Starting CISSP

Alright, back in the cert game. This time for real. Boss is pushing me on this one. Basically the division of the company I am in is very ISC2 oriented on the politics and friends side of things.

Experience -

Domain 1. Security and Risk Management
- I been a member of our internal security operations management team for near 7 years.

Domain 2. Asset Security
- I personally have managed our OS and network security automation for 3 data centers for 7 years.

Domain 3. Security Architecture and Engineering
- I have run/managed our SIEM operations for over 5 years.

Domain 4. Communication and Network Security
- My previous job I worked doing SMB office security for about 4 years and considerable more experienece misc tacked on at my current job working with F5 , Juniper and network automation.

Domain 5. Identity and Access Management (IAM)
- two jobs ago I did 3 years working with access management, then another 2-3 years consulting on AD design and security for SMB.

Domain 6. Security Assessment and Testing
- I have been apart of our Qualys, Red/blue team and compliance audits for near 6 years.

Domain 7. Security Operations
- Over a decade here and the last few jobs

Domain 8. Software Development Security
- Honestly, I kinda suck here. I have dont some light tests on the sites I support, I have never really been a direct owner of the software development lifecycle. Problaby my weakest area. Looking at completing this program to support closing my gaps here https://app.pluralsight.com/paths/certificate/certified-secure-software-lifecycle-professional-csslpr .

Beyond meeting the requirements for the time of training I also hold "Approved Credential on the (ISC)² Approved List"
CompTIA Security+
MCSE
MCITP

Materials
1) Cloud+ materials and cloud Essentials
2) cbtnuggets.com for the overview of the concepts, it's the 2015 version, but its just for on the treadmill.
3) (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
4) CISSP Official (ISC)2 Practice Tests, 2e
5) CISSP Exam Prep Questions, Answers and explanations from SSI Logic
6) Official CISSP Bootcamp from Quickstart.com
7) CEH Bootcamp from Quickstart.com

Video series on CASP Concepts from pluralsight.com
9) Video series on SDLC concepts from pluralsight.com

Generally I like to keep dive into certifications deeper than is required for the pass. So also branching into Cloud+ and a few other things as supporting materials. But traditionally I don't bother with most certs unless I see real value on dice.com etc. But this one the boss is pushing me hard to get active in ISC2.

Find more posts tagged with

Comments

Daniel333

Cloud+ Done!
In prepping for the Cloud aspects of the CISSP I went ahead and self-bootcamped the Cloud Essential and Cloud+ Exam from compTIA. The process exposed some gaps in Storage, Federated Identity and Application life-cycle.

Bootcamp - Scheduled
Right now I have a 5 day CISSP bootcamp schedule for end of the month just to surface more weaknesses.

In the Pipe
But after that I am going to break down and work through some Windows 2016/Azure training on Federated Identify and go volunteer to help with our federation projects at work to close the gap some.

bjpeter

Daniel333 wrote: »

Cloud+ Done!
In prepping for the Cloud aspects of the CISSP I went ahead and self-bootcamped the Cloud Essential and Cloud+ Exam from compTIA. The process exposed some gaps in Storage, Federated Identity and Application life-cycle.

Bootcamp - Scheduled
Right now I have a 5 day CISSP bootcamp schedule for end of the month just to surface more weaknesses.

In the Pipe
But after that I am going to break down and work through some Windows 2016/Azure training on Federated Identify and go volunteer to help with our federation projects at work to close the gap some.

Good luck with studying for the CISSP exam! I am going to take it too after I get my Linux+/LPIC-1 certification.

Info_Sec_Wannabe

Good job on the Cloud+ pass!

If I may, would suggest adding the CISSP course in Cybrary.it by Kelly Handerhan (still the 2015 course also) and the free practice tests at https://www.mhprofessionalresources.com/sites/CISSPExams/exam.php?id=AccessControl

tedjames

Info_Sec_Wannabe wrote: »

Good job on the Cloud+ pass!

If I may, would suggest adding the CISSP course in Cybrary.it by Kelly Handerhan (still the 2015 course also) and the free practice tests at https://www.mhprofessionalresources.com/sites/CISSPExams/exam.php?id=AccessControl

Looks like it's still set up for the old 10-domain test. Interestingly, when I remove the ?id=AccessControl from the address, I get the following errors:

Warning: include(exams/.inc.htm): failed to open stream: No such file or directory in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

Warning: include(): Failed opening 'exams/.inc.htm' for inclusion (include_path='.:/web/sites/books/pear/share/pear:/web/sites/books/smarty/libs:/web/sites/books/pear') in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

Nothing like leaving your website wide open.

Info_Sec_Wannabe

tedjames wrote: »

Looks like it's still set up for the old 10-domain test. Interestingly, when I remove the ?id=AccessControl from the address, I get the following errors:

Warning: include(exams/.inc.htm): failed to open stream: No such file or directory in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

Warning: include(): Failed opening 'exams/.inc.htm' for inclusion (include_path='.:/web/sites/books/pear/share/pear:/web/sites/books/smarty/libs:/web/sites/books/pear') in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

Nothing like leaving your website wide open.

Yes, although most of the concepts still apply. Oh... haven't checked that before.. the irony of it..

Daniel333

So status report -

Self Study -
1) I completed CBTNuggets video series
2) Completed a Video series on Application Lifecycle management
3) Slowly hacking through the book "CISSP Exam Prep Q&A book"

Experience -
I realize I have an application life cycle gap and not enough international experience. So I started attending our lifecycle teams meetings and working on GDPR

Formal Training -
In a physical class all week for the CISSP with Quickstart.com so far so good.

Changes to my plan -
Adjusting my battle plan to include the CEH bootcamp. The legal parts of the CEH sound kind of interesting. I would do CompTIA PenTest+ but I can't find enough material on that yet.

