love at first sight
My journey to CISSP certification really began in 2014 when I first got my hands dirty with Cisco, Checkpoint security appliances, but my decision to really pursue CISSP certification began with a conversation that took place at Microsoft in 2014 ,when I was chatting with a friend there.
He encouraged me to look into the certification process.
After that, another colleague in Cyber-defence at IBM mentioned the certification and its position among top 10 IT-Certifications, as well.
Why is it worth taking CISSP-Exam?
For those who don't know, Certified Information Systems Security Professional (CISSP) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².
CISSP is the most globally recognised certification in the information security market. It validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organisation.
"CISSP is formally approved by U.S. Department of Defence (DoD) and adopted as a baseline by U.S. National Security Agency (NSA) for their certification requirements."
Know what is required:
First thing first!
The very first step in getting prepared for any exam is to understand what is required.
The CISSP exam is based on the CISSP Common Body of Knowledge (CBK), which covers a very broad spectrum of topics across information systems security grouped under 8 distinct domains:
Security and Risk Management
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Software Development Security
To be eligible you need to have at least 5 years of cumulative work experience in 2 or more domains. However, a 4-year college degree or an additional credential from the (ISC)² approved list will satisfy 1 year of the required experience.
There is an outline provided by (ISC)² CISSP-Exam-Outline, to be a great point to start to understand the high level scope covered by each of the CISSP CBK domains.
The CISSP exam used to be a 6-hours paper based exam with approximately 250 objective questions.
Gratefully, since December 2017 (ISC)² switched to a Computer Adaptive Test (CAT) format, for those taking the exam in English, which is now just 3-hours long with up to a maximum of 150 objective questions. (It can vary)
Each question in the CAT format has different level of severity based on the complexity of the question, with the overall passing score of 700 out of1000.
Schedule the exam through Pearson Vue. The exam fee at the time of this post was $599.00 USD in Europe.
Pass the exam with a scaled score of 700 or greater.
Complete the endorsement process by subscribing to the (ISC)2 Code of Ethics and submitting the endorsement form (which is completed by an active (ISC)2 member). You must become certified within nine months of the date of your exam or you will be required to retake the exam.
Maintain your CISSP by paying the annual maintenance fee, abiding by the (ISC)2 Code of Ethics and obtaining 40 CPEs per year.
Seems pretty straight forward, right?!!
You cannot memorize a bunch of facts and have any hope of passing this exam. There are some questions that are simple facts, but they’re very few in number. Most questions require that you understand processes and be able to think through scenarios in order to arrive at the best answer. (Be careful It is also an English exam 😃 !
Each question is reviewed several times by legal advisers ,attorneys and lawyers)
If your background is mostly technical, better to train yourself to think like a manager.
Quick fix options like “close firewall port x” are not the type of answers that will be considered acceptable (Those are for candidates who have CCIE-mindset).
From some negotiations with others who have already taken the exam, I’ve also discovered that each exam is weighted toward one domain or another, so don’t expect an even distribution of questions from the eight domains, either. You must master all of them and be able to reason why one answer is better than another.
In addition to the questions extracted from the (ISC)2 CISSP CBK, there are evaluation questions mixed in. You will not know which ones they are except for the obvious content that is pulled from left field. Good news is those questions don’t count for or against your score. According to (ISC)2, all questions are pulled from information discussed in the (ISC)2 CISSP CBK. There are some questions on my exam that contained terminology that I had not prepared my self in advance for them.
If you think you can get a question dump, review the answers and expect to pass the exam, you might as well save your time and money and not take it. Chances are really slim that you will pass.
I know people who have studied very hard for the exam and failed it more than once. In addition, releasing exam questions clearly violates the (ISC)2 Code of Ethics and those doing so, if certified, are on shaky ground ethically.
Here’s how I prepared for the exam:
NEVER rely on ONE source for ANYTHING !!!!!!
