+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #1

    Default CyberCop's CISSP blog

    Hi everyone,

    I've come over to this side of the forum after passing the OSCP - blog here: CyberCop's OSCP blog

    I'm very humbled and excited to have passed this as it was something that months ago I couldn't even imagine achieving it. Now I'm onto my next challenge and it's the CISSP.

    I'm from a more technical background and so the main challenge I think for me is the management side of things, and the business type stuff in the CISSP.


    My Resources

    I have bought the Sybex CISSP Book - 7th edition and also the question book too
    Also Eric Conrad's 11th Hour - the small one

    It's very likely I will buy the bigger book by Eric Conrad after I finish the Sybex one. I'm hoping by that stage to have a 50-60% knowledge of the CISSP material, and can top it all up by reading the Conrad book and doing questions.

    I have signed up for BOSON questions too and will also listen to Kelly Handerhan's MP3s in the car.


    My Plan

    I hope to be exam ready by 15th April 2018. That is currently 83 days away from today. The reason I chose this day was that it was around 3 months from the first day I started my studies.

    I plan to put a lot of work in:

    Monday-Friday: around 10 hours
    Saturday-Sunday: around 10 hours
    TOTAL per week: approximately 20 hours

    I've not booked the exam yet but was very tempted. However I wanted to start studying first to see how I get on. I'm half thinking I may even be exam-ready before April but want to give myself some breathing space.


    My Learning Strategy

    I'm not too sure on how best to approach this to be honest. I think I will read and highlight bits from each chapter of Sybex. I will then write this up onto posters with diagrams and key words/points to remember.

    I will probably take notes along the way too.

    As stated I plan two read throughs - one on Sybex and one with Eric Conrad. I will also do lots of questions too, to try to identify knowledge gaps and try to get myself into the right management mindset.


    Thankfully I have no children and a good job that means I can finish work at 3pm and can get home to study early. Also I can easily take days off from work so plan to take either a full day or half day off every 7-10 days roughly, just to fit in a full day of work.

    I'm planning on moving house at some point, so will potentially be trying to sell/buy somewhere. This will probably cause some distractions but I hope to finish the CISSP before I actually move so hopefully it won't be too big an issue.

    ...

    Will post next on my progress so far.

    Thanks for reading!

    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2015
    Location
    UK
    Posts
    111

    Certifications
    CISSP, CISM
    #2
    Looking forward to hearing about your progress. Looks like you’ve got a nice detailed plan.

    I know you probably will, but get your exam booked as soon as possible. It really helped me focus and stick to my study schedule.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #3
    UPDATE #1

    Domain: 1
    Chapter: 4
    Current Page Number: 131
    Confidence Level: 15%

    I've made a good start over the last couple of weeks. Some parts of CISSP are incredible frustrating, mainly the NON STOP overload of Acronyms. It's like every single phrase has an acronym. It's pretty exhausting! I've also found it challenging where it lists 5 things to remember... then it says, Number 2 on that list has 3 parts..... then it says, you should remember that A/B/C etc.. so it's basically a massive list of different things to remember.

    I found Sybex a bit confusing with regards to way the BCP was written up after the Quantitive Risk Assessment and the other bits. It almost sounded a different process until I started reading on and discovered it was just a part of the same kind of thing, just a wider description. I'm keen to read about this in another book to make sure I understand properly.

    I'm no onto Chapter 3 which is still Domain 1. This is all about law. As someone from the UK it's quite alien some of it. It's also quite difficult to follow as it's Law 1 1986 was made up... it was amended in 1987, then this law was also made... and then two other laws were made... etc.. so it's a lot to try to remember and take in.

    It's going ok though, my biggest improvements are in gaining the right mindset, I am starting to visualise a bit now on the way CISSP and the related areas can fit into a business, especially around Risk assessment/BCP.

    This weeks aims: Get to page 200
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #4
    UPDATE #2


    Chapter: 6
    Current Page Number: 191
    Confidence Level: 24.3%

    It's been a good week and I've put a fair amount of work in. I went back to the beginning of the Sybex book and write out all the bits I've highlighted into a notebook which I should have done from day one. It wasn't too bad and I learned form re-reading the highlighted areas. I also skipped some chunks of it which were either obvious, unimportant (in my view) or that I knew 100% already and it was pointless noting it down.

