Following on from my last blog \u2013 this year I have decided (and been actively encouraged by my boss!) to get some certs tucked away and so for the past 3 years \u2013 it has been a target of mine to achieve CISSP. The ISC2 flagship credential for information security.<\/p>\n\n\n\n
In order to make the dream happen and to ensure that I didn\u2019t put it off any longer \u2013 Kiely (the boss) enrolled me on one of our residential, accelerated learning courses at Wyboston Lakes. Speed to competency and speed to certification is the aim.<\/p>\n\n\n\n
Before I explain my thoughts with you \u2013 full transparency in the fact that I work for Firebrand Training as head of the cybersecurity curriculum and I regularly train on cybersecurity and cyber crime courses. So, you may think that I will have a bias towards the company (which of course I do). But the aim of this post is to give you a \u2018warts and all\u2019 guide to my thoughts on what it takes to do CISSP at Firebrand and prepare you before you decide to \u2018buckle up\u2019 and head into a classroom.<\/p>\n\n\n\n
You can probably apply a lot of this to any of our accelerated learning courses.<\/p>\n\n\n\n
The first question you need to ask before embarking on CISSP is do you need it? <\/strong><\/p>\n\n\n\n There is a huge difference between \u2018need\u2019 and \u2018want\u2019. If it is needed to do your job or advance your career \u2013 that\u2019s great. If you want it just in case or because it looks like something that you might need \u2013 go back and do your homework. Although in fairness, I took it more out of \u2018want\u2019 than \u2018need\u2019 but I will circle back on this.<\/p>\n\n\n\n The reason why I say this is because there are lots of alternative paths to success with a whole host of security courses and vendors who all make a big impact on careers and the job market. CISSP is aimed at security managers and professionals with at least 5 years of proven experience in at least 2 of the 8 domains and this alone \u2013 is a big ask. You can still achieve ‘associate’ status by taking the exam but it might be worth considering taking smaller steps within your chosen skill set and requirements.<\/p>\n\n\n\n So, my first tip is \u2013 think carefully about what your objectives are or those required by your organisation. Do you need to acquire knowledge and skills in other areas first – and do you need to go straight in at the deep end with CISSP in the first place? <\/p>\n\n\n\n Oddly enough, meeting the needs of the business and achieving their objectives is a key concept within the CISSP course.<\/p>\n\n\n\n My next tip is \u2013 be prepared. If you are going to do it the Firebrand way, make sure that you have your courseware activated and set up. I must admit, I didn\u2019t read all of the book before I went on my course. As (without sounding too lofty), I knew a lot of it and certainly a lot of the technical domains. So, I concentrated only on the bits I knew I would be ropey on (in my case Software, Application Security and some of the risk management concepts). <\/p>\n\n\n\n Pre-reading leads to pre-learning and in my opinion, this is a dangerous game. I have experience of being an instructor on a course when delegates have read the book before attendance and got the wrong end of the stick on something. They have then found it very difficult to re-learn something. In one case a student actually argued with me that I was wrong despite me physically showing them how it all worked in a demonstration. Their response was \u201cbut the book says\u2026.\u201d despite them actually seeing the reality of the situation.<\/p>\n\n\n\n Concentrate on the bits that you don\u2019t know. There is no point reading stuff that you are already good at but keep an open mind in class. The other point here is that ISC2 have a different approach and angle on some other vendors and courses that I have experience of so you just have to suck it up in some aspects and adopt a different approach. Life\u2019s rich tapestry and all that.<\/p>\n\n\n\n The Firebrand residential course experience is amazing.\u00a0 And if it isn\u2019t amazing for you \u2013 please feel free to get in touch with me to let me know why not.\u00a0 From Sunday evening at 1800 (yes that\u2019s when kick off is) to the following Saturday lunchtime\/early afternoon you will be totally immersed in training.\u00a0<\/p>\n\n\n\n It takes a couple of days to get into the routine but you will.<\/p>\n\n\n\n Another tip! Be prepared at home. Make sure that you have sorted your personal life out before you travel to Wyboston. Do your weekly jobs. In my case, I chopped enough logs for the wood burner for a week, put the bins out, tidied my office, cleaned the garage and sorted out the fish tank! Obviously, it is important to keep in touch with your family and friends over the week but it\u2019s great when you don\u2019t have to worry about anything and know that they will survive without you for a week. Alarmingly, my wife survives well without me!? She may actually state that she is better off when I am away but that\u2019s another story!<\/p>\n\n\n\n The plus points with residential learning are that you will be well fed and watered, the accommodation is clean and comfortable, the staff care about you and will support you every step of the way and if a problem occurs, it is dealt with immediately with no fuss or bother. You will also meet some incredible people on your course from all walks of life and industry sectors and quite often from different parts of the world.