Will be starting down the CCIP track soon (got the job)

Shon Harris All in One is really all you need. I can't speak for the quality of the Sybex or McGraw Hill books but the AiO is all I used and I know several other individuals that used it as their sole source of study material.

Link: http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=sr_1_1?ie=UTF8&s=books&qid=1219412174&sr=8-1

networker050184

Nothing really helpful to add, I just wanted to say congrats on the tentative job and good luck on the CISSP journey!

RTmarc wrote:

Shon Harris All in One is really all you need. I can't speak for the quality of the Sybex or McGraw Hill books but the AiO is all I used and I know several other individuals that used it as their sole source of study material.

Link: http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=sr_1_1?ie=UTF8&s=books&qid=1219412174&sr=8-1

You didn't like the official guide?

Congratulations Boz, you definitely deserve something like this.

Paul Boz

Just bought the Harris book also, thanks for the tip.

dynamik wrote:

RTmarc wrote:

Shon Harris All in One is really all you need. I can't speak for the quality of the Sybex or McGraw Hill books but the AiO is all I used and I know several other individuals that used it as their sole source of study material.

Link: http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=sr_1_1?ie=UTF8&s=books&qid=1219412174&sr=8-1

You didn't like the official guide?

Congratulations Boz, you definitely deserve something like this.

Nope. Found the ISC2 material to be too dry and splintered. You know how writers have their own style? It felt like the ISC2 material was written by several different people whereas the AiO - still dry - was a single, flowing style. If that makes sense.

Wasn't the official guide written by several people? I might be thinking of their SSCP book. I'm pretty sure one of my SSCP/CISSP books had a lot of authors...

That makes sense though. I have both, but it's good to know the AIO is sufficient. I'll probably still skim the official guide for review. Thanks.

Just curious Paul, do you meet the experience requirement or are you just aiming to start off as an associate?

dynamik wrote:

Wasn't the official guide written by several people? I might be thinking of their SSCP book. I'm pretty sure one of my SSCP/CISSP books had a lot of authors...

That makes sense though. I have both, but it's good to know the AIO is sufficient. I'll probably still skim the official guide for review. Thanks.

Yeah, both have multiple authors.

I blame the publisher for the lack of proper editing of the Official (ISC)2 Guide to the CISSP Exam book. The Information Security Management Handbook (6th ed.) has articles from over 100 authors and it is a much more coherent read. I'm using the Handbook to study for the CISSP now, and I'll post which of the 119 articles I think are best to read for the CISSP.

Also, using only the Harris AIO book is only a good idea if you already have a broad knowledge and experience of InfoSec. Most people (including myself) should read about the domains from different sources to get different perspectives on the material. Understanding how the CBK concepts work and are used in InfoSec is as important to passing the CISSP exam as the memorization of rote facts.

I think I will pick up the Harris book.

Some interesting comments by her on amazon about the state of the field..