    I'm now up to Chapter 6 which is page 191.

    One thing about the Sybex book I've found is that the descriptions of System Owner, Data Owner, Data Custodian, etc... are really poor. It just seems to go on to a needless extent and is also very confusing. When I wrote down the notes, I actually referred to the larger Conrad book which is 10x more clearer on the description.

    I've realised that the law section may not be worth learning page-by-page. That was thanks to info online and also on this forum. I've picked out that certain laws and things continually come up and are obviously important, notably SOX, Safe Harbor/EU Data Protection Directive.... HIPPA, GLBA etc... So I'm learning those ones 100% and moving on.

    I'm now about to start the Cryptography sections. I don't know it all, but it is more technical than all the BCP stuff I've covered so I hope to really sweep through that section and be more efficient with it.

    I've started using my Sybex Question book and that's really good and very helpful. I was getting 50% write but it's gone and up. Some of the things I was getting wrong I didn't know, but also some because I just didn't understand the question properly. The questions (and maybe the exam) seems to be a crazy game with your brain. It's frustrating as I just prefer to see an answer that 100% is the right one... not where the answer is right because of the way the question is phrased, asked or the tone of it. Maybe it's an exam of interpretation which makes sense as everyone says it's about technique.

    I'm doing about 30-40 questions per day. Any I get wrong I'm reading briefly, and making up a hand written queue card.

    My plan is to try to finish the Sybex in the next 7 weeks, and I've made a study plan, part of which is shown below:

    cissp.jpg


    Hopefully, if I finish the Sybex book as scheduled, I will have 4 extra weeks to go through the whole of the larger Conrad book and do more questions.

    Days until Proposed Exam Day: 76
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2017
    Posts
    359
    #5
    I didn't use any of the paid practice exams. Just used the one's in the back of the chapters in the Sybex book and the one's you get access to on their site. Honestly, they didn't really help me much though. I stuck to doing flash cards and white boarding to reinforce the concepts.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #6
    Quote Originally Posted by ITSec14 View Post
    I didn't use any of the paid practice exams. Just used the one's in the back of the chapters in the Sybex book and the one's you get access to on their site. Honestly, they didn't really help me much though. I stuck to doing flash cards and white boarding to reinforce the concepts.
    Thanks for the advice.

    I'm also using flash cards, and also writing out some things on posters. That's on top of notes and videos.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #7
    UPDATE #3 - END OF WEEK 2


    Chapter: 8
    Current Page Number: 267
    Confidence Level: 31.7%

    Stuck to my study schedule and covered Chapter 5, 6 and 7 this week from the Sybex book. This covered:
    • Labelling Assets - this was quite easy
    • Cryptography
    • Hashing
    • Digital Signatures
    • etc....
    It was harder than I thought as there was many new terms, and also although I knew most of the things as a concept, I didn't understand their inner workings. Kelly Handerhan's videos are very helpful and this chapter I used them a lot.

    Cryptography is a massive area, I can see why some say have kept in it's own dedicated Domain.

    I'm making lots of cue cards but not using them too much yet, I probably will in a few weeks as I start to forget some of the earlier stuff - happening already to some extent. I'm doing questions most days and making sure I cover earlier chapters so that I keep re-enforcing the content.

    I'm continually getting questions about Data Custodian, System Owner, Users, etc... wrong. The Sybex book did a terrible job of explaining this I feel. I've said that before, but seriously, it's massively confusing and stupidly unclear.

    Plans for this week

    Chapter 8 -----> 39 pages
    Chapter 9 -----> 67 Pages
    = 106 pages

    I have Thursday off work to study, and also the entirety of next weekend.

