I am CISSP certified!!

First, I would like to thank MYSELF for all the hard work. For without my effort, patience and resilience, we wouldn't be here right now........

Ahem!!! Ignore me. I tend to kid alot!!

Seriously though...

If you’re in the network or cybersecurity industry, you’re probably familiar with the CISSP certification. Ah, yes! The vendor-neutral, brain-busting certification that makes even seasoned professionals question everything they know about cybersecurity. In my opinion, this is the toughest and longest exam I’ve ever sat for. Spending hours staring at a screen and answering over 100 questions is definitely not for the faint of heart!

To be honest, I set a deadline for myself—100 days to conquer the CISSP. Looking back, that was quite ambitious, as it actually took me about six months to fully study and prepare for the exam. I’m the kind of person who doesn’t like exam surprises, so I made it a point to study the official guide cover to cover and answer all the questions prepared by the ISC² team. This is the first recommendation I’d give anyone pursuing their CISSP.

So, what gave me the strength to read over 1000 pages of technical content?

1. Identify your end goal - This exam is designed for professionals with at least five years of industry experience. Not everyone can simply take this exam and claim the certification, as an endorsement is required from another CISSP-certified professional, like a manager. For me, I fell in love with the world of security while working at Cisco. It was exciting, even intriguing. I enjoyed having conversations with customers about cloud security strategies, identity and access management, the cyber kill chain, cloud security, and so on. This passion led me to set a primary goal: to achieve a vendor-neutral certification.

2. Set Aside Time: You’ll need to adopt a continuous learning mindset while studying for this exam. It’s almost like learning a new language—once you lose the flow, it’s gone. I made it a point to set aside time on my calendar each day to study the content and apply it to real-world scenarios.

3. Leverage Multiple Resources: While the official study guide is crucial, don’t limit yourself to just one source. I found that using a combination of study materials, including practice exams, video courses, and community forums, provided a well-rounded understanding of the concepts. Different perspectives can help clarify complex topics and reinforce your knowledge. I have added the list of resources I used in this post. Please feel free to explore other resources as well.

4. Join a Study Group: Studying for the CISSP can be a daunting solo journey, so joining a study group can be incredibly beneficial. Engaging with peers who are also preparing for the exam allows you to share insights, ask questions, and learn from others’ experiences. Plus, it helps keep you accountable and motivated. I joined the reddit CISSP group. Its inspiring to hear success stories, knowing that one day that could be you :-)

5. Practice, Practice, Practice: The CISSP exam is not just about memorizing facts; it’s about applying your knowledge to real-world scenarios. I highly recommend taking as many practice exams as possible. You can find so many resources online to help with this. So many CISSP certified professionals have posted youtube videos and blogs with helpful information. Use the internet, its your home! Key point as you practice, practice , practice - Identify your weak areas. One strategy I used to identify the weak areas were the practice exams. Take note of the questions you failed, then go back to the book and do some research.

   
   

My journey to passing this exam involved many sleepless nights, countless books, empty coffee cups, and more than a few silent prayers. But all that hard work paid off.

Here is a short list of what helped me succeed.

So, which resources did I use for my study?

1. OSG - Sybex - I read this huge book cover to cover, highlighting important points

2. ISC2 Practice tests - I did all the questions and practise tests

3. Destination CISSP on youtube - This provides a really good breakdown of the tops - make sure to take notes on each domain

4. Destination CISSP book - Available on kindle or as a hardcopy

5. How to think like a manager - CISSP

6. Boson tests - These were quite technically heavy. I do not recommend full dependency on these because, the exam needs you to THINK LIKE A MANAGER!, not a techie.

7. 50 CISSP questions - This guy helped me understand how to answer the really tough questions: https://www.youtube.com/watch?v=qbVY0Cg8Ntw

Based on the Sybex OSG, here is a quick breakdown with some links to my Github repo that has my short notes.

Domain 1: Security and Risk Management

• Chapter 1 : Security concepts | Security Governance principles | Threat Modelling | SCRM

• Chapter 2: Personnel Sec Policies | Risk Management concepts | Security awareness and training

• Chapter 3: BCP

• Chapter 4: Compliance | Legal and regulatory issues

• Chapter 19: Code of ethics | Investigation Types

Domain 2: Asset Security

• Chapter 5: Identify and classify information and assets, Establish information and asset handling requirements, Manage data lifecycle.

• Chapter 16: Provision resources securely.

Domain 3: Security Architecture and Engineering

• Chapter 1: Threat Modeling, Defense in Depth

• Chapter 7: Cryptographic systems and solutions, cryptanalytic attacks

• Chapter 8: Secure defaults, Fail securely, Keep it simple, Zero Trust, Privacy by design, Trust but verify, security models (e.g., Biba, Star Model, Bell-LaPadula), Select controls based upon systems security requirements, Understand security capabilities of Information Systems

• Chapter 9: Shared responsibility, Client-based systems, Server-based systems, Industrial Control Systems (ICS), Distributed systems, Internet of Things (IoT), Microservices, Containerization, Serverless, Embedded systems, High-Performance Computing (HPC) systems, Edge computing systems, Virtualized systems,

• Chapter 10: Design site and facility security controls, Apply security principles to site and facility design

• Chapter 16: Least Privilege, Separation of duties (SoD), Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))

• Chapter 20: Database systems

Domain 4: Communication and Network Security

• Chapter 11: Secure Network Architecture and components

• Chapter 12: IP | Implementing secure Communication Channels

Domain 5: Identity and Access Management (IAM)

• Chapter 13: Control Physical and logical Assess | Manage identification and authentication of resources | Authorisation mechanisms | Identity and Access Provisioning Lifecycle

• Chapter 14: Implementing Auth Systems

Domain 6: Security Assessment and Testing

• Chapter 15: Design and validate assessment ,test and audit strategies| Conduct security Control Testing | Conduct security Audits

• Chapter 18: Training and awareness | Disaster Recovery

Domain 7: Security Operations

• Ch. 10: Physical Security

• Ch. 16: Perform Configuration management | Security Operations Principles | Patch and Vulnerability Management | Personnel safety and sec concerns

• Ch. 17: Logging and Monitoring Activities | Incident Management | Detective and preventative measures

• Chapter 18: Implement Recovery Strategies | Disaster Recovery Processes | Test Disaster Recovery

• Chapter 19: Understand and Comply with Investigations

Domain 8: Software Development LifeCycle

• Chapter 17: SOAR

• Chapter 20 :Understand and integrate Security in the software Development Life Cycle.

• Chapter 21: Define and spply secure coding guideline and standards.

That’s it for today. I’m super excited to have achieved this milestone and to share my experience with others who are on the same path. It’s been a challenging journey, but the sense of accomplishment is well worth the effort. For anyone else preparing for the CISSP, stay focused, keep pushing through, and remember that all the hard work will pay off in the end.

Best of luck to everyone out there!