CISSP Study Plan – Day 53 of 55 | Process Thinking — 2 Days To Go
- Luke Ahmed
- 3 hours ago
- 3 min read
It's Day 53 of Yani's journey to the CISSP, which means there is only TWO days left. I remember telling him at this point to hammer the processes home. Yes the CISSP can be a technical exam at times, but it is also a process-oriented exam at heart.
The Process guide
Written by the legend of CISSP, Fadi Sodah aka Madunix, The Process Guide is beyond important. On the CISSP exam you have to think like a manager. Managers don't fix the immediate issue, they fix the "process". In order to fix the process, you have to know the process. The real exam will present you a scenario, and you will be tested to see where in the process there was a failure. The Process Guide is by no means an official list of processes, no document really provides that. It's just the general steps and some things to glance or skim through as you supplement your other studies.
Bottom line, if you know the process you know how to fix and recognize it when it's broken. The processes you mentioned in the email are good ones to know for sure (BCP/DRP, SDLC).
Download it here.
Remember: you should never trust hyperlinks on the Internet. Unless you have some strong technical preventative measures on your device already, you can always go to:
Then paste the URL of the link and it'll do a scan that provides results from security vendors' analysis tools. I always use it before going to links from unknown senders (and even known senders!)
Quick CISSP Practice Question
At Rymar Tech, a network engineer adds a new subnet to an existing IPSec VPN tunnel without submitting a formal change request or updating documentation. The configuration works initially but later causes routing conflicts and unintended access exposure.
What is the MOST appropriate long-term response?
A. Harden the IPSec configuration
B. Review the engineer’s compliance with policy
C. Re-evaluate change documentation
D. Temporarily suspend VPN changes
❌ A. Harden the IPSec configurationThe issue was not encryption strength. The breakdown occurred at the process level.
❌ B. Review the engineer’s compliance with policyFocusing on one individual does not address the systemic governance gap.
❌ D. Temporarily suspend VPN changesThis reduces short-term risk but does not correct the underlying weakness.
✅ Correct Answer: C
This is a change management failure. The long-term solution is to re-evaluate and strengthen documentation controls so similar bypasses cannot occur again.
Yani’s CISSP Study Plan
Yani and I worked closely together throughout his CISSP study plan, mostly over Telegram messages and then TikTok direct message. When something didn’t make sense, we addressed it immediately. When a domain felt weak, we reinforced it before it became a liability and snowballed into something bigger. At some point I could sense he was getting frustrated at my course practice questions, but he didn't give up!
Observing's Yani's dedication was fascinating from my point of view. How could someone with such limited time and resources, halfway across the globe, be this focused with dedication? It was my privilege to help Yani actually. I learned a lot from him.
Why couldn't everyone do this? Maybe I could help them do the same.
That idea has now evolved into Luke’s 90-Day CISSP Exam Accelerator Program.
Luke's 90-Day Exam Accelerator
Accountability. Commitment. Discipline.
For 90 days, we study side-by-side. We break down tough domains, expose weak areas early, and refine your reasoning until CISSP logic becomes instinct.
Month 1 – Completion
Identify strengths and weaknesses quickly.2× Live Sessions + Weekly Videos
Month 2 – Reinforcement
Practice question breakdowns. Real CISSP thinking.2× Live Sessions + Weekly Videos
Month 3 – Mastery
High-yield review. Exam-day mindset sharpening.2× Live Sessions + Weekly Videos
Only 10 students per cohort. Cohort-1 is already underway,
Cohort-2 registration will begin soon.
Give me 90 days of focus, and the rest of your career changes.
— Luke Ahmed
