CISSP EXAM PASSED SCHEDULE

 Took down the beast (passed CISSP) in the first attempt with 28 days of extensive studying.
Hi All,
I have been a silent follower of this group and read each & every passing CISSP post since June'20 the first week, therefore thought of sharing of my CISSP preparation journey with all of you. Sorry for the long post in advance
Background
6 yrs of total experience as an IT Auditor, currently working with a Big 4 as an IT Audit manager mainly looking after SOX / supporting Financial audits. Education-wise has done MBA in IT. Never worked/got exposed to Information security technical thingy as my work profile let me only focus on what would impact the financially significant data.
CISSP (PDCA Cycle..as that is what I would like to call it..my version - try to fit stuff in it..lol).


Plan
Thought of learning and gaining knowledge about information security as a field during the last week of May (as I knew work for will be a little bit on the lower side for entire June and will then pick up again.. the one's who are IT Auditors working in big 4 will agree with me that busy season never ends..lol) as I had heard many of my friends / senior colleagues at work getting this certification.
On 30/05, I decided to order an official study guide & official practice exam book (both can be bought together).
after reading a study guide, for a couple of days - I also ordered AIO (Shon Harris) 8th edition & its practice exam book (read on this forum that people do get that as well.. so I got it).


Do
Since, 01/06 I started studying the Official study guide. As indicated above I felt that it is a bit dry in the sense that even though I am reading it - but the brain is not grasping the concepts - so decided to order the AIO as well (as indicated above)
As I knew I had very short time (and I always got worried that people who were posting pass stores were minimum studying 3 months) - so every day I was trying to put in around 8-10 hours (12 to 15 hours in the weekend) of serious intense studying (waking up at 4:00 AM every day, studying till 9 AM and then start working. Then probably around 5:30 pm finish work, and get back to studying from 6 pm to 10 pm). My aim was to finish each domain in no later than 2/3 days. Also, the way I studied was first study the domain from Sybex and then study the same domain from AIO - 1) to grasp the concept 2) get to the difference in them and try to cover if missed in Sybex. (Although I only did this till domain 5 and then for domain 6,7 & 8 - I just did Sybex as I was able to understand from it).
After finishing each domain from Sybex, I did the questions which is in the study guide and then did around 50% of questions from the official practice test book (left remaining 50% for revision in the end)
Domain 3 & Domain 4 took most of my time to grasp conceptually.


Check
Once I finished probably 6th domain (the smallest one) I started doing questions available on the internet (e.g. Luke question on FB group, Wentz question). Also started following discord group (which is truly amazing) and started to answer questions put up there. Most of the time Luke's, Wentz questions I answered wrong (probably 90% of the times) however, was able to manage 50% in the discord group. For each question (right or wrong) - I did not focus on the right or wrong answer at all. What I focused on is
- why an option exists as part of that question.
- What does it mean? in which scenarios will this option be the answer
- Why a manager will not choose that option
Also, as I was finishing the studying of the 8th domain. I started
- revision of the concepts starting again from domain 1 (as by now I like forgot 90% of it)
- not look at the concept domain wise rather how they flow interdomain (small e.g. RMF in SDLC, Applying IAM for network devices, etc.).
Last the week which was w/c 22/06, I took off for the full week from work and was studying like 12/15 hours each day - trying to revise concepts, connect them interdomain, answering practice exams in official practice book.
On 22/06 - I booked my exam for 27/06 as I knew from 29/06 will not be able to focus on CISSP as work will pick up crazy and whatever I have studied will be a waste (and will not be able to revise and focus)
Thursday & Friday (2 days before the exam) I did not study at all (just minor revision) as I thought - time has already passed, whatever I could have done.. I should have done it already.. just relax and wait for the exam to happen.


Act
Exam day - reached the centre well before time. logistics were quick at the center and in 15 mins after going in, I was at my testing computer pressing start.
Without going into any detail, I would like to say it's very important to know the concepts (not deep at all, just basic) & how would they interrelate across the domains (this is significantly important). If you can interrelate concepts (without going into much technical detail of them like a a manager would do) - then I think you should be good for the test.
Finally, I passed at 150 Q with just 1 minute left on the clock.
Material recommendations
  1. for knowing what to study in a domain, how much to study (depth) - Sybex office guide
  2. for actually studying and grasping the concept and to interrelate - AIO
  3. Practice exam - Official practice exam is enough

Comments

Post a Comment

Popular posts from this blog

AWS Interview Questions?

AWS Well-Architecture Framework 1. Operational Excellence OPS 1: What factors drive your operational priorities? OPS 2: How do you design your workload to enable operability? OPS 3: How do you know that you are ready to support a workload? OPS 4: What factors drive your understanding of operational health? OPS 5: How do you manage operational events? OPS 6: How do you evolve operations? 2. Security SEC 1: How do you manage credentials for your workload? SEC 2: How do you control human access to services? SEC 3: How do you control programmatic access to services? SEC 4: How are you aware of security events in your workload? SEC 5: How do you protect your networks? SEC 6: How do you stay up to date with AWS security features and industry security threats? SEC 7: How do you protect your compute resources? SEC 8: How do you classify your data? SEC 9: How do you manage data protection mechanisms? SEC 10: How do you protect your data at rest? SEC 11: How do you pr...
Read more
      Domain 1 Emphasize Ethics Emphasize authenticity and nonrepudiation (properties of Integrity) Change “ global ” context to “ holistic ” context (legal and regulatory requirements) Move Investigation types here from Domain 7 Change SCA to Control assessments (security and privacy) Remove Asset valuation from risk management Mention Risk maturity modeling Use the term, Supply Chain Risk Management (SCRM) Mention social engineering, phishing, security champions , and gamification Domain 2 Use the term, asset handling requirements Move Provision resources securely here from Domain 7 Specify data lifecycle Emphasize asset retention (EOL, EOS) Identify Data protection methods Move Digital Rights Management (DRM) here from Domani 3 Domain 3 Specify secure design principles Identify 15 (add 7 more) vulnerabilities of architectures, designs, and solution elements. ( Microservices , Containerization , Serverless , High-Performance Computing systems , Edge computing s...
Read more

How To File Cybercrime Complaint Online In India : Step By Step Process

Image
                                                      Cyber crime Complaint Online In India This is how you can lodge an online complaint about cyber crimes God forbid, but if you are a victim of such fraud. The very first step is to open the website –   https://cybercrime.gov.in/ Step 1 – As you open the website, you will see the following prompt on your screen. You can notice, next to the home button tab, there are two other options – Report Women/Child-Related Crime and Report Other Cyber Crime. Step 2- If a woman or a child is a victim of cyber crime, then you can click this button. Upon clicking, you will find an option of Report anonymously and report & track. If you want to hide your identity then the ...
Read more