+ Reply to Thread
Results 1 to 10 of 10

Thread: Starting CISSP

  1. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,064

    Certifications
    None?
    #1

    Default Starting CISSP

    Alright, back in the cert game. This time for real. Boss is pushing me on this one. Basically the division of the company I am in is very ISC2 oriented on the politics and friends side of things.

    Experience -

    Domain 1. Security and Risk Management
    - I been a member of our internal security operations management team for near 7 years.

    Domain 2. Asset Security
    - I personally have managed our OS and network security automation for 3 data centers for 7 years.

    Domain 3. Security Architecture and Engineering
    - I have run/managed our SIEM operations for over 5 years.

    Domain 4. Communication and Network Security
    - My previous job I worked doing SMB office security for about 4 years and considerable more experienece misc tacked on at my current job working with F5 , Juniper and network automation.

    Domain 5. Identity and Access Management (IAM)
    - two jobs ago I did 3 years working with access management, then another 2-3 years consulting on AD design and security for SMB.

    Domain 6. Security Assessment and Testing
    - I have been apart of our Qualys, Red/blue team and compliance audits for near 6 years.

    Domain 7. Security Operations
    - Over a decade here and the last few jobs

    Domain 8. Software Development Security

    - Honestly, I kinda suck here. I have dont some light tests on the sites I support, I have never really been a direct owner of the software development lifecycle. Problaby my weakest area. Looking at completing this program to support closing my gaps here https://app.pluralsight.com/paths/ce...ssional-csslpr .


    Beyond meeting the requirements for the time of training I also hold "Approved Credential on the (ISC)˛ Approved List"
    CompTIA Security+
    MCSE
    MCITP

    Materials
    1) Cloud+ materials and cloud Essentials
    2) cbtnuggets.com for the overview of the concepts, it's the 2015 version, but its just for on the treadmill.
    3) (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
    4) CISSP Official (ISC)2 Practice Tests, 2e
    5) CISSP Exam Prep Questions, Answers and explanations from SSI Logic
    6) Official CISSP Bootcamp from Quickstart.com
    7) CEH Bootcamp from Quickstart.com
    Video series on CASP Concepts from pluralsight.com
    9) Video series on SDLC concepts from pluralsight.com


    Generally I like to keep dive into certifications deeper than is required for the pass. So also branching into Cloud+ and a few other things as supporting materials. But traditionally I don't bother with most certs unless I see real value on dice.com etc. But this one the boss is pushing me hard to get active in ISC2.
    Last edited by Daniel333; 09-05-2018 at 12:15 AM.
    -Daniel
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,064

    Certifications
    None?
    #2
    Cloud+ Done!
    In prepping for the Cloud aspects of the CISSP I went ahead and self-bootcamped the Cloud Essential and Cloud+ Exam from compTIA. The process exposed some gaps in Storage, Federated Identity and Application life-cycle.

    Bootcamp - Scheduled
    Right now I have a 5 day CISSP bootcamp schedule for end of the month just to surface more weaknesses.

    In the Pipe
    But after that I am going to break down and work through some Windows 2016/Azure training on Federated Identify and go volunteer to help with our federation projects at work to close the gap some.
    Last edited by Daniel333; 08-16-2018 at 10:59 PM.
    -Daniel
    Reply With Quote Quote  

  4. Senior Member bjpeter's Avatar
    Join Date
    Jul 2015
    Location
    Honolulu, Hawaii