<\/p>\n\n\n\n I wouldn\u2019t say that the CISSP course lends itself to a major networking experience as if you do it properly, you will have very little time to socialise in the bar. At the end of the day it is great to chat over dinner and perhaps the occasional glass at the end of a busy study day. However, I met some brilliant people and have a few new LinkedIn friends to show for it and will keep in touch with them.<\/p>\n\n\n\n The course is intense. It is a full day of learning followed by several hours of practice tests and personal study and if required, the instructor is on hand beyond the end of lecture hours and you have access 24\/7 to the classroom for study. I can honestly say that even though there were sections of the domains that I knew reasonably well \u2013 the delivery was such that I did not drift off at all during lectures. That was mostly down to the way the instructor delivered it (very animated and interactive) and my desire to keep on top of the learning.<\/p>\n\n\n\n You will be tired after a couple of days of training.<\/p>\n\n\n\n Another tip. Don\u2019t burn the midnight oil. You know when it\u2019s time to stop as your body and mind will tell you. A couple of my fellow delegates studied beyond midnight a couple of nights and they were pretty rubbish the day after. So don\u2019t do it. Know you daily limits of activity and stick to it. It is important to stay alert and healthy for the week.<\/p>\n\n\n\n Thursday is the crunch time as you are nearing saturation point and for me it was the worst day as it was application security \u2013 so I knew I had to be on it. Luckily it panned out okay and I did okay (not brilliantly) on the revision tests which put my mind at rest somewhat. The instructor was amazing.<\/p>\n\n\n\n The last learning day of the course (Friday) was an easier subject and we had a couple more hours to revise, read and abuse (not literally) the instructor. Mentally, it felt like an easy day but you will still be tired.<\/p>\n\n\n\n Another tip!\u00a0 Use the practice questions as a revision aid to highlight your weak areas.\u00a0 They bear no resemblance to the real exam and contain content which is not \u2018testable\u2019.\u00a0 Use them as a guide to revision but don\u2019t get hung up on the results and certainly don\u2019t go hell for leather doing practice tests until the early hours.<\/p>\n\n\n\n I used the tool LearnZapp which was recommended to me by the instructor. It was \u00a315 for the CISSP exam questions for a month\u2019s access and had a huge test bank of questions. I preferred it to the Sybex questions (which you get included in your Firebrand courseware) as it was a great application for tailoring exam questions and types. If you are familiar with MeasureUp \u2013 it\u2019s a bit like that. However, other delegates on my course used the Sybex questions and liked them also.<\/em><\/p>\n\n\n\n I found (as I always recommend to my students) that doing blocks of 25 questions in study mode and making a note of areas that I got wrong helps. In between each block of questions, I dug out the bits in the book that I was weak on and spent 10 minutes or so just reading back through the book or my notes to solidify my understanding. <\/p>\n\n\n\n I worked up until 2030 every day and then stopped. Quick call home and then settled down for an hour of TV before calling home to say goodnight! It was nice to ‘declutter’ watching crap TV for an hour.<\/p>\n\n\n\n I generally work better in the mornings so I was up for early breakfast (avoiding the temptation to have full English!) and I was in the class an hour before lessons to read or do a couple of quick practice tests before the new learning began. That worked for me.<\/p>\n\n\n\n Another study tip. Study on your own and in your own way. You will soon find a rhythm (like the one I have mentioned above) but I like to do tests and read in quiet. So that is either the classroom or your hotel room. Not the restaurant or bar. If the instructor is doing some extras in the class either go back to your room or sit out in the reception area. <\/p>\n\n\n\n I never find the \u2018study buddy\u2019 approach to learning helps. Study groups normally result in people being left behind or dangerously assuming the knowledge of the strongest member of the group. People that work together on the practice tests, generally have a shock in the exam when they can no longer rely on the person who was more knowledgeable than them. The stronger members are also held back by the weaker members when they have to either discuss or explain answers. It sounds brutal but every delegate of the CISSP course has to learn to set their own agenda and they own objectives and outcomes.<\/p>\n\n\n\n Exam tip. The very strict NDA and ISC2 rules means that nobody can tell you about the exam questions. I have suggested that they are nothing like the practice questions but of course they are based on the subjects and concepts that the practice questions offer. And that\u2019s the thing about CISSP. It tests you to think like a manager \u2013 conceptually, strategically, non-vendor but with a good understanding of technology and a very good understanding of the principles behind areas such as governance, risk and compliance.<\/p>\n\n\n\n I am not going to lie to you and say that I was confident going into it because, I reckon there is a fine line between confident and complacent and the CISSP exam will bite you if you are complacent.<\/p>\n\n\n\n Make sure that you get a good night\u2019s sleep or as best as you can. Here is what I did.<\/p>\n\n\n\n Woke up at the normal time and went though my normal routine.\u00a0 You have to pack your bags and check out by 1100 at Wyboston \u2013 so you don\u2019t have to rush.\u00a0 The exam registration starts at 0700 and you have to be in the exam at 0900, so again there is no major rush. You can leave your bags in your car or securely with the hotel or Firebrand Operations.