Study Notes and Theory

You might see a lot of questions on the CISSP practice exam questions about rule-based and role-based access. Firewalls are an example of rule-based access. Active Directory user profiles are a form of role-based access. Role and Rule-based controls are called Non-Discretionary controls. 8 years ago when I was just a junior systems administrator, the IT Director provisioned me a new desktop computer networked to Active Directory. I wanted to immediately change the desktop

Rijndael can use different block sizes, but AES uses a fixed block size of 128-bits. So for AES, the block size must always be 128-bits!!! Key Size Block Size 128 128 192 128 256 128 Basic Information for Rijndael Official NIST standard Won first place out of 15 other AES contestants Pronounced “Rhine Dall” Named after its developers Vincent Rijmen and Joan Daemen Rijndael is the actual name of the algorithm, AES is the standard Symmetric block cipher Proved to have the best

Before you read this post, just remember that whether you are a soldier, a criminal, an investment banker, or a superhero…at the end of the day there is only one set of morals you follow: your own.   “Hello Luke, do you know where I may obtain Shon Harris CISSP Study Guide 9th Edition ?”   “Sure, you can get it at Amazon.com for a really great deal!”   “Oh I mean, can you tell me where I can get the PDF version for free?”   Does everyone see the irony in this scenario?   If

I mean what kind of email even is this?  My jaw dropped and I had to read the email a few times to understand what exactly it was “offering”.  This company really wanted to create a CLONE of me (a weirdo in a helmet), and then said the clone would what?  Talk in front of a camera and create CISSP videos?  Even the real Luke Ahmed doesn’t get in front of the camera, what were they even talking about? They said I would no longer need to film videos for my Accelerator .  An AI a

“I’d be nervous for you on this day… but I already know the result :)” – Luke Ahmed Today is Day 50 of Yihenew’s CISSP study plan — the last-minute review day  before the exam. At this point, you’ve gone through dozens of domains, hundreds of concepts, and probably thousands of questions. But today isn’t about cramming  — it’s about calm control . This is where everything you’ve studied over the past 49 days aligns into clarity. You’re not a student anymore — you’re a profess

“Getting close to exam date, my brother! Contact me and we can discuss any last-minute passing advice!!” – Luke Ahmed Today is Day 49 of Yihenew’s CISSP study plan, focusing on Common Criteria (CC)  — one of the most testable topics under Security Engineering  and Evaluation Frameworks . Common Criteria is about trust  — verifying that security products actually do what they claim to do. As a CISSP, you’re expected to understand not how to configure a system, but how to evalu

“Flashcards are essential for quick review and to remind yourself what you need to remind yourself :)” – Luke Ahmed Today is Day 48 of Yihenew’s CISSP study plan, focusing on one of the most management-centric topics in Domain 1: Policies, Standards, Baselines, and Procedures  — the foundational hierarchy of security governance. These documents define how an organization translates security intent  into consistent action . CISSP students often mix them up, but understanding h

“Countdown to destiny!” – Luke Ahmed Today is Day 47 of Yihenew’s CISSP study plan — a reflection and reinforcement day focused on handwritten notes  and one of the most fundamental CISSP concepts: the OSI Model . At this stage of the journey, you’re not just studying — you’re consolidating . The goal is to strengthen neural connections between concepts you’ve already learned. Reviewing your notes and testing your recall on frameworks like OSI is how you move from understandi

“No quote today — because incident response doesn’t wait for perfect timing. It demands readiness, action, and composure.” – Luke Ahmed Today is Day 46 of Yihenew’s CISSP study plan, focusing on Incident Response (IR)  — one of the most real-world, high-pressure topics in the CISSP exam and in the cybersecurity profession. Incident response is where theory meets crisis. It’s not about preventing every incident — it’s about preparing for the inevitable, minimizing impact, and

“STRIDE and threat modeling — essential CISSP topics to know FULLY!” – Luke Ahmed Today is Day 45 of Yihenew’s CISSP study plan, focusing on the STRIDE Model  — one of the most recognized threat modeling frameworks in cybersecurity. Developed by Microsoft, STRIDE helps identify, categorize, and mitigate potential security threats during system design. For CISSP candidates, understanding STRIDE is critical because it aligns directly with risk management , software security , a