Passed

keatron

Just got the good news this morning, I passed the CISSP exam. Edorsement form has already been faxed, so I should be official in the next few days!!!

What I did to study

Shon Harris all-in-one 2nd edition
CISSP Study Guide 2nd edition by Ed Tittle
Advanced CISSP prep guide by Ronald Krutz
Official ISC2 study guide
Mike Meyer's CISSP passport (more Shon Harris)

Experience got me through at least 20 questions or so that covered things not covered in any of the materials I read above.

Spent some time on cccure.org
Spent some time reading papers on the SANS website (be careful here as some of these papers are written by security professional hopefuls.)

Things I actually did on the job that helped me prepare include,
BIA, set up, created filters for, and tweak snort all the time, disaster recovery planning, security models, BCP.

I stayed away from any exam prep questions until I was confident I knew the material well (or so I thought!!!!!!)

And of course, hung out on this site!!!

Ricka182

congrats!!

jescab

CONGRATZ..........

evanderburg

Scary that there were still so many questions not covered in all that material you used. Good thing they have an experience requirement for CISSP, right?

JDMurray

Congratulations! A fantastic accomplishment!

keatron

Thanks much guys!! Those of your preparing for this, expect the BCP, DRP, and Risk Assesment stuff to put you to sleep constantly. I found myself going and actually doing these things for smaller companies for peanuts, and for existing clients for peanuts just to get the theory and processes burned into my brain. This helped me tremendously. Basically just tried to identify in the real world some of what they're saying in the books. Do understand this, no matter how you go about it, it's still going to require a ton of reading. Who the hell ever heard of Bell LaPadula before preparing for this exam!!!!!!!!(except those of us with a little military experience )

You'll hear this many times more and might have already but the way I felt after leaving the exam was "I know I passed for sure" mixed with "I wonder what judgement call they were looking for on that question". Most of the questions are extremely vague, (Microsoft is no longer the kings of stiffing you with those types of questions). The whole give us the BEST answer concept will scramble your brain some too. I know of several questions that I was absolutely sure that all 4 were totally wrong.

Although people say it's a mile wide and inch deep, don't go inexpecting that. Some of that stuff was definantly deeper than an inch!!!!!!.

I;ve heard from reasonable sources that the exam question pool conists of about 8000 questions (good bye braindumpers)

This is off the topic a litttle but funny as heck. Someone today showed me a link to a training/test companies who have tesimonials posted from people claiming they made a 970 blah blah bla. This tickled me to death (especially I know that you don't get a score if you pass!!!

Amazing what people will try and to to make a buck.

Good luck you all.

ASUSTeK

King Keatron how may i serve you?

Webmaster

Congratulations Keatron!

And thanks for all the valuable info. I was hoping you could share your opinion about the CISSP Study Guide 2nd edition by Ed Tittle and the official guide by ISC2. I'm thinking of getting the latter to go with the Shon Harris book. What do you think is the ideal combination of two books?

I know of several questions that I was absolutely sure that all 4 were totally wrong.

I hate those, did you get a chance to report/comment on questions?

Someone today showed me a link to a training/test companies who have tesimonials posted from people claiming they made a 970 blah blah bla.

I've seent hose too a couple of times, almost made me wonder if they do give the score in some locations.

I;ve heard from reasonable sources that the exam question pool conists of about 8000 questions (good bye braindumpers)

That's something the other exam vendors can learn from. Mr tk and his shady colleagues won't be able to photograph/steal such a large nr of questions. They way they work, they should create an entry-level cert to 'replace' security+.

Who the hell ever heard of Bell LaPadula before preparing for this exam!!!!!!!!

I hope everyone with a security+ cert...

JDMurray

Webmaster wrote:

keatron wrote:

Who the hell ever heard of Bell LaPadula before preparing for this exam!!!!!!!!

I hope everyone with a security+ cert...

Yes, exactly what I was thinking. I remember that I had one or two questions involving BLP on my Security+ exam. OS security models are part of the TICSA too.

keatron

Johan, definantly Shon Harris (2nd or 3rd editiion) + ISC2 official study guide if I had to pick two.

Guys, you know what? I can't remember anything about BLP on Security+, it's been a while since I took it, but I don't remember anything about BLP. Maybe it's all becoming a big blur now!!! I guess I'm gettin old.

Webmaster

Thanks, I'll get the Official guide too then.

Guys, you know what? I can't remember anything about BLP on Security+, it's been a while since I took it, but I don't remember anything about BLP. Maybe it's all becoming a big blur now!!! I guess I'm gettin old.

For the security+ exam one merely needs to 'know of it' (as being MAC related), nothing compared to the details for the CISSP, so I wouldn't worry about it.

keatron

Yeah, the official study guide is by no means the best written, but it's the closest to covering or at least making you aware of all the concepts you'll be tested on.

Webmaster

I read several reviews that said the same thing, that it's not well written, kinda why I had some doubts about buying it. But I also heard it does cover several essential details that aren't in others. As long as it's technically accurate I don't mind an occasional typo/grammar error, and with the cost of the exam, I don't mind spending the money on it either.

keatron

I almost didn't get it until I browsed through one a friend of mine had purchased.

keatron

Just an update, I passed the audit and endorsement process (got the email this morning). So I'm official

RussS

Way cool Keatron

keatron

Thanks Russ, and again thanks to Johan, JDMurry, /usr, Kenny, and other security folks who helped "actively or passively" I know, it's lame....lol

Chivalry1

Congrats.

Ten9t6

Congrats....

Now you just have to do the work for the points to keep it. This is just the start for this certification. It is a great one to have.....What are thinking about doing now?

Congrats again!!!!

Kenny

keatron

Well actually this year I've done a ton of training and speaking. I just got invited to join the Speaker's Bureau today (ISC2). And the person who invited put me into contact with the editor for the ISC2 Security Journal. So I'll definantly be trying to meet my publication/article quota. Looking into specializations (within the next 18 months or so). I've always been one to study the requirements for the cert, go out and actually do related work, then go for the cert. So more than likely, which ever specialization I choose, will be a big chunk of the work I do this coming year. Only problem is I've got a meeting tommorrow with an accounting firm and a large Risk management firm here in Chicago. They're looking to contract out a large portion of their CISSP like work (security audits, DRP and BCP mostly). I was bascially told that we could have the contracts if we wanted them, however I don't want to stretch myself to thin, and I'm not sure I want to focus most of my time on DRP and BCP.

What are your thoughts on this Kenny? Do you do a lot of this stuff?

Bascially I've written several security policies and programs that these two firms have came behind me and audited at some point. Apparently they liked what they saw, which is how the meeting tommorrow was set up. I guess depending on the work load, I could always hire a few more CISSP's with a little experience in this area. Basically myself and my lead network engineer are the only two people in my company with CISSP (the other guys don't have the direct security experience requirement yet)

I'd appreciate some imput from you guys.

Thanks.

rossonieri#1

CONGRATS...

skully93

A very impressive acheivement!

I'm probably a decade behind you, as my security knowledge and experience is strictly physical, but I do LIKE it .

Spreading yourself too thin would probably be the fastest way to tarnish your reputation, because either your support time or the quality of your work might suffer (unless you're a genius and can work that much, in which case I hate you).

You might want to talk with all the involved parties, see where the end goal is and what you have to work with. If you know you can do it but would never get any rest, work with some others and get the work done. You'll still be seen as a great asset, as well as a person worth knowing to rub elbows with.