in November. I've been technical whole career, so this is a great opportunity to learn something outside my comfort zone. I'm approaching it like eating an elephant, one bite a a time. I got the Security+ out of the way first and it's a great intro to what I've been studying so far. There is a lot of overlap.

gespenstern

I'm a technical guy also and I say you are lucky because majority of topics on this exam are technical. According to practice questions "network and communications security" is my strongest domain.

So, my advice is to study these:
- BCP and DRP
- Crypto (it's almost pure theory and tech people usually have no idea how it works in detail and you have to know it in detail)
- Military grade access control systems (TCSEC, Bell-LaPadula, Biba, all other models, system modes, labelled security, etc)
- Operations security (like, typical procedures, who should do what and in what sequence etc)
- a little of legal stuff (what MOM is, chain-of-command and chain-of-custody)
and you'll be fine.

BTW, DRP and BCP and operations security are often logical and intuitive so there are chances that you'll answer them right by just thinking on what would proper way would be. Get a solid grasp on terminology and use logic and you'll be fine.

There will be a bunch of questions on physical security (renamed to asset security this year) also, but i'm not sure if it is worth to prepare for them. I didn't and had like 5 questions on this, but I have 7 years spent in electronic security field so I know this stuff.

The most annoying part is "for the purpose of CISSP exam" questions and they kind of suck because they promote (ISC)2 PoV which isn't always logical and making sense. For example, you have to know "for the purpose of CISSP exam" that SSL/TLS is a transport layer protocol in OSI model.

shillamus

Can you pass an A+?