Previous month:
November 2013
Next month:
March 2014

How I Studied For & Passed The CISSP

I got asked the other day at work on how I studied to pass the Certified Information System Security Professional (CISSP) back in Dec 2011. While I was relaying my experience, I made a few notes, and I figured it would be good to document the endeavor in a blog post.

AFC79C51-1617-4C5A-85ED-C70FE57E43BF

I think my main advantage was that I was able to get access to SANS Management 414 class via their self-study content using training dollars from work [direct link for more info].  While expensive, the 'do it on your own time' offering was much better for me than going to a class (which can also be expensive). 

One of the other key features that I liked about the self-study offering was there were seperate MP3s of all the sessions plus the online course review material.  This allowed me to binge listen to the audio content during my daily exercise, drives in the car, and while on travel (which happend about 5 times during my prep time before the test). The only bad news about all this 'listening' is that when I have a CISSP related nightmare I still hear Dr. Eric Cole's voice.

The package included printed slides for all the material (sync'd online to the audio feed): [Domain 1 - Information Security Governance & Risk Management; Domain 2 - Access Controls; Domain 3 - Cryptography; Domain 4 - Physical Security; Domain 5 - Systems Architecture & Design; Domain 6 - Business Continuity & Disaster Recovery Planning; Domain 7 - Telecommunications & Network Security; Domain 8 - Application Security; Domain 9 - Operations Security; Domain 10 - Legal, Regulations, Compliance, & Investigation], and a copy of the following book - "CISSP Study Guide" by Eric Conrad, Seth Misenar, Joshua Feldman. Also included was a series of pre-tests both online and paper and then a full practice test that was online.

Other books I used for reference included:

Once I went through all the material one time via MP3/Slides, I then deteremined when there was a class about 16 weeks/4 mouths in the future and signed up for that one.  I found it very useful to have a target date on the calendar to motivate me to block out time for studying.  I then spent every Off-Friday from work and ~4 hours each Saturday and Sunday studying the material up to the test week.  The test was on Tuesday and I pretty much studied full time Friday, Saturday, Sunday, and Monday before the test.  If my math is correct that was about ~250 hours of studying (not including the MP3 material listening which I continued doing during my exercise, driving, etc times up to the test).

In addition to the study reference material above, I also took a great deal of practice tests.  If there was a test I could take I took it. My prevous experience getting a Windows OS certification and Security+ was that there was a ton on of value in reviewing as many questions as possible. This turned into a a pretty detailed stats tracking on how I was doing and where I needed extra focus.  Here is the "final" view of my spreadsheet tracker I setup in Google Docs:

Cissp-test-tracking-1Cissp-test-tracking-2

The other thing I did that really helped was that any question I missed during any of the tests I took and turned it into a 3x5 study card.  I also kept the cards organized by the 10 major topic areas of CISSP.  This helped me really focus on studying the areas that needed the most work.  By the end I'm pretty sure I had 400 cards, and on the day of the text all I did before the test was drill through those cards.

What about the actual test?  Yes, it was very hard. Definitely the hardest test I've ever taken. I was the last one to leave taking up all but the last 5 minutes before the scheduled end time.  I don't know how well I did other than I passed.  And since that was the goal -- mission accomplished!

If you have any additional questions, comments, etc. then please let me know.

[Originally written on 2/24/2012 but updated 2/23/3014]


Some Recommendations For Headphones

Headphones

I am pretty happy with my Sennheiser HD202 headphones that I use at work, my Sony MDR-XD-200 that I use at home, and my travel  audio-technica Quiet-Point ATA-ANC7.  

I picked each one specific to issues I was trying to resolve where I use headphones.  The HD202 cover my ears very comfortably, but aren't so noise reducing that if someone knocked on my office door I would still hear them.  The MDR-XD-200 were 50% off, have excel sound quality, and are something you can wear for hours without much fatigue which is great for movies and audio editing.  The Quiet Points were cheaper than the Bose that I had before the were stolen, and fold up pretty well in thier protected case for travel.

Even though I'm content, I find it very interesting to get other folks opinions, suggestions, recommendations, etc. on headphones.

A recent This Week In Google (TWIG) [#234] recommended the following after discussing the recent ad during the Super Bowl for Beats:

Leo also mentioned that Headroom was a good site with more info.  And the Home Theater Geeks podcast have several very detailed podcasts in their library about headphones.  If you want to get very technical on headphones (and even some ear buds) these podcasts are highly recommended.

So ... do you have a favorite headphone? And why?