I have been in the "CISSP world" for over 10 years now. I have taught it for 8 years around the world for corporate and government agencies. I have written books on it, developed products, webinars, study materials, etc.
Over the years I have noticed that the students who are attempting to achieve their CISSP certification have changed in their approach. Five years ago people studied material on their own for months before attending a CISSP bootcamp course. This is necessary because no one can really learn the extensive material that the CISSP exam covers in just 5 days. Over the last few years, I have seen a real switch in the approach of achieving this credential.
Since the information security market is continually growing and security professionals are in such high demand, many people are jumping into the industry without a solid foundation of knowledge and experience.
People who worked in information security five years ago and back had to be very self motivated to learn this trade because there were no security courses, books, websites, and resources available to them as there are today. These individuals had to have a solid system and network skill base in place because that is where security was in those days – just at the protocol and port level.
Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam. While many individuals want to increase their career opportunities and companies want to brag about the number of CISSPs on their staff – the individual, company, and industry are cheated with this approach.
While the CISSP exam is not made up of very useful and effective questions, the Common Body of Knowledge (CBK) is the crux to understand for any type of security today. If an individual has a solid grasp of the concepts and topics that make up the 10 domains of the CBK, advancement in a career is a given where just obtaining the CISSP certification is not.
I have taught classes where people have asked me what a MAC address is, what ARP does, asked me to explain Remote Procedure Calls (RPCs). Internally I cringe because I see that the person does not have a solid technical base. Although security is more than just technology, technology is still the important core that most security practices surround.
I also cringe when I hear students complain because there is too much information covered in the five day class. I agree that there is a tremendous amount of topics covered in a CISSP course, but it is only overwhelming if the person has not studied on their own for months before attending one of these courses.
Studying for the CISSP exam correctly can be one of the best investments you will ever make in your career, because all fields of security builds upon the foundational material that the CISSP exam covers.
Because of this shift from attempting to learn the material to just looking for brain **** and other shortcuts, I have made a shift in my company’s CISSP offerings. Materials that we once charged for are now included in our CISSP offerings or free. Although this does affect our bottom line, I think it is critical that people actually LEARN the security information – otherwise we are all wasting our time.
We have changed our model of teaching by providing students with study material in several formats (CBT, on-line questions, MP3s, books, etc.) for free to help them properly prepare themselves for our five day CISSP course. People learn in different ways (reading, listening to lecture, doing) which is why we have developed several different formats for proper knowledge transfer to take place.
I know many people’s goal is to be able to have CISSP after their name on their business cards, but my and my team’s goal is to ensure that the effort of studying is directly beneficial to the individual, their company, and the industry over all.
For more information, please visit www.logicalsecurity.com/solution or contact me directly at ShonHarris@LogicalSecurity.com.
We are all in it together, so it is important to help each other out as much as we can.

Postscript..

Some of the reviews are a bit disconcerting. I hope this book isn't plagued by attempts to be funny like Clarke did in his Novell CNE offerings. The CNE superhero cartoons at the beginning of chapters were ok but the zany humour throughout really began to grate once you were stuck with a 1000 page book on a late commute after a tough day in the IT biz...

'I've read many technical books throughout the years and I can honestly say this had to be in the top three most painful. 1100+ pages of inane comments, repetitive text, and poor topic transitions. That doesn't even cover the technical, typographic and other errors that should have been caught during the editing and technical review phases.

The authors attempt at injecting humor into the text falls flat. Starting most topics with an annoying quip just makes reading the book that much more difficult. For example, from Chapter 7: Telecommunications and Network Security, page 542, 'Layer 3 and 4 Switches' begins with, 'I want my switch to do everything, even make muffins.'

By the fourth chapter I had gotten used to skipping over any italicized text after a section break. This flaw carries over into the main text as well but it is near impossible to tune that out as you might miss something actually relevant to the topic.

Many of the examples used throughout the book are childish and overly simplistic. As a book touting "professionalism" it should be updated appropriately.

This being the fourth edition you would expect many of these issues would have already been addressed.'

Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam.

This lines strikes me as really odd. Rote memorization of the material is not a guaranteed pass, and is definitely not the formula for success for the CISSP exam. Also, Shon Harris' material continually emphasizes "what you are most likely to see on the exam," and encourages candidates to more thoroughly understand those topics (e.g., BCP/DRP, access controls, risk management) above other, less important domains (e.g., operations and physical security).

And I think you need to read past the "funny fluff" in the AIO and just concentrate on the information it provides. Just because a book has some bad writing or literary devices that don't quite work doesn't invalidate the information that's in the book.

JDMurray wrote:

Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam.

This lines strikes me as really odd. Rote memorization of the material is not a guaranteed pass, and is definitely not the formula for success for the CISSP exam. Also, Shon Harris' material continually emphasizes "what you are most likely to see on the exam," and encourages candidates to more thoroughly understand those topics (e.g., BCP/DRP, access controls, risk management) above other, less important domains (e.g., operations and physical security).