First, I purchased the Official (ISC)²® Guide to the CISSP® CBK® 2018 edition (CBK), the Official (ISC)² CISSP Study Guide and the Official (ISC)² CISSP Practice Tests. You can find them for reasonable prices. I chose to read the entire CBK cover to cover first of all. I must confess that I did not read it in great detail, and I glossed over the sections that were repetitive. Keep in mind, the CBK is boring, disorganized, often repetitive, and at times contradictory. It is an awesome in-depth reference and covers most of the material thoroughly , but it is an aggregation of work by multiple authors and therefore has no consistent style or format (It’s my personal experience).One author might do a poor job of explaining a topic only to have another author explain things in a manner that you understand clearly later in the volume.
Thankfully, I was also fortunate enough to attend an online course provided by my employer Dimension Data. I watched DEFCON seminars and attended Hackathon events in Austria as much as I could. There are many security related videos on Youtube nowadays!
One of the is CEH (certified ethical hacker) made by dear Keith Barker which really served as a phenomenal review for Hands-on and confidence builder for me.I reviewed almost all of his videos on Youtube multiple times! His voice and laughing sound are still in my head.
Time is up and it’s EXAM DAY!
If you do the right thing at the right time you will get rewarded.
Even the most complicated tasks can be tackled using the simplest of solutions, and the CISSP is no exception. I wont be the first or the last person to say that, your biggest help in passing the CISSP exam is absolutely going to be your experience.Exam day is NOT the review/learn day!
Sleep well the night before your exam, wake up early at 5 AM, take a freezing cold shower and eat a huge breakfast (It is optional -At least it worked for me every time), do some sport and appear at least 30 Minutes in advance in test center.
There is gonna be Robust security measures – not used when the exam was delivered via pencil and paper testing – include palm vein recognition. The technology is used to scan a candidate’s palm and ensures their identity by matching the unique vein formation in their hand, making sure the right candidate takes the test at the right time.
Everything, including watches and jewelry, must be stored in a locker. You can take nothing into the test with you. The testing center provided a dry erase board, and there was a calculator built into the testing computer.
As I started the exam, I found the initial set of questions to be simple and straightforward. I knew that if I kept getting most of the answers right at the kick-off , the upcoming questions would get more and more complex until I reached a stage where the questions were of an average difficulty level that I could suffer :) . I could clearly feel the complexity of the subsequent questions gradually increasing.
It felt like being in an interview with someone, who wants to proof you that he/she knows more than you!
You have no way going back and reviewing the previous question like in Cisco exams, which I felt was actually usual. It ensured that I gave due respect and attention to each question indeed.
Paradoxically , there was not even a single question which I felt I had seen before in the Sybex Test Bank – Wiley or any similar book.
However, there were some questions that I felt I was able to answer entirely based on my working experience.
I was answering the 143th question and then I clicked on radio button to choose the right answer and then clicked on Next!
An (ISC)2 Logo appeared on monitor and the exam got terminated. I was shocked because I did not get any indication of passing or failing the exam.
I exited the exam room with panicked face, checked out and was handed my results.
I had passed! Whew ... Huge relief!
I did not know my score, as you only receive a score if you fail. Now all I had to do was complete the endorsement form and wait. I should have submit the requirements within a couple of days after passing the exam.
The hardest part is over, all I need to do now is to get an endorsement done by an existing CISSP to formally get my certification.
The 2,430 Euros that I paid for the exam and buying preparation material absolutely didn't go down the drain!!
I should no longer have to contemplate going back to my team embarrassed and telling them that I failed!
All that time when I shut myself off from my friends and family, didn't go to clubs and hug my husky dog (Jaylo -not jeniffer lopez) eventually paid off !
Please do not forget, that you need to get 40 CPEs each year to maintain certification, that is, unless you are into taking this exam again in 3 years.
I'm grateful to work for an organization that prioritizes my professional development as much as I do.
Dear #Keith_Barker and #Kelly_Handerhan have been fantastic mentors that I am excited and humbled to learn from.
I hope you find this post informational and useful in preparation for your CISSP journey!
Please feel free to ask me your questions you might have, and good luck in your certification pursuits!
Constantly fail, learn, adapt and secure!
TRADEMARK LEGAL NOTICE
All product names, logos, and brands are property of their respective owners in the Austria or other countries.
All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.
Use of these names, logos, and brands does not imply endorsement.
The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other