Today I passed my CISSP. It has been a good learning experience and exposes the need for security in day to day life. Over the years in IT, security is becoming more and more of a challenge, dealing with different attacks, manage firewalls and data, its imperative to understand and know these subjects. Now I need to sort out my endorsement and then certificate is on the way.
Congrats!
I am just curious, would you be able to share if you have faced any cloud, zero trust specific type questions? I am reviewing some questions here but don't see any sample questions from cloud or zero trust specific. Thx
Hi. Zero trust is a big thing in security at the moment so yes there are questions about that. Make sure you know about zero trust and how that works on a tech perspective and also a commercial perspective. In particular, access control mechanisms are important in this arena.
In terms of cloud it is important to understand how the cloud works, the platforms for example SAAS, IAAS etc and integrations between this and private systems which use IAM and OAuth. You will need to know everything in the books or training but a key thing is ensure you have the latest book/training. This is very important because there are some old frameworks which don't apply anymore and new laws/legislation for certain countries in the last couple of years.
In terms of experience, I have contracted around different companies in the last 10 years doing network security, active directory migrations to 365, hybrid exchange deployments with ADFS, MAC, RBAC and other access control models in the real world. I think this has helped me understand how to answer some of the questions as well as doing the training.
Thank you @funkychicken , for your feedback/insight and sharing experience. - much appreciated. This will be helpful to put right focus in these areas.
In terms of getting the latest book/training, do you have any recommendation for a latest book? Thanks.
Anything with the ISC2 trademark logo will suit. The best one would be the book and the question pack. In the UK it will be this one: https://www.amazon.co.uk/Certified-Information-Security-Professional-Official/dp/1394258410/ref=sr_1...
Be aware of some websites with questions on there because some of these questions no longer apply anymore. I only used the official course online.