And I think you need to read past the "funny fluff" in the AIO and just concentrate on the information it provides. Just because a book has some bad writing or literary devices that don't quite work doesn't invalidate the information that's in the book.

Well I think if you are stuck with a book and want to get the information out that's what you will have to do. I just hope the humour doesn't get on my nerves.

Anyone read this book and found it a pain in the ass to read because of the naff humour?

Turgon wrote:

Well I think if you are stuck with a book and want to get the information out that's what you will have to do. I just hope the humour doesn't get on my nerves.

Anyone read this book and found it a pain in the ass to read because of the naff humour?

Does the "naff humour" on TechExams get on your nerves?

Turgon wrote:

JDMurray wrote:

Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam.

This lines strikes me as really odd. Rote memorization of the material is not a guaranteed pass, and is definitely not the formula for success for the CISSP exam. Also, Shon Harris' material continually emphasizes "what you are most likely to see on the exam," and encourages candidates to more thoroughly understand those topics (e.g., BCP/DRP, access controls, risk management) above other, less important domains (e.g., operations and physical security).

And I think you need to read past the "funny fluff" in the AIO and just concentrate on the information it provides. Just because a book has some bad writing or literary devices that don't quite work doesn't invalidate the information that's in the book.

Well I think if you are stuck with a book and want to get the information out that's what you will have to do. I just hope the humour doesn't get on my nerves.

Anyone read this book and found it a pain in the ass to read because of the naff humour?

It wasn't bad. It had it's points but it wasn't annoying like a lot of other books out there.

JDMurray wrote:

Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam.

This lines strikes me as really odd. Rote memorization of the material is not a guaranteed pass, and is definitely not the formula for success for the CISSP exam. Also, Shon Harris' material continually emphasizes "what you are most likely to see on the exam," and encourages candidates to more thoroughly understand those topics (e.g., BCP/DRP, access controls, risk management) above other, less important domains (e.g., operations and physical security).

And I think you need to read past the "funny fluff" in the AIO and just concentrate on the information it provides. Just because a book has some bad writing or literary devices that don't quite work doesn't invalidate the information that's in the book.

I think that comment was directed towards was more of knowing just enough information to pass the exam versus knowing the topic. For example, just knowing ISO 17799 or 27001 and knowing a brief summary of what each detail is one thing, but really knowing what they are is another. I certainly agree with the point that is not a good idea if you want to pass the exam the first time. This is one of the more costly exams out there and people generally don't want to fail this one more than once - realistically ever. I was lucky enough to pass it on the first time but I know if I didn't, it would have been a while before I would consider throwing another $500 at it.

RTmarc wrote:

it would have been a while before I would consider throwing another $500 at it.

It's up to $569US now.

JDMurray wrote:

RTmarc wrote:

it would have been a while before I would consider throwing another $500 at it.

It's up to $569US now.

Yikes. Definitely glad I didn't have to pay more than once.

JDMurray wrote:

Turgon wrote:

Well I think if you are stuck with a book and want to get the information out that's what you will have to do. I just hope the humour doesn't get on my nerves.

Anyone read this book and found it a pain in the ass to read because of the naff humour?

Does the "naff humour" on TechExams get on your nerves?

Not particularly, but then I don't have to read it all do I? If the humour spin in the book becomes tedious it can get in the way of concentrating on the good material in the book. I know, I suffered Clarke in the past

RTmarc wrote:

Turgon wrote:

JDMurray wrote:

Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components that they will most likely see on the exam.

This lines strikes me as really odd. Rote memorization of the material is not a guaranteed pass, and is definitely not the formula for success for the CISSP exam. Also, Shon Harris' material continually emphasizes "what you are most likely to see on the exam," and encourages candidates to more thoroughly understand those topics (e.g., BCP/DRP, access controls, risk management) above other, less important domains (e.g., operations and physical security).

And I think you need to read past the "funny fluff" in the AIO and just concentrate on the information it provides. Just because a book has some bad writing or literary devices that don't quite work doesn't invalidate the information that's in the book.

