A Journey to CISSP

Flashback Many years ago, while working as regular IT I hated the work environment when we suddenly out of ink for printer or when we got infected server with no backup, many changes with no requests and cracked software’s are everywhere. I tried to fix some process but there was no management support and I did not have the skills to do it. Iraq (the first Middle East country used the computers in late 70’s in its government entity ) is now a country without any IT regulation ,no rules, no IT policy ,procedure ,no copyrights ,all of government and private sectors are using cracked illegal software, no doubts it’s all because wars and the negligence of politician.

National Challenges I tried to change the infosec culture in any office I worked ,but I almost failed because I tried to copy paste from google without a real knowledge. Jumping many years forward 2016 I was hired in Major PCI company as InfoSec Manager but with no real authorities. They just want to say that we are a secure by hiring InfoSec manager! That was my first year to start the challenge of changing IT community. I quit from them to study for CISA CISM and formed ISACA Chapter (in a country which the Prime Minister may use cracked software because it cost saving!) getting CISA, CISM as a first one in Iraq was a great motivation for many professional to start thinking to get these infosec certification.

I believed that professional security people may be able to change the IT Community culture and not the government laws only. 2019 came and the dream of getting CISSP as a first CISSP inside Iraq is just started, I got AIO also and subscribed to Dr Atef videos and questions which was a real good start. I got pocket prep for daily on the go practice. I solved many questions and realized that no one resource could be enough.

I tried to subscribe to SNT, but PayPal is not working in my country, so I subscribed with my friend who is in other country. I found SNT is different as it is original material and high quality an deserve every cent, the videos and CISSP stories are a jewels as giving real world scenario for CISSP Common Knowledge. Questions are much harder than exam but it will print the concept in your brain and correct your mindset to ISC2 .I did not read Sunflower nor any other pdf but I read my own notes from wrong answers and video’s notes.

Exam Day On 17th Feb 2020 21:30 I booked my exam for the next day which was my 40 birthdays! I accept the risk of failing in my birthday as I began to forget some details. I broke the rules by staying awake all night & keep reviewing weakness.

At 5 AM I said bye to wife, traveling 200 km to the south for exam center. In exam I felt that it is risk game ,the first 30 question took one hours which was too slow! panic I forget the morning coffee and no water bottle in hand !, but I play the game of risk by trying to answer slowly and correctly so I can finish at 100 questions.

The exam kill me with SDLC and I thought I am failing, there were a strange questions no idea what was words meaning ,but I tried to use my analytic and language skill to find the answers. At 100 I clicked end exam and went for taking my stuff thinking with the next try and what will be the resources I should use!!

The Exam admin shouted “Here is your paper, You Passed!” I felt like I just get a lottery win !!and this is a real, CISSP is a great win, not result of luck but result of courage and dedication. My advice is not to memorize, but to realize and understand concept, you are a risk Advisor and not History teacher.

Resources : Study Notes and Theory, Infosec4tc, Sari Green video, Larry Grenabalt notes ,Pocket prep,IT Dojo Practiced about 3000 Questions

Good luck

Ali Mustafa First to pass CISA, CISM, and now CISSP(provisionally) in Iraq