<\/p>\n\n\n\n I got up and had breakfast nice and early.\u00a0 Again, not too heavy and not rushed.\u00a0 Then I went over to the training centre and registered.\u00a0 If it is your first time with ISC2 this can take a good 5 minutes or so as you have to have your palms scanned, photo taken and ID checked for the records.<\/p>\n\n\n\n I set myself the time of 0830 to go in, which gave me an hour to myself. I read though my notes and the key areas that I was weak on throughout the week. I did not start cramming in practice tests as that is like running to the start line of a marathon!<\/p>\n\n\n\n I went for a walk for 10-15 minutes and got some fresh air and thought about the seagulls and rabbits. None of this came up in the CISSP exam (I don\u2019t think that is part of the NDA).<\/p>\n\n\n\n I checked in with the Operations staff on the front desk (in my case it was Kate) who took me into the exam room and settled me in. A couple of deep breaths, signed the NDA on screen and hit start test\u2026..<\/p>\n\n\n\n I did my questions in blocks of 10. After each block, I took a deep breath had a \u2018blink break\u2019 from concentrating on the screen and mentally calculated how well that 10 had gone. A couple of dodgy answers perhaps but the rest were okay. A couple were \u2018easy\u2019 the rest were just okay. And so it continued, block after block.<\/p>\n\n\n\n You slowly start to get into the pattern and this calms you down.<\/p>\n\n\n\n At question 50, I needed a toilet break and that came at a good time as I could see that question 50 was going to be a beast. So rather than try and concentrate with a full bladder \u2013 I took a natural break! All under the rules of engagement with the Operations team.<\/p>\n\n\n\n It didn\u2019t make question 50 any easier but it meant I could focus on the answers rather than anything else.<\/p>\n\n\n\n The exam is adaptive \u2013 which kind of works in your favour but I found that the last 10-15 questions I had were brutal.\u00a0 The majority I could get down to a 50\/50 but then it was a toss up between the two. Luckily I still had the words of wisdom from the great Firebrand Operations guru \u2018Paul\u2019 ringing in my ears saying \u201cgo with your gut\u201d and that\u2019s what I did.<\/p>\n\n\n\n Paul gives you a great exam overview and pep talk during the course and has about 150 years of experience of putting delegates into the exam process. (Not sure that figure is correct but it is a lot!)<\/p>\n\n\n\n I had 101 questions in total before it thought about it and then ended the test. This is generally a good sign or a really bad sign! So no indication of pass or fail at this point! All I could think of was Room 101 or Dalmatians for some strange reason!<\/p>\n\n\n\n The delay between doing the exit poll, exiting the test and receiving a print out at the reception desk seemed like an eternity. But it was worth the wait. Congratulations and Pass is all you want to hear. And for the majority of my course \u2013 those were the great words that they did hear.<\/p>\n\n\n\n To be honest, even if I had failed the final exam \u2013 I would have had a positive experience on this course.\u00a0 I learned stuff.\u00a0 I solidified stuff that I thought I already knew and I rounded off knowledge areas that will help me in my current role. And like any training course – it opened my eyes to a whole heap of areas to develop further and apply in the real world. It’s all about the impact!<\/p>\n\n\n\n So even though I didn\u2019t need CISSP, that fact that I now have it has certainly put a spring in my step and added to my \u2018street cred\u2019 in the world of cyber and information security. I am now thinking that it was less of a want and more of a need in my case. I am very grateful for the opportunity and overjoyed with the way that Firebrand do this.<\/p>\n\n\n\n I am waiting to get the certification ratified by the good people of ISC2 and when that comes through, I will definitely be putting the letters after my name. That\u2019s how much it means.<\/p>\n\n\n\n Firebrand Training is the home of accelerated, vendor certification. My experience, even though it was on my home turf, was amazing and the results (which were by no means a certainty) speak for themselves.<\/p>\n\n\n\n The experience will stay with me for sometime and as an instructor has also allowed me to experience what it is like as a student \u2013 which is invaluable. <\/p>\n\n\n\n I hope that some of the tips here work for you. I am always available for advice and guidance \u2013 especially around the subject of what course might be a good fit for you. <\/p>\n\n\n\n CISSP has its place but there are plenty of alternatives that would do the trick.<\/p>\n\n\n\n I have a couple of other learning adventures lined up for this year and I will keep you posted on how that all pans out.<\/p>\n\n\n\n Learn long and prosper!<\/p>\n","protected":false},"excerpt":{"rendered":" Following on from my last blog \u2013 this year I have decided (and been actively encouraged by my boss!) to get some certs tucked away and so for the past 3 years \u2013 it has been a target of mine … <\/p>\n","protected":false},"author":1,"featured_media":517,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised","grid-sizer"],"_links":{"self":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=516"}],"version-history":[{"count":7,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/516\/revisions"}],"predecessor-version":[{"id":524,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/516\/revisions\/524"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/media\/517"}],"wp:attachment":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}