cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Champion

I earned a CISSP and much more....

For the past 22+ years, I have always had a security mindset.  Running security reports on Novell servers and cleaning up the dead wood (users and rights) was just part of the service provided.

 

Nineteen years ago I moved to a regional bank and helped build and rebuild its directory structure.  In addition, for over a decade I secured the on-prem Commercial Internet Banking application.  VMware, Firewalls, PKI and patching were my responsibility.  Security was always top of mind.

 

Two and half years ago they expanded the IT security team and I applied.  During the interview, I told them I would earn a CISSP.  I have been full-time Security Engineer since then. 

 

I passed the CISSP test in October 2016 on the first try and started earning CPE's in February 2017.  To date, I have 94 A and 6 B CPE's on the books. 

 

My advice is to document a CPE as soon as it is earned...don't wait.  

 

Studying and passing the CISSP has had a dramatic effect on my vocabulary. 

 

I no longer talk about code, companies (Cisco, VMware) and products.   Now discussed are business processes, risks, and controls.   The security triad is frequently brought up to explain an idea or a position.  

 

At ISC2 Congress I took the CCSP class and a week later I passed CSA's CCSKv3.  In two weeks I will take the CCSP test.  In December the CSA CCSKv4 will be available and I plan to take it as well.

 

I have been on quite a roll of working, mentoring, training, studying, and testing.  Everything feels fresh and new again.  

 

Please send my thanks to everyone at (ICS)2 and let them know that their work truly makes a difference in many peoples lives.

 

Paul

10 Replies
Viewer

Re: I earned a CISSP and much more....

Hi,

 

Congrats on passing your CISSP. Can you share your experience on what study materials/training you used, how long it took to prepare, etc.

Thanks.

Community Champion

Re: I earned a CISSP and much more....


@lagbajabb wrote:

Hi,

 

Congrats on passing your CISSP. Can you share your experience on what study materials/training you used, how long it took to prepare, etc.

Thanks.


My pleasure...

 

***** Starting in April 2016 I took the free Cybrary.it CISSP course by Kelly Handerhan

 www.cybrary.it/course/cissp/  

This is a really well done course.

 

Over the next seven months I would study four to eight hours a week.

 

** I worked with the CCCure practice tests but that was only good for a vocabulary check.

 

**** Quizlet and Mindmaps for the CISSP were also good to work on domains that are not used often or primary to your current job.

 

**** I reviewed the CISSP All-in-One Exam Guide, Seventh Edition All-in-One and used the questions in the book to check my progress.

 

***** Late September I took the SANS MGT415 with instructor Seth Misenar. This six day boot camp with the evening talks was about 55 hours of training.  

 

**** Twice I practiced for the GIAC GISP and reviewed the missed questions.  Why did I miss them, what did I miss or what did I need to learn?

 

**** I took and passed the GIAC GISP exam (similar to the CISSP common body of knowledge) 10 days after the boot camp.

 

**** Eleventh Hour CISSP, Third Edition: Study Guide, this was a great guide to review in the weeks before the test.

 

A week after the GIAC GISP, I took and passed CISSP exam.  I did not tag or review any questions during the CISSP.  I found that during my practice testing I have a 65% to 70% chance of changing a right answer to a wrong answer.

 

I took one break during the CISSP exam at question 150.  By question 180 I knew I had failed but continued on to get more experience.  When I was done and hand scanned out to the testing area I walked up to the front desk for my paperwork.  

 

They handed me the paperwork and I read the first paragraph three times, like a test question.  I did not understand it...did I fail?  It looks like I passed.  I handed it back to the proctor and asked, “Did I pass?”.  

 

The proctor said I passed and handed me back the paperwork.  I sat down and read it all.  Then I thought, “I will gladly pay (ISC)2 $85 every year for the rest of my life.”

 

***** Great

**** Good

*** Fair

** Poor

* Avoid

Tags (2)
Community Champion

Re: I earned a CISSP and much more....

I can say that when I was preparing for the exams, every time I took a practice test I focused on the wrong ones and why did i get it wrong?

Was it:

a) Technical error. I needed to study more of the technical details of the item in question.

b) Thought process error. I justified to myself why my choice was better than the right choice.

c) Lack of managerial experience error. Given more managerial experience I would have chosen the right choice.

d) something else.

As an IT specialist I knew I would fight the test but I had to change my point of view to look at it from the managers point of view. That is one of the tips I would offer.

 

Community Champion

Re: I earned a CISSP and much more....


@CISOScott wrote:

I can say that when I was preparing for the exams, every time I took a practice test I focused on the wrong ones and why did i get it wrong?

Was it:

a) Technical error. I needed to study more of the technical details of the item in question.

b) Thought process error. I justified to myself why my choice was better than the right choice.

c) Lack of managerial experience error. Given more managerial experience I would have chosen the right choice.

d) something else.

As an IT specialist I knew I would fight the test but I had to change my point of view to look at it from the managers point of view. That is one of the tips I would offer.

 


CISOScott,

 

That is an excellent way to examine a failed practice test question.

 

Paul

Newcomer III

Re: I earned a CISSP and much more....

Good story Paul, I wish you continued success in your career.

Viewer II

Re: I earned a CISSP and much more....

Paul, what do you think of the new CISSP exam format - CAT?

Viewer II

Re: I earned a CISSP and much more....

Is there a practice CCSP exam I can purchase?

Viewer II

Re: I earned a CISSP and much more....

Hi there - I passed CCSP about a year ago now, adding it to my CISSP-ISSAP. I made a couple of notes at the time for a fellow CISSP who also wanted to do the CCSP.

Read these documents:

The (ISC)^2 CCSP study guide has been out for a while now. I haven't read it as it wasn't around when I did it so can't comment, but I did buy the CCSP CBK and read that. There is a lot of duplication in the CCSP CBK (which means you actually repetitively cover the same areas and learn it) and a large cross over with the NIST publications listed above. 

For the record, I used the Shon Harris book for my CISSP, I did a training course for the CISSP-ISSAP so used only (ISC)^2 study notes, and for CCSP I did a training course after reading the CCSP CBK. 

Across the 3 exams there is one things that strikes me - it doesn't matter how long you've been working in IT and security, the exams always manage to throw up questions about topics you won't have come across. IMHO I think this is deliberate and deviously brilliant. I believe they want you to apply your security knowledge to these areas to demonstrate you can apply what you've learned in a realistic fashion. In other words, you will come up against things you do not know the answer for and hasn't been covered in any training or books - apply what you've learned and think it through. I think this is a wonderful approach to take (assuming my suspicions are correct of course!). 

Good luck with your studies everyone. 

 

Viewer II

Re: I earned a CISSP and much more....

Thank you very useful information