Hi, my name is YK. I passed my exam in Dec and eventually, I am here today. According to the members count, there are only 4,136 members in China and 1,968 members in Hong Kong. Given the whole 1.4+ Billion population in Greater China, it doesn’t seem like a whole lot. So, I am just highly curious about what other members do at work and where the knowledge has been applied to…
This is a brief intro about myself, I am in product/project/program management; I focus on sensors-based IoT but had been more on the hardware side. My MNC employer has a fairly low risk appetite, while I have to partner with companies of various sizes and knowledge levels to build IoT solutions for markets overseas. So CISSP basically beefs up my cyber risk management capability as a PM. (Honestly, I asked myself, why gone thru so much to use just so little…)
My most frequent question to my candidate project partner(s) would be to check how privacy data is being collected, computed, and transmitted across IoT sensors, edge, cloud, and dashboard; verified whether the data encryption level (at rest/in transit) has complied with a standard such as OECD and GDPR for the target countries; if major risks have proper treatment in SLA…etc.
So, how do you guys utilize your CISSP?
Thanks for pointing~
Congratulation on passing your CISSP exam. It's not a simple test; you must have dedicated yourself to studying for it. I was born in Hong Kong and raised in the USA. I reside in Los Angeles and belong to the (ISC)2 LA Chapter.
My profession is IT Infrastructure, and I have been in IT for over 30 years. I oversee my company's data centers, Infrastructure systems, servers, networks, and cybersecurity. We follow and use the NIST framework to drive our security practices, projects, policies, and governance initiatives. We have other departments that develop software, so domain eight does not apply to my team, but I continue to provide security guidance to our developers.
This is Sam who is originally from Hong Kong and currently in Taiwan.
I had the similar situation as you working on some IoT and other project. I had earn my CISSP, CSSLP and CCSP after I came to Taiwan and currently building up the application security team for a company.
I always said to my member, we need to apply the 8 domains across the CISSP in our daily situation. Setting up the Risk Management Framework, Identify the asset that need to protect, applying suitable control and technology, monitoring etc.
I think CISSP is not only the exam but it should be the baseline on how we could dealing with cyber sec issues.
Hi Sam -
I agree that CISSP is not enough, and I am pursuing my CCSP this year and CGRC next year. With ISC2, I would also like three certs, so my CPEs would apply to all of them, and you only have to pay 1 membership fee. This would be an excellent path for me since my role has been in IT management for 25+ years.
Ultimately, I want to pursue my C|HE cert, but will see what happens. Any suggestions or studying tips on the CCSP exam that you can share?
I am much older than you and YK so learning and memorization are SLOW. I ask myself, why didn't I pursue this 10 years ago? Well, it's never too late 🙂
Here is a picture of me and (ISC)2 CEO Clara R last month at our LA Chapter meeting. We meet monthly, and it has been a great community of Cybersecurity professionals. When I retire 🙂 I will probably want to do some volunteer work with (ISC)2.
Daniel K. Leung
I would say, CCSP is the one that easy to crack once you got the CISSP. The question foundations is same, but only a little bit of the cloud terms and some new workflows like data management lifecycle and virtualization vs container setting out.
For the method I used to crack the CSSLP and CCSP, I just go directly to the exam outline and write my own notes on it. Such method could help to investigating what you are not familiar on and google, currently ChatGPT, it later. I think this method could help and it would better for understanding.
Just like the certificate in ISC2, CCSP is not the one that you can pass if you remember everything, it always asking why you made that decision and how to control he risk only.
For the CEH, I am not really suggest anybody go for the EC-council certificates since the certification body is not that respect copy rights and original writings. If you had the needs, go to SANS. If you really want to learn some hacking techniques, I suggest you go forward to OSCP. For the practices on OSCP, Hack the Box would be a good start and it definitely helped me a lot on my tasks.
I am not sure my suggestion is good for you but, at least, I will go for the OSCP after I got all the CISSP concentrations in coming 2 years.
Just let me know in any channel and I am happy to share with you.
Hi Sam - Thanks for the feedback and information. Yes, SANS is another well-respected institute in Cybersecurity. I am attending the ISC(2) security congress this year in October, so looking forward to that and adding more CPEs.
By the way, these are the 2 main sources that helped me passed my exam, and they both have content for CCSP @dkleung :
1. Exam APP
2. YOUTUBE channel that structured my understanding:
(I liked how they scripted the mind map, very easy for me to absorb and recall.)
As you 2 might tell from my writing, except for the sensors based IoT product development projects I touched, I at least had 6 domains that looked like strangers to me when I was learning. And thanks @swh5a01 for the tips, I am also highly interested to pickup more hacking skills.
The apps is same as the OSG and it's practice questions. I think you could ignore it once you got the OSG. For the hacking skills, go to hack the box and you would definitely found another new horizon and it's fun