Cissp for technical folks
Hi all, I was wondering if you all have any tips for individuals interested in pursuing the CISSP, but have been technical in their careers rather than managerial. I know years ago when I picked up a CISSP book I think I fell asleep reading the first page...
How does a technical person approach this (besides just choosing the non-technical answer)?
How does a technical person approach this (besides just choosing the non-technical answer)?
OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
Comments
[h=1][/h]My 2cents!
I am eagerly looking forward to taking it in November. I've been technical whole career, so this is a great opportunity to learn something outside my comfort zone. I'm approaching it like eating an elephant, one bite a a time. I got the Security+ out of the way first and it's a great intro to what I've been studying so far. There is a lot of overlap.
So, my advice is to study these:
- BCP and DRP
- Crypto (it's almost pure theory and tech people usually have no idea how it works in detail and you have to know it in detail)
- Military grade access control systems (TCSEC, Bell-LaPadula, Biba, all other models, system modes, labelled security, etc)
- Operations security (like, typical procedures, who should do what and in what sequence etc)
- a little of legal stuff (what MOM is, chain-of-command and chain-of-custody)
and you'll be fine.
BTW, DRP and BCP and operations security are often logical and intuitive so there are chances that you'll answer them right by just thinking on what would proper way would be. Get a solid grasp on terminology and use logic and you'll be fine.
There will be a bunch of questions on physical security (renamed to asset security this year) also, but i'm not sure if it is worth to prepare for them. I didn't and had like 5 questions on this, but I have 7 years spent in electronic security field so I know this stuff.
The most annoying part is "for the purpose of CISSP exam" questions and they kind of suck because they promote (ISC)2 PoV which isn't always logical and making sense. For example, you have to know "for the purpose of CISSP exam" that SSL/TLS is a transport layer protocol in OSI model.