Daniel333

About 150 pages into my Q&A book and finished day 4 of the bootcamp. A lot of networking which was pretty low level stuff so I checkout for most of it and read the book some. "feels" like December based on all the standards I have to memorize

Daniel333

Finished a CISSP bootcamp. I picked up a few little things but largely it's just refining definitions. I made a flashcard for every major term and am hacking through it. Taking the weekend off from studying them I am going to finish this book of Q&A https://www.ebay.com/itm/Cissp-Exam-Prep-Questions-Answers-Explanations-1000-Cissp-Practice-Question/381255102069?epid=124170054&hash=item58c4932e75:g:UtYAAOSwz7NaV~TO

then when I am done doing that, I'll start the official text book. Aiming for December at this rate.

Daniel333

Status report -

1) Completed a CEH bootcamp as a review of hacker misc. Was probably the worst class I have done online. But at least it forced me to review.
2) I am in a number of security talks at the upcoming Splunk conf in Orlando.
3) Nearly done working though CISSP Exam Prep Q&A book. Going slow, reading on every subject I Have the slightest hesitation on.

Once I finish Splunk conf and this book. Then I am working through the SYbex Q&A book. Then ill probably go into a massive review mode, and schedule the test. AIming for November ish now.

Daniel333

So got lazy here and really haven't done much to speak of. I did finished working through CISSP Exam Prep Q&A and getting 70ish% here and there. Legal terms and "models" are what are getting me the most.

1) Plan is to get back on track with 4-6 hours of reviewing CBT training with Pluralsight and the new CISSP when it comes out from cbtnuggets while I am on the train
2) work through the stack of flashcards I've generated from studying
3) I signed up for "coaching" with Cbtnuggets, looking forward to seeing how that works out. See if they have some insight I can get.

Once I have that done I'll reevaluate. I'd like to see my pre-test scores in the 90%s before I tackle the exam. That said, sure would be nice to finish this exam before the new years.

Daniel333

1) Completed both the Pre-2014 and pre-2018 CISSP CBTNuggets
2) Worked though another 200 flashcards
3) Been pushing CISSP terminology as much as I can at work and in my day to day
4) Been nosing my way into Application lifecycle talk at work as much as possible since October to close that gap.

Some thoughts -
The deeper I get into CISSP the less I find myself respecting it. I am hoping things will change and the ISC2 community is where the value is at. Right now I think my time would have been better on really anything else.

DZA_

Daniel333 said:Some thoughts -
The deeper I get into CISSP the less I find myself respecting it. I am hoping things will change and the ISC2 community is where the value is at. Right now I think my time would have been better on really anything else.

Why do you find that so? the CISSP CBOK is just a baseline to the knowledge that you have to understand like every other exam. I think it's the initial hurdle or the mindset when studying for the CISSP is to do anything but study for the CISSP. Once you're past that, you'll be glad that you've pass the exam. Good luck on your CISSP journey.

COBOL_DOS_ERA

I couldn't agree more with @DZA_. CISSP CBOK is a dry baseline reading. I had the same mindset back in 2011 when I took the exam and flaked it with 630. I decided to take the exam in July 2019. I never gave up on CISSP, so after almost 8 years down the line, I decided to give it a shot.

c5rookie

The deeper I get into CISSP the less I find myself respecting it. I am hoping things will change and the ISC2 community is where the value is at. Right now I think my time would have been better on really anything else.

Similiary comments as @DZA_, depending on how much exposure you already have to the domains, the material can seem rather dry. When I was studying for it back in 2015, I found certain books and study materials tough to go through as they had numerous typos and referenced unresponsive links. If you don't mind watching videos, Larry Greenblatt has some decent videos on YouTube that people have recommended in the past. He's gone back and forth with letting people watch the videos for free and charging a fee to watch them.

Daniel333

All,

I almost forgot I started this thread. Might as well close it. I was having trouble scoring at anything I could respect enough to take the exam. I worked with a career coach and did another 100 hours and interviewed a bunch of CISSPs/Security professionals.

Of the ~10 CISSP I spoke with very few passed legit.

All cheated with ****. After speaking to a professional trainer on the subject, he stated it was close to 95% dumpers. Anyhow, based on how wide ranging material ("what temperature do you store 5 1/4" floppies?", "What grade door frame do you use in a data processing facility?" "What was the name of the device used to hack legacy POTS lines in the 1970s?") and the feed back I got from these folks this exam wasn't for me. I might circle back around if a job ever demands it. But as it stands it's never been in demand.

Honestly the lesson learned was asking all the security experts to coffee/beer did more for my insight intro security than anything. It's like they say, who you know! Switching gears for a few months and going to snag a few low hanging certs and find a public event to speak at.

fadster

Very detailed process of your study journey.
I did a few things to pass the CISSP exam.

1. Studied the official CISSP ISC2 sybex book
2. Did and reviewed ALL 20qns after each chapter
3. Used the questions bank from Sybex
4. Read Shon Harris' CISSP book and did the practice questions
5. Did the Shon Harris' practice exam questions

In short, 70% practice questions and 30% reading.
I did not bother with the videos, flashcards, boot camps, audio MP3 or any other study aid. Maybe sometimes Google just to know more about certain things that i am interested in.

Completed 150qns in 2hr30mins and passed the CISSP on 21 Aug 2019. My brain was fuzzy after the test. Undergoing endorsement now.

I find the questions for the CISSP look like English GMAT. The questions are a few lines long (a paragraph) and sometimes you wonder what the heck is it asking... Twisting of words and answer choices can be very very close to one another.

Main strategy is to work on the practice questions when preparing. And during the exam, read the questions and answer choices 4 to 5 times.

All the best!