Study the CISSP on your coffee break! (I realized that that is one advantage of this weird, social media posting regime ...)
The CISSP is the Certified Information Systems Security Professional designation, the professional level certification for security in the field of computer, communications, and information systems, and the people who work in them. It is, of course, the people who write the exam and get certified.
The exam is fairly rigorous, not to say onerous. It's intended to do a difficult job: to assess the level of experience, and judgment and critical thinking, necessary to be a professional in a complex and demanding field. Many people who are preparing to write the certification exam choose to take preparations seminars, in order to ensure that they have the full background, and have the best chance of passing the examination and obtaining their certification.
I have facilitated such preparation seminars, and contributed material for such seminars, for multiple organizations, including (ISC)^2, the International Information Systems Security Certification Consortium, the maintainer of the CISSP certification and examinations, for more than twenty years. I have taught on six continents. A lot of the people who facilitate such seminars feel that they've done a good job if they get high marks on the evaluation forms filled out by candidates at the conclusion of the seminars. I always judged my facilitating on the basis of how many seminars I conducted where a hundred percent of the candidates actually passed the examination and obtained their certification. Over the years I had a number of seminars where 100% of the candidates passed, and there's even one *city* where every single seminar that I conducted had 100% pass rate.
The preparation seminars are not cheap. And they're not always available. And they're not all of the same quality, nor are the people facilitating such seminars. So, now that I am, ostensibly, retired, I figure it's time to do my bit in aid of the profession. So, I'm conducting a seminar, for free, in a rather unusual way.
I'm doing this seminar while I'm walking around town. In bits and pieces. Specifically, in little video segments, that I can then upload to various of the social media platforms. Since TikTok seems to be very popular right now, I'm including TikTok, and it's TikTok that seems to be the limiting factor. TikTok has a ten minute maximum limit for video clips, so I'm keeping the individual video clips under ten minutes. So, there are going to be hundreds of such clips, in order to cover the full forty hours of the material in the seminar. I figure it will take at least a year, and possibly two, to get the whole seminar done this way, but, once it's up, then all of you lot can use it, in any way you like, forever. Or, at least until social media, as an activity and as various companies, falls out of favor, and these various systems go by the board. Anyway, this seminar will be available for a while.
I'm posting the clips to YouTube, where my channel is, apparently, known as @TheRslade or TheRslade, and which I consider to be the central repository and most organized, and I've created a playlist for it, as well as the aforementioned TikTok, Fakebook (yes, I *do* have an account, but I only use it for emergency backup posting [even though Port Alberni seems to insist that Fakebook is the *only* thing on the Internet], so it isn't the best place to try and contact me), LinkeDin, and Instagram.
(OK, it's all done. As of 20241016, all of the seminar materials: the introduction [CISSP 0.xx], security management [CISSP 1.xx] , access control [CISSP 2.xx, security architecture [CISSP 3.xx], applications security [CISSP 4.xx], cryptology [CISSP 5.xx], physical security [CISSP 6.xx], BCP [CISSP 7.xx], Telecommunications and networking [CISSP 8.xx], operations security [CISSP 9.xx], and law, investigations, and ethics [CISSP 10.xx]; are recorded and posted.)
(Kind of bizarre to think that it has taken more than a year and a half, and roughly 450 individual video clips.)
Of course, I expect a number of people will simply follow along on the video clips, and do their preparation that way. However, I hope that some of you will take the opportunity to form study groups, watch the video clips together, and discuss them. Study groups, formed and operating over a period of time, allow you to prepare much better for the exam, and to bounce ideas off each other in order to more fully understand the principles of security, and form the appropriate attitudes to the security profession, which is really what the examination is trying to assess in any case.
Again, on YouTube, my channel is @TheRslade or TheRslade, and I've created a playlist simply called "CISSP seminar." The description for the CISSP seminar playlist also provides references and contact information and links for the other social media channels. It also provides links that I may need to make available in regard to study resources, such as the lists of questions that I have posted to the (ISC)^2 "community," and Ross Anderson's excellent text, "Security Engineering."
References:
(ISC)^2 no longer makes the CBK readily available. If you want a copy, do a Google search for “site:isc2.org cissp exam outline” and do some pruning.
Get various versions of the "Information Security Management Handbook" if you can find them.
"Security Engineering," Ross Anderson
Dictionary of Information Security, Robert Slade
Cybersecurity Lessons from CoVID-19, Robert Slade
References by domain http://victoria.tc.ca/int-grps/books/techrev/mnbksccd.htm
Reviews of study guides http://victoria.tc.ca/int-grps/books/techrev/mnbkscci.htm
There is a great bundle of other resources at https://start.me/p/b5epnR/free-or-near-cybersecurity-training
For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them.
I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.
So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel for the format and style of questions, and the overall level of "difficulty."
For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.
Good luck to those who are willing to put the work into a difficult profession. For those of you who are hoping to just get all the answers for the exam and pass it without much effort, you deserve everything that happens to you when you fail the exam.
Thumbs up! Thank you Rob for all you are doing for those who are (and will be) in this profession!
ReplyDeleteI'm effectively retired myself, but knowing this information is freely available (and from someone who actually KNOWS it) is very positive. Kudos to you Rob for taking this on.
ReplyDelete