And so it begins... again

Hey all, haven't been around for a little bit - work, life, studies, ramblings. So anyway, was pretty down on myself for failing the CISM by 2 points last year. Note to self... Study will ya!

Last December I took the CISM with no studies trying to rely on solely experience and for what it's worth, I didn't do good - nope, I didn't pass, regardless if I failed by 2 points or 100 points. So I made it a point this year to take my time where necessary.

I've been swamped with Juniper equipment this year so CCIE studies have went out the door. Sooner or later I will take some of the JNxxx courses - after all they're free

however, I decided to allocate 120 hours study time to ISSEP, CISM and overall information assurance and DRM based studies (where I lacked on the CISM) then I aim on taking the CISM again in June.

For now though, going to go back and do some heavier pentesting studies. The goal for 3rd quarter 2010 (ready for insanity):

Technical
JNCIA, CEPT, CPTS, OPSA, OSCE (next step above the OSCP) 1-2nd quarter 2010

Management (2nd - 3rd)
CISM, *maybe* the CISSP, unsure don't care much for it

Odd-man-out
CISA, NSA-IEM/IAM

My question to all is... What do you do to study? Personally, I have little tolerance for most recommended books because I tend to find "real world" flaws in the content. Because I'm consistently working with security whether it's vuln-assessment, analysis, pentesting, managed svces (firewall, IPS, IDS configurations/management), it's hard for me to sit reading a book when I say: "uh yea but not in the real world!"

What are some recommended ways of UNLEARNING the processes and RE-LEARNING by the book - even when you know it may be incorrect? Anyone... BTW Keatron, if you by chance stumble on this, plan on procuring the InfoSecInstitute package (Pentest), working it out right now..

Find more posts tagged with

Comments

dynamik

Welcome back, and good luck with your studies! I think with a little practice, you learn to answer based on what they want, rather than what's necessarily correct. Unfortunately, Keatron hasn't been active for quite awhile.

What's the deal with your website dude? And where's all this stuff?

Potentially coming soon:
Programming 101
Social Engineering 101
Intro to Forensics
Intro to AntiForensics
Saving Private Ryan
Framing Private Ryan 2009
Penetration Testing Frameworks (OSSTMM explained)
Information Technology Frameworks and Security (CobiT, OCTAVE)

sexion8

dynamik wrote: »

What's the deal with your website dude? And where's all this stuff?

I started to create content but I've been so lost in work and family. I noticed that when I did
the initial write-ups though, far too many "help me hax0r My GiRLfReNdZQ!@" stupidity emails saturated my inbox - so that too made me take a step back.

Maybe I will re-look into doing some write-ups however, I'm such a horrible writer

(added)... I did add a document called "I Didn't Write This Document And I Can Prove It!" (response to "non-repudiation") of which information security managers and forensics professionals didn't necessarily find appealing: http://infiltrated.net/WasntMe.pdf

Turgon

sexion8 wrote: »

Hey all, haven't been around for a little bit - work, life, studies, ramblings. So anyway, was pretty down on myself for failing the CISM by 2 points last year. Note to self... Study will ya!

Last December I took the CISM with no studies trying to rely on solely experience and for what it's worth, I didn't do good - nope, I didn't pass, regardless if I failed by 2 points or 100 points. So I made it a point this year to take my time where necessary.

I've been swamped with Juniper equipment this year so CCIE studies have went out the door. Sooner or later I will take some of the JNxxx courses - after all they're free however, I decided to allocate 120 hours study time to ISSEP, CISM and overall information assurance and DRM based studies (where I lacked on the CISM) then I aim on taking the CISM again in June.

For now though, going to go back and do some heavier pentesting studies. The goal for 3rd quarter 2010 (ready for insanity):

Technical
JNCIA, CEPT, CPTS, OPSA, OSCE (next step above the OSCP) 1-2nd quarter 2010

Management (2nd - 3rd)
CISM, *maybe* the CISSP, unsure don't care much for it

Odd-man-out
CISA, NSA-IEM/IAM

My question to all is... What do you do to study? Personally, I have little tolerance for most recommended books because I tend to find "real world" flaws in the content. Because I'm consistently working with security whether it's vuln-assessment, analysis, pentesting, managed svces (firewall, IPS, IDS configurations/management), it's hard for me to sit reading a book when I say: "uh yea but not in the real world!"

What are some recommended ways of UNLEARNING the processes and RE-LEARNING by the book - even when you know it may be incorrect? Anyone... BTW Keatron, if you by chance stumble on this, plan on procuring the InfoSecInstitute package (Pentest), working it out right now..

Welcome back Sexion.

sexion8

Turgon wrote: »

Welcome back Sexion.

Hello turgon how's it going. Have you checked out the CCDE

Turgon

sexion8 wrote: »

Hello turgon how's it going. Have you checked out the CCDE

Hello Sexion! It's going..slowly

The CCDE I will never have time for.

JDMurray

Just a note: To be CISSP-ISSEP certified you must first be a CISSP in good standing. No harm in studying the CISSP-ISSEP book just for information, but to get the cert you'll need to put getting the CISSP at a higher priority.

And good to see you posting again.

sexion8

JDMurray wrote: »

Just a note: To be CISSP-ISSEP certified you must first be a CISSP in good standing. No harm in studying the CISSP-ISSEP book just for information, but to get the cert you'll need to put getting the CISSP at a higher priority.

And good to see you posting again.

JD thanks for the info I knew this though. I remember my first CISSP book when I first decided to study... (lazily then too) Tipton/Krause - Handbook of Info Sec Management circa end of 96 beginning of 97 (think it might have been the second edition... blue cover, can you guess my age now

)

I like reading various sources of information even if I'm not taking the exam for example.... "Handbook of Information Security" by Bidgoli... If you can't pass ISSEP, ISSAM, CISA, CISM exams with those volumes!!!... I've been on volume 3 for close to a year. If your back can handle carrying it, its great otherwise, its a boat anchor. The information is WAY overkill, yet worth learning. (Amazon.com: Handbook of Information Security, Key Concepts, Infrastructure, Standards, and Protocols (Volume 1) (9780471648307): Hossein Bidgoli: Books) When I get into certain chapters though, its one of those (plane sound....) whoosh that went over my head.

I picked up the ISSEP book to understand DoDAF, FEAF, DIACAP and DITSCAP better for my own good. I have no immediate dealings with the frameworks, methods or controls but it helps get a general understanding of it. I prefer technical versus managerial roles

Nothing beats blaring music, firewalls, etc. which reminds me... Decay Rate sample music I listen to while I study. Made em all myself and strangely I do listen to music while studying... Don't ask strange habit