    Days until Proposed Exam Day: 68
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jun 2008
    Location
    Wherever i lay my hat
    Posts
    198

    Certifications
    CEH v9,MCSA 2012, MCTS SCCM, VCP 5, MCP, ITIL v3
    #8
    You've really motored well done mate always good to see a fellow UK native on the same course as myself! but where do you even find the time lol are you F/T or have kids ? I try in fit mine in and around my lunch and a few hours when everyone is asleep im only on chapter 3 and they are dull as hell so so dry
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    399

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP
    #9
    Quote Originally Posted by wayne_wonder View Post
    You've really motored well done mate always good to see a fellow UK native on the same course as myself! but where do you even find the time lol are you F/T or have kids ? I try in fit mine in and around my lunch and a few hours when everyone is asleep im only on chapter 3 and they are dull as hell so so dry

    Time is always a hard resource to manage... I can easily manage to study for CISSP or other certifications (I did 4 last year), with a 55h hour work week, 1 SO and 1 child (10 y old). It is a matter of choice. I don't have much hobby, friends , and I don't watch a lot of TV, so I can find about 8-10 hours a week without my making my SO angry And when I am on the last weeks before an exam, I can do 20 hours a week.

    Time is always based on choice.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #10
    Quote Originally Posted by wayne_wonder View Post
    You've really motored well done mate always good to see a fellow UK native on the same course as myself! but where do you even find the time lol are you F/T or have kids ? I try in fit mine in and around my lunch and a few hours when everyone is asleep im only on chapter 3 and they are dull as hell so so dry

    Haha, thank you! I don't have kids, just a partner. We are in the process of trying to sell our home but that's not having much impact. I'm keen to try to finish all of this before we actually do have to start moving, then studying will have to be put to one side.


    I finish work at about 330 which is good - and I can get home and study for about 430. I also try to take half a day off per week for studying, or sometimes a full day off, although that can be less productive as I feel more burned out doing that.


    I do think less is more... as in it's better to do 90 minutes per day, rather than 6 hours twice a week.


    Also I can sneakily do a bit of reading from a PDF version of Sybex I have in work. Then people think I'm just reading a work document... but actually I am studying a bit




    Quote Originally Posted by SteveLavoie View Post
    Time is always a hard resource to manage... I can easily manage to study for CISSP or other certifications (I did 4 last year), with a 55h hour work week, 1 SO and 1 child (10 y old). It is a matter of choice. I don't have much hobby, friends , and I don't watch a lot of TV, so I can find about 8-10 hours a week without my making my SO angry And when I am on the last weeks before an exam, I can do 20 hours a week.


    Time is always based on choice.

    Yea it is hard. My social life has taken a bit of a backseat. I cancelled the Sports channels on my TV and that's meant that I'm now unable to spend all day just watching sport and not doing anything productive.


    My partner works evenings sometimes, so that's good for studying as I can just sit at the desk and read for a few hours.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Feb 2017
    Posts
    173
    #11
    UPDATE #4 - END OF WEEK 4

    Chapter: 10
    Current Page Number: 390
    Confidence Level: 36.8%

    Well, been a difficult couple of weeks and for the first time I fell behind. That was due to some sleep issues I was having, but also because Chapters 8+9 were just so long and mind numbingly boring. As a result, I spent two weeks covering 8+9 rather than just one week. I was also getting quite distracted by some other personal projects i've got going on. I've had to really stay disciplined and force myself to get back to studying. Once I do this, I'm fine and I can carry on without too many issues.

    So Chapter 8+9 were about securing assets such as Mobile Phones, looking at the rings of security, BYOD policy, multiprocessors/multithreading, etc.... a lot of very random subjects I felt. Quite hard to read as there was a lot of different content, every two pages it seemed to jump to another category.

    Plans for this week


    Chapter 10 -----> 36 pages
    Chapter 11 -----> 70 Pages
    = 106 pages



    I have today off work so hoping to try to read through about 50+ pages and highlight important bits. I will re-read the highlighted bits later in the week when I write out all the key bits into a notebook. I will also do questions on top to try to cover all topics covered so far especially ones in the coming week.

    Days until Proposed Exam Day: 55 days
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  13. Member
    Join Date
    Feb 2009
    Location
    Dayton, OH
    Posts
    58

    Certifications
    SSCP, MCSA: Windows 7/8/10, CASP, Net+, Security+, Server+, A+, Cloud+, Project+, Mobility+, ITIL Foundations, MOS: Excel, Outlook 2010
    #12
    Chapter 9 is brutal.....It took me so long I was pretty sure I had a birthday and missed it.....LOL

    I think you are doing well.....setbacks and such are to be expected. A lot of info coming up in the Communications and Network Security sections so be ready.....not a bad section, just a lot to take on.

    Keep up the good work and stay with your plan!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks