My CISSP Journey.
I hope by writing my journey it can inspire someone and tell them that they can do it. I have no background in Security, or I can say, before this journey, I was security illiterate. As of now, I am an Associate of (ISC)².
The first time I learned about CISSP was in June 2014. I was using Google to search for certificates in Security and CISSP popped up. I went to the bookstore, looked at All in One by Shon Harris and I decided that the material was beyond me. You may ask how do you remember the date. Well, after my initial inquiry, I didn't look further into it until 2016. In May 2016, I decided to visit the topic again, and I did use Google again to search for the available Security certifications. The first page that popped had the caption "You visited this website on June, 14, 2014." At this time, I had a friend who is in the field and encouraged me to give it a try. And I did.
To ease my way into the topic, I studied for CompTIA Security+. I started the studying in July 2016, and passed the test in October 2016. I took a break for a while and during the break, I stumbled upon Facebook Group "Study Notes and Theory".
In January 2017, I decided to start getting more serious but got really sick and didn't do much. Come February, I began studying and decided to start with Domain 4. I see the protocols and I get discouraged. "Did I have to know all of that?". I slowed down after that question. I did watch Kelly videos on Cybrary, but Oh Goodness, the topic still felt like a foreign language to me. I tried watching Sari Green videos, but didn't find them engaging enough. They are of high quality, but they weren't for me, I guess.
In July 2017, I decided to schedule my test, that is the only way to get motivated and study harder. Here is what I did.
1) Create a new Facebook account only to follow CISSP groups. I didn't want any negativity, or drama in my Facebook Feed.
2) Started going through the group questions
3) Signed up for Luke's website
4) Joined Telegram group.
5) Cybrary Videos by Kelly
2) All in One by Shon Harris mainly for SDLC and end of chapter questions
3) Official Practice Questions Book
4) Sybex Test Bank questions,
5) Study Notes and Theory Practice Questions
6) Madunix Process Document. It helped me tremendously to seize in all the processes that I needed to know and all the attacks. In my opinion, this document is a must for anyone studying for the test.
Now, my life became filled with CISSP. Eat, Sleep, Breathe CISSP. Whenever I saw a question that didn't make sense to me, I would go back and research the topic. Read more, and learn more. During this time, I met many wonderful people on the Telegram group.
The great discussions made me change the way I think about CISSP. There I met stumbled upon Madunix and started following his posts on the group. That is when I realized I was studying the wrong way. Changed my way of approaching the topic and I felt that I was ready for the test and sat down first time on 9/19/2017.
When I took the first time, I went in with the mindset that I am going to fail. Oh boy... that didn't serve me well. At question 180, I gave up and wanted to leave the room, but I didn't because I felt I should sit and see what kind of questions are left. I got bombarded with networking questions and that domain was my weakest.
I finish the test, and I start reviewing, During the review process, I felt that I was changing my answers from right to wrong so I stopped and left the room. I get the print out, and my score was 695. What a disappointment. Left the center crying and contemplating the idea of not retaking the test. But many people who have been supporting my journey kept pushing me to reschedule. Fadi -AKA Madunix- was still posting his notes and he still believed in me. I scheduled a new date and ordered the CBK book. Here is what I did differently this time
1) Read Sybex again
2) Read CBK for the weakest domains
3) Read Shon Harris for SDLC
4) Downloaded NIST documents to help clear any concepts that I didn't get from the three other books.
5) Boson Tests questions --- They are technical. Scored about 75% on each test.
Whenever a topic wasn't clear to me in Sybex, I referred to CBK. If the CBK wasn't enough, I would search the NIST document corresponding to the topic. I asked questions and asked multiple people just to make sure I understood the topic correctly. I got a better grasp of the subject. But I was still hesitant, and fear was eating me alive. The test day arrived. Believe me, they tend to arrive and you want to postpone because you think you are not ready. I wanted to wait, but was told to go take the test as I was ready.
I arrived at the test center an hour earlier; Bay Area traffic is a nightmare. They let me in. The test starts, and my first 200 questions were harder than my last test, not a good thing. I wanted to take break, but changed my mind. I flagged about 15 questions but kept going till I got to 250. I had about 208 minutes to go. Had a snack, and laid down on the chairs for a nap. Woke up refreshed and went back to the test. For the review time, I remembered the important things told to me by 3 different people:
1) Relax and enjoy the experience.
2) Think like a manager, don't fix a problem and respect the question. 3) Think about success and passing.
And that is exactly what I did. Relaxed, Reviewed, and Imagined "Congratulations".
During this journey, I have met many people who were able to clear the test while we were working together. I was very happy for each and everyone as I know how hard they had worked. I was afraid that I won't be able to clear on my second attempt. I was worried "I will Always be the bride maid and never the bride".
But Luke Ahmed said "This time you got the bouquet". He was right, I became the bride.
Trust yourself and enjoy the learning experience while studying. Having the appetite to learn is what drove me to working and eventually passing. Determination and hard work always win the race.
Special thanks to my family for their support during this journey