Categories
Blog Cybersecurity

My CISSP Exam Journey

Here is a video about my CISSP exam journey.

I’ve just passed the Certified Information Systems Security Professional (CISSP) Exam…

Get the full ‘My CISSP Exam Journey’ free video here.

I’ve just passed the Certified Information Systems Security Professional (CISSP) Exam, which was significantly updated on 1st May 2021. In this 30-minute video I will cover:

  • The official CISSP course and course guide;
  • The 8 Domains of CISSP, and how to take stock of your knowledge of them;
  • The official practice questions and the Study Guide;
  • The CISSP Exam itself; and
  • Lessons learned from my journey.

I wish you every success in your CISSP journey: it’s tough, but you can do it!

To get a full course on what’s new in all eight Domains of the CISSP Exam outline (for FREE!) Click Here.

Transcript: My CISSP Exam Journey

Hi, Everyone,

My name is Simon Di Nucci and I’ve just passed the new CISSP exam; for those of you who don’t know what that is, that’s the Certified Information Systems Security professional. It’s new because the exams have been around a long time, but the syllabus and the exam itself have undergone a significant change as of the 1st of May this year. I’m probably one of the first people to pass the new exam, which I have to tell you was a great relief because it was really it was a tough exam and it was tough preparing for it.

It was a big mountain to climb. I am very, very relieved to have passed. Now, I hope to share some lessons with you. When I mentioned that I passed on the cybersecurity groups on Facebook and LinkedIn, I got a huge response from people who appreciated how difficult it is to do this and also lots of questions. And whilst I can’t talk about the specifics of the exam, that’s not allowed, I can share some really useful lessons learned from my journey.

Introduction

So I’m going to be talking about what I did:

  • The Official Course, and the Student Guide;
  • How I took stock at the start of the revision process;
  • How I revised using the practice questions and the Study Guide;
  • Something about the exam itself; and
  • Lessons learned.

The Official Course

So let’s get on with it.  My journey was that two, or three years ago, the firm that I worked for decided that they wanted me to take the CISSP exam in order to improve our credibility when doing cybersecurity and my credibility.

I was sent on a five-day course which was very intense and it was the official book.is the official ISC2 course. And that was several hundred slides a day for five days. It was very intense. And as you can see, the guy that you get with a pretty hefty eight hundred pages of closely packed and high-quality material. I was taught by someone who was clearly a very experienced expert in the field.

It was a good quality course. It cost about $3,700 (Australian). I think that’s about $2,500 (US). In terms of the investment, I think it was worth it because it covered a lot of ground and I was very rusty on a lot of this stuff. It was it was a useful ‘crammer’ to get back into this stuff. As I said, [the Study Guide is] 800 pages long. I’ve done a lot of revising!

Practical Things

Let’s put that to one side. The course was very good, but of course, it takes some time out of your schedule to do it. You need the money and the support from your workplace to be able to do that. There are now online courses, which I haven’t been on, I can’t say how good they are, but they are cheaper and they’re spread out. I think you do a day or two per week for a period of several weeks.

And I think that’s got to be really good because you’re going to have more time to consolidate this huge amount of information in your head. No disrespect to the face-to-face course. It was very good. I think the online courses could be even better and a lot more accessible.  That was the course. Now, I did that in November twenty nineteen and I intended to do some revision and then take the exam probably in early.

In March, April 2020, global events got in the way of that and all the exam centers were closed down. I couldn’t do that. Basically, I sort of forgot about it for a period of months. And then at the tail end of 2020, as things began to improve here in Australia at least, we’ve been very lucky here, exam centers reopened and I thought, well, I really should get back and, you know, try and schedule the exam and do some revision and get on with it.

Exam Preparation

So I did. And starting in the January of this year, I got my management agreement that I would spend one day a week working from home, revising, and that’s what I did. Given that I took the exam in the middle of May, that’s probably 18 full days of revision going through the material and I needed it. Originally, I was going to take the exam, I think, in early April, but I realized at the end of March that I was not ready and I needed more time.

So I put the exam date back to the middle of May. And it was only after I’d done that that it was announced that the syllabus of the exam was changing quite significantly. That was a, you know, extra work then. And fortunately. They. They brought out the official guide to the new exam, and I realized that quite a lot of material to learn. I went through and for example, there are eight domains in CISSP.