Well I think if you are stuck with a book and want to get the information out that's what you will have to do. I just hope the humour doesn't get on my nerves.

Anyone read this book and found it a pain in the ass to read because of the naff humour?

It wasn't bad. It had it's points but it wasn't annoying like a lot of other books out there.

Ok. Thanks RTmarc!

shednik

Best of luck to you Paul, any good details on the job on what you'll be doing??

Paul Boz

shednik wrote:

Best of luck to you Paul, any good details on the job on what you'll be doing??

I had a second interview on Thursday with the CTO of the company and he was very positive. He asked permission for a background check and told me that someone below him would get in touch with me. I've got a few friends that work there who said that on Friday they re-arranged most of the office so I doubt they got anything done. I hope to hear from them early this week. I was at my draft party last night and a guy that works there struck up a conversation with me because he recognized seeing me in the office for my interviews. He asked me what certifications I had and I told him, and he said that I would be the highest-certified person they employ, so he feels the job is essentially mine. That's all I know right now. I'm at the mercy of 1. whether they want to hire me or not and 2. how quickly they move their feet.

As far as what the job would be doing.. Flying all over the country doing risk assessment, remote and local penetration testing, asset theft, intrusion, dumpster diving, etc. The job also entails a lot of auditing and software vulnerability attacking. It would be a great experience so I hope I get the job. I don't have any experience in that field but I've done a lion's share in reading and studying other professionals and I'm 100% positive that I can excel at the job. While preparing for my battery of interviews I found that I really enjoy this line of work so if they don't hire me I will continue looking for work in this field.

Paul Boz wrote:

shednik wrote:

Best of luck to you Paul, any good details on the job on what you'll be doing??

I had a second interview on Thursday with the CTO of the company and he was very positive. He asked permission for a background check and told me that someone below him would get in touch with me. I've got a few friends that work there who said that on Friday they re-arranged most of the office so I doubt they got anything done. I hope to hear from them early this week. I was at my draft party last night and a guy that works there struck up a conversation with me because he recognized seeing me in the office for my interviews. He asked me what certifications I had and I told him, and he said that I would be the highest-certified person they employ, so he feels the job is essentially mine. That's all I know right now. I'm at the mercy of 1. whether they want to hire me or not and 2. how quickly they move their feet.

As far as what the job would be doing.. Flying all over the country doing risk assessment, remote and local penetration testing, asset theft, intrusion, dumpster diving, etc. The job also entails a lot of auditing and software vulnerability attacking. It would be a great experience so I hope I get the job. I don't have any experience in that field but I've done a lion's share in reading and studying other professionals and I'm 100% positive that I can excel at the job. While preparing for my battery of interviews I found that I really enjoy this line of work so if they don't hire me I will continue looking for work in this field.

Good luck Paul. Sounds like you might enjoy this job. I often provide details to the pen testers in my gig.

It's hard for me to be happy for you since I'm so jealous

Good luck man. That sounds like a sweet gig; I hope you land it!

snadam

dynamik wrote:

It's hard for me to be happy for you since I'm so jealous

Good luck man. That sounds like a sweet gig; I hope you land it!

makes at least two of us.

Congrats Paul, I hope all goes well.

snadam wrote:

dynamik wrote:

It's hard for me to be happy for you since I'm so jealous

Good luck man. That sounds like a sweet gig; I hope you land it!

makes at least two of us. Congrats Paul, I hope all goes well.

Make it three. I'd love to give that career a try too.

Paul Boz

I got the job! I got off of my current side job and had a offer letter in my email. I'm extremely excited

gojericho0

Congratulations Paul! Well deserved

Very nice! Make sure you give us a journalist accounting of what exciting things you are doing in the weeks and months ahead.

snadam

Paul Boz wrote:

I got the job! I got off of my current side job and had a offer letter in my email. I'm extremely excited

let the jealousy commence!!!

congrats, an individual like yourself deserves this opportunity.