Training

Taking time out to flex with the EC Council CCISO boxset!

Updated on Leave a Comment on Taking time out to flex with the EC Council CCISO boxset!

Those of you who are close to me will know that I have been off my feet for a few weeks following knee surgery.  It forced me to take sick leave – which is something that I rarely do, and you could probably count on one hand the number of days I have been off work over the past 15 years or so.  Admittedly – I have been lucky in this respect.

However, the prospect of taking a long period of time off work filled me with dread – not least as to what was I going to do with my time.  The good news is that if you have ever had knee replacement surgery – your mind is kept quite busy with how much it hurts and how sadistic physiotherapists are.

Six weeks in and my knee is still not flexing well – and I am not sure if I will be able to do my old dance routines ever again!  Which is going to be more of a shame for the general public.

After a couple of weeks of feeling sore and gradually getting more bored (I did the whole series of Star Wars) – I started to attack some reading material to get some new certs underway and this helped keep me busy.  My wife complained that I shouldn’t be working but it was more reading and research – so wasn’t too taxing.  I still had plenty of time to put my feet up and sleep (which still evades me!)

But despite being off work – I still needed to keep my mind active on something cybersecurity related and decided to flex the grey matter and have a go at the EC Council CCISO study.  This has been on my ‘to do’ list for a while and having completed CISSP with Firebrand, earlier this year – I thought it would be a good opportunity to compare and contrast.

I used the official study book from EC Council and read through the 5 domains – stopping and researching the bits that I either didn’t understand or needed some form of clarification on.  As with all certification vendors – there is often a difference in the terminology and focus of a course but luckily never a change of tack on the intended outcomes.  Nobody needs to re-invent the wheel.

The course material was difficult to read through and I found breaking it up into small areas rather than hitting each large domain in a ‘oner’ worked for me.  There were areas that I knew well and others that I needed to take more time over. 

Domain 5 is particularly odd (for me at least) – ‘Strategic Planning, Finance, Procurement and Vendor Management’.  I would imagine that this was also a particularly difficult module to write the courseware author.  There are so many if’s, but’s and maybe’s in this area that it really only scratches the surface in a lot of areas – and although it gives some guidance – for me was quite a handful. Every organisation I have worked with does this differently and has different terms for stuff relevant to this domain.

The one thing that I didn’t really like about the EC Council course was the focus was sometimes on US-based legislation and processes.  I am fine with NIST standards and guidance and a lot of other great US-centric frameworks that have been adopted internationally – but there were a few moments when I thought – hold on a minute – we don’t do that here.

Luckily the exam was very neutral in this respect.  So if you do the course or read the book – don’t fret when it goes all weird and foreign.

The NDA for the exam means I can’t really tell you if it was all relevant, but a few odd questions did come up.

There is no secret in the fact that the CCISO exam is 150 multiple choice questions and 150 minutes long.  So even with my level of maths – that’s 1 minute per question.  Some of the questions are fairly straightforward and you will know the answer as soon as you read the question – others take a bit longer to digest.  So it all averages out.  I didn’t find time an issue.

As with all EC Council exams – there is no set passing percentage and you won’t know until the final tot up if you have passed or not.

You can take the exam at home using the remote proctor (unlike CISSP) which is handy – and the exam portal is simple and easy to navigate.  You can mark questions for review and come back to them which also helps.  I used this feature.

Another big difference between the CCISO and CISSP is that EC Council expect you to know a few ISO’s and Frameworks (which the CISSP alludes to but remains quite neutral on).  But the good news is that if you have been knocking around information security for a while – these will be old hat to you.  I guess that’s the point.

The CCISO had a lot of mini-scenario type questions which I quite liked but there were always 2 answers which could have been correct.  CISSP is a bit like that – so as soon as you have got rid of the blatantly obvious wrong answers – it is a question of taking your time to pick up what they are after.

I also found that a few questions on processes came up but again these were straightforward if you have done incident response, forensics and project management before.

The CCISO exam and course is not technically deep (the same as CISSP) but there were a couple of questions on cryptography, network defence mechanisms, zero trust and cloud-technologies that made me stop and think. Mostly because all the answers looked the same or could have been correct and the well-used ‘choose the BEST answer’ questions are always my least favourite.  The problem I find with courses which are not technical is that when they discuss the technology at such a high level it all gets very confusing and often poorly described.  There are few courses out there that are like this.

The whole point of CCISO is to layer on top or alongside CISSP a bit more of the executive officer angle of attack and so there is an emphasis on the Domain 5 stuff.  Finance, legislation, procurement processes and ‘what would the board do’ type situations.  I did find these tough and probably where I lost marks in the exam.

Just like CISSP if the answer has something in it that benefits the business objectives – it is probably the right answer.  However these are very ambiguous in the real-world.

I am pleased to say that I passed the test but more importantly – I learned some stuff along the way.  Do I ever want to be a CISO?  Nope.  Do I want to get a better understanding of how a business can maintain a good security posture and support operations at all levels?  Yep.  That’s what this course puts in place.

If you do want to be a CCISO or consider the knowledge and skills required for such a role – then this is a great option.

This course and others from EC Council have recently been re-accredited by the NCSC in the UK which gives them a great stamp of approval at the highest level. This is not to be sniffed at. I know this first hand as I have been involved in the accreditation process with the NCSC for the Firebrand law enforcement courses we deliver and understand the process and rigour that is put in place to get on this list.

https://www.ncsc.gov.uk/information/certified-training

I self-studied for this course as the good people at EC Council gave me an exam voucher and access to the book and the good people at Firebrand gave me the time and support to study it all.  However, this is definitely a good course to do with an instructor in front of you – as I had questions and Google didn’t always help.  I also missed having the experience of all of the other delegates around me – who add value in bucket loads to courses like this.

I know the instructors at Firebrand who deliver this (and in the future I might take this one on also) and I understand how top-drawer they are in what they do and how they do it.  Check it out and add it to your ‘to do’ list as there is some learning to be had.

I understand that in some respects – EC Council certifications are a bit like Marmite.  But that’s not the point.  If you attend or study for any vendor accredited course and complete a tricky exam to verify your knowledge and in the case of the CCISO exam – your experience in the field (as the answers are not in the book) – then you have achieved something good.  The fact that it is also nationally and internationally accredited at a high level helps to ratify this.

Whether it is for professional growth or personal development – the EC Council courses are worth taking a look at – but as with all training courses, do your homework first.

Some tips and tricks:

  • Download the ‘blueprint’ for the exam or course and understand the learning objectives.
  • Make sure the learning objectives match to what YOU want to achieve and even better if it goes beyond your objectives (but never opt for something below your expectations).
  • Consider the amount of time that you can spend learning (not just reading) – even better to get in a classroom and dedicate your time solely to study.
  • Be realistic about your level of experience and course expectations.  No exams are easy (if they are – they are probably not worth much in the real world).
  • The CCISO exam (just like CISSP) tests you outside of the course material and expects you to be able to apply theoretical knowledge.
  • Focus on the bits you don’t know and try to get enthusiastic about learning something outside of your comfort zone – even if it is a dull as ditchwater!
  • Talk to somebody who knows about vendor credentials and how the real world operates.  That could be your training provider or a member of the team that works in their training delivery department.
  • Celebrate success and be proud of what you achieve.

Learn long and prosper!

Related Post

Every Team needs a Midfield General

Learning to Spread Your Wings

No-brainer of the Year

Take 5 Against the Scammers

Do You Wanna Be A Record Breaker !?

Buckle Up for CISSP!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.