It’s about being a CISSP, but not in a day. It’s a journey!
One thing I learned in this journey is that in a scenario, consider the wider perspective, the bottom-line, the value, the impact, guided by your options with some due care. Your situational awareness, paying attention to detail, not making assumptions and doing by the book is required. I can’t emphasis enough how understanding and managing risk is important.
Being a CISSP is a state of mind. Its all about systems as it is about security. There is a reason why Risk Management and Security was the first domain since earlier CBK versions. Security investments are purely based on risk. In my perspective all other domains are important but key thing to notice is that when they seem to overlap, it becomes something that you should consider gold.
I made a decision to take the CISSP exam whilst I was studying CCNA CyberOps mainly because the Security Operations domain is almost aligned to the SecOps and its helping a lot.
Important things to remember
1. To maximize your limited time, indulge with the CISSP Candidate Information Bulletin (CIB), the most important thing to get you up to speed in terms of the actual domain components. The CIB is the shortest summary of the CISSP Common Body of Knowledge (CBK). I used the CBK only for refence, I believe CBKs including the PMBOK are never meant to be exhausted several times (although others can make time for that) but the CBK make a great reference guide when coupled with other guides.
2. Domains are intertwined and trying to dissect them can help you find shared concepts across them. One thing that helped me prepare was being part of diverse study groups with participants across the globe and I got asked by several folks as to which domains I felt was important. Its still the same answer, where they overlap!
When you really have to be a CISSP I was geared by one quote from Luke Ahmed (CISSP), shared a few days before taking my exam: “Motivation is for those who haven’t decided or don’t know what they want. Discipline and dedication is for those who know what they want” Once you decide to enjoy the ride to be a CISSP, start your journey remembering CISSPs have a community of diverse security professionals who are devoted to promoting the understanding and acceptance of prudent information security measures and furthering the profession. I would like to take the opportunity to thank all members of the Study Notes and Theory group. I was inspired by the motivation you gave to everyone getting any challenge in any area. I read testimonies of people attempting six times to be a CISSP but they made it. It’s never a walk in the park. They worked for it. Once you decide to take the challenge, just remember you are not going to be the first one to fail. I am wishing you Good luck and at the same time advice you never to think this is about luck.
You need a study plan, I should repeat at this point that it’s not about luck, being a CISSP is a state of mind! You will need endorsement of one CISSP who can vouch for you.
If you read this far, you too can become a CISSP. If you are not already one, come join the community. I am not allowed to discuss exam questions. That’s like the basis of the (ISC)2 Code of Professional Ethics and also one of the few ethical things you need to consider to be a CISSP. You will definitely be tested about the code of conduct or being ethical in general. The Study Material There is no best study material I can think of other than the two mentioned above, CIB and CBK. The Sybex Official guide is recommended by most people, some read it twice to absorb the content. If you can make that much time, fine. I only read it in its entirety once and used the CBK as reference. I also used several videos and several free guides including the MadUnix Process, several CISSP mind maps, Cybrary videos and guide, a lot other on Youtube and also Charles Sturt University & IT Masters webinars. I also used the official (ISC)2 Flashcards! The Study Notes & Theory group as well as the CCNA CyberOps Facebook group gave me a platform to air my views on different security concepts, trends, news etc amongst seasoned security professionals across the globe. If you want to see how far you know, try to explain it to anyone. You are lucky if they are not well versed in the subject matter. If they already know what you are talking about, you don’t want to embarrass yourself, but get ready to learn. As you read the CBK, notice how they differentiate roles. There is the Security architect, security professional, security practitioner and you should be in a position to pick any of those hats for a given scenario. So, you want to be a Certified Information Systems Security Professional, can you conceptually design, deploy and manage a secure information system at a risk-justified budget? Risk is important, your first domain in almost all study materials. I promise not to talk about risk again here! Last thing to remember The CISSP exam is not difficult once you can figure out what it is all about. Inside the exam room, make decisions like a CISSP, I can guarantee you that title in one sitting! After-thought: I am currently reading Cisco Press CCNA Cyber Ops SECFND & SECOPS Official Cert Guides written by three CISSPs, Omar Santos, Joseph Muniz and Stefano De Crescenzo.