Monday, 29 December 2014

CISSP Lessons learned

When I was getting ready to start studying for the CISSP exam, I was told by others the exam is a mile long and an inch deep. Now after taking and passing the exam, I can verify the assumption personally. Initially I was overwhelmed with how much information one was expected to learn "remember", but as I began to study I realized one important element; understand concepts and the rest will work out, which held true for me during the exam.

In today's age one can’t be required to remember everything; there is so much information that most of us can’t physically do it, other then what we do on a regular basis as it is reinforced by repetition. What are easier to remember and comprehend are concepts, for example how PKI works, or what’s the purpose of a DMZ, or how a firewall works.  Understanding the concept of public key cryptology is more beneficial then knowing that RSA has so many bits; a person can just do a quick look up for the bit size of RSA.  The reason is that on the CISSP exam they don’t go into great detail but ask questions at a bird’s eye view.  In my opinion CISSP is not a technical certification, but a certification that has a broad body of knowledge that helps pull everything together.

So what do you need to pass the Exam?

1.      Experience, The CISSP exam really does leverage a person’s experience and being exposed to multiple technologies and methodologies etc.  This will be your greatest asset. 

2.      A good study guide, Experience is good, but not all people have worked in all the domains for the CISSP exam.  I used the CISSP for Dummies and Shon Harris Book; it provided information on areas I was weak in and helped reinforce sections that I was already strong in.

3.      A testing tool, ISC2 has a testing engine as well as others like CCCURE.  This was immensely helpful, as it helped identify areas where I was weak and needed more work.

4.      Stamina, the CISSP exam is an endurance tests, read all the questions very carefully, don’t rush you have 6 hours, and most likely you won’t use all 6 hours.

In closing writing the CISSP exam was an overall positive experience for me, I have joined an amazing security community, I have been able to put my technical experience to the test, and I have found out I really do love the security field in IT.

Received my CISSP

On December 23rd, 2014 I received my official notification that I am now CISSP certified. In light of this fact, I will now be changing this blog to focus more on Security.