And for example, here’s domain number two, asset security. In the pink, I have highlighted all the new things that are in the 1st of May Edition syllabus that were not in the 2018 syllabus.  and I went through all of these things and there are quite a few in almost every domain except the first one. There are significant changes.  I had to do a lot of extra revision because the syllabus had changed, but nevertheless, it was doable.

To get regular updates from The Safety Artisan, Click Here. For more introductory lessons Start Here.

Categories
Blog Cybersecurity

CISSP 2021: What’s New?

In this course, ‘CISSP 2021: What’s New?’, I look at the significant changes made to the CISSP Official Exam Outline (the course syllabus). You can now get this entire course for free here.

What You Can Learn

  • What’s new in the CISSP Curriculum, from May 1st, 2021 (next update in 2024)
  • There are still Eight Domains – D1, D3 & D7 are still broader in content than others.
  • Very small changes (+/-1%) to the weighting of two domains.
  • Notable changes to all domains, except D1.
  • As of late 2019, some of the changes were Already in Official Course (AOC), i.e. the Student (course) Guide; Study Guide; and Official Practice Tests.
  • D2: Resource types and data activities listed (AOC);
  • D3: Fourteen designs/solutions listed (50% AOC); and thirteen cryptanalytic attacks listed (some AOC);
  • D4: Lists several new network architectures;
  • D5: Additions to all existing sub-domains & new 5.6 on authentications systems;
  • D6: More detail on security test output and reporting;
  • D7: Minor changes to 6/15 sub-domains; and
  • D8: More detail added to all sub-domains.
This is the Introduction & Foreword to the full three-hour course.

Who is this Course for?

Students wishing to become Certified Information Systems Security Professionals.

Are there any Prerequisites?

I designed this course to help students prepare for the current (2021-2024) version of the CISSP Exam. It does not replace the official ISC2 course materials, but it will help you get the most out of them.

CISSP 2021: What’s New?

I’ve just passed the new version of the CISSP Exam, and I created this Course to help you pass as well!

This course describes the changes to the Certified Information Systems Security Professional Exam Outline. Now, CISSP has been around for quite some time and the previous version of the course syllabus was established in April 2018.  In 2021, ISC2 updated the Exam Outline significantly.  In this course, I’m going to go through all of that material for you and show you what has changed, in detail, to help you with your revision.

Here, I give you an overview of what’s changed and how this material has been developed for you.

In the course, we’re going to cover all eight domains from ‘Security and Risk Management’ all the way through to ‘Software Development Security.  The CISSP is a very broad course and it covers all sorts of things like physical security and fire prevention right through to some more detailed technical stuff on the workings of the Internet, software development, and security testing as well.

There have been significant changes to all of those domains except one. (There’s a small change to number one, as we will see, but it’s not huge.) However, Domains 2 to 8 have all gone undergone significant changes.  (Some of those changes were already in the official course material, in the study guide and some were already in the official practice tests; we will cover that too.)

Course Creation

Also, I wanted to let you know what I’ve done to create this course.

I went on the official five-day course, which cost about $2,500 (US), where we went through hundreds of slides per day.  You get a course guide with it, which is 800-pages long.  There is a lot of good material in there, an awful lot to learn.  In addition, I’ve also been through the official study guide, which is 1,000 pages and contains quite a lot of material that wasn’t in the official course. 

Then there is the CISSP glossary, which is about 50 pages and that’s got over 400 definitions in.  (The glossary is not so much use. It seems to be quite out of date to me. There are a lot of definitions that you don’t need and quite a few that you do need that are missing.) 

The bibliography lists 50+ references for you to read.  You shouldn’t have to read 50+ books and standards!

Just the first two are 1,800 pages long.  So it’s an enormous hill to climb without some guidance to help you where to look.  I’ve included page numbers for the Official Study Guide – where it covers the material we’re going to talk about.  However, even the Study Guide doesn’t cover everything – as you will see.  So, I’ve been online and looked up the information to get you started.

Links to CISSP 2021: What’s New?

(Learn about my CISSP 2021 Exam Journey here. That course is also FREE.)