Mastering the CISSP Mindset: A Guide to Success

The Certified Information Systems Security Professional (CISSP) certification exam is globally recognized as the most important certification in the information security market. The exam is designed to validate an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. Candidates must have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP Common Body of Knowledge (CBK). The exam uses Computerized Adaptive Testing (CAT) for all English exams and CISSP exams in all other languages are administered as linear, fixed-form exams. The exam is divided into eight domains, each weighted differently to reflect its relative importance and the amount of emphasis placed on it in real-world information security practice. The weights are based on a job task analysis (JTA) study conducted by (ISC)², the organization that develops and administers the CISSP certification. This JTA study involved information security professionals from around the world who identified the knowledge, skills, and abilities required to effectively perform information security tasks in each domain.

Successful candidates are competent in the following eight domains:

• Security and Risk Management 15%
• Asset Security 10%
• Security Architecture and Engineering 13%
• Communications and Network Security 14%
• Identity and Access Management (IAM) 13%
• Security Assessment and Testing 12%
• Security Operations 13%
• Software Development Security 10%

Preparation Recommendations

Preparing for the CISSP exam can be an intensive and challenging process, given the depth and breadth of knowledge required. To be successful, candidates must have a strong understanding of the CBK domains, as well as the ability to apply that knowledge to real-world scenarios. There are several resources and approaches that candidates can use to prepare for the exam, and in this post, we will explore one such approach.

The first step in this approach is to watch videos. There are numerous online video resources available that cover the various domains of the CISSP CBK. These videos can provide candidates with a solid foundation of knowledge and help them understand the key concepts and principles in each domain. Many of these videos are taught by experienced professionals who have firsthand experience in the field of information security.

The second step is to read study guides. There are many comprehensive study guides available for the CISSP exam that cover each domain in depth. These guides provide a detailed overview of the topics and concepts that candidates will need to know for the exam, as well as practice questions and exercises to help reinforce their understanding.

The third step is to take practice exams. Practice exams are an essential part of the preparation process as they help candidates assess their readiness for the actual exam. There are many online resources available that offer practice exams with questions similar in format and difficulty to those found on the actual CISSP exam. By taking practice exams, candidates can identify areas where they need to improve their knowledge and focus their study efforts accordingly.

While this approach may not be suitable for everyone, watching videos, reading study guides, and taking practice exams can be a highly effective way to prepare for the CISSP exam. It is important for candidates to be disciplined, focused, and dedicated in their study efforts to maximize their chances of success.

Resources

• Watch Kelly Handerhan videos on Cybrary: Kelly Handerhan is a well-known instructor in the field of information security. Her CISSP videos on Cybrary cover all eight domains of the CISSP exam in a clear and concise manner. Watching these videos is an excellent way to gain a foundational understanding of the concepts covered in the CISSP exam.
• Read the Sybex Official SG: The Sybex Official Study Guide is an excellent resource for studying for the CISSP exam. This book covers all eight domains of the exam and includes review questions at the end of each chapter. Reading this study guide is an effective way to reinforce what you have learned from the Kelly Handerhan videos.
• Read Eric Conrad’s SG: Eric Conrad’s Study Guide is another resource that covers all eight domains of the CISSP exam. This book includes review questions at the end of each chapter and also provides real-world scenarios to help you understand how the concepts apply in practice.
• Use CCCure practice exams: CCCure is a website that offers CISSP practice exams. These practice exams are designed to simulate the actual CISSP exam and help you assess your knowledge and identify areas where you need to improve. Practicing with these exams is an effective way to build your confidence and improve your chances of passing the exam.
• Use Boson practice exams: Boson is another website that offers CISSP practice exams. These exams are also designed to simulate the actual CISSP exam and provide detailed explanations for each question. Practicing with these exams is an effective way to identify areas where you need to improve and gain a better understanding of the exam concepts.
• Skim through 11th Hour: The 11th Hour is a condensed version of the CISSP study guide. This book is designed to be used as a last-minute review tool on the day of the exam. Skimming through this book on the day of the exam can help you reinforce what you have learned and feel more confident about your knowledge.
• Watch IT Dojo’s daily CISSP YouTube videos: IT Dojo’s daily CISSP YouTube videos are a great way to stay engaged with the material and reinforce your knowledge. These videos cover various topics related to the CISSP exam and provide valuable insights into the exam concepts.
• NIST Special Publications: NIST provides a wide range of cybersecurity-related publications, including SP 800-53, which is a security and privacy controls framework. This publication is particularly relevant to Domain 3: Security Engineering.
• ISC2 CISSP Flashcards: ISC2 provides a free set of flashcards to help CISSP candidates memorize key terms and concepts related to the exam.
• ITProTV: ITProTV provides free access to a variety of cybersecurity-related training courses, including courses related to the CISSP. This resource can be particularly helpful for studying Domains 4 and 5.

In addition to these resources, it’s important to adopt the CISSP mindset.

• CISSP certified professionals should focus on being risk advisors rather than problem fixers.
• Understanding who is accountable for security is essential, as it helps determine the right approach to mitigating risks.
• When it comes to security, the question of “how much is enough?” is critical. CISSP certified professionals need to be able to determine the right level of security based on the value of the assets being protected.
• Incorporating security into the design phase of projects is more effective than adding it on later. CISSP certified professionals need to think about security early in the project lifecycle.
• Security transcends technology. While technical solutions are important, they are only one part of an effective security program.
• Layered defense is critical to an effective security program. It involves using multiple security controls to protect against a variety of threats.
• Physical safety should always be the first choice when it comes to protecting assets. Technical solutions should only be used when physical solutions are not feasible or effective.
• CISSP certified professionals need to be able to communicate effectively with both technical and non-technical stakeholders. They should be able to answer technical questions from managers and provide management-level insights to technicians.

By following this approach and adopting the CISSP mindset, you can prepare effectively for the CISSP exam and increase your chances of passing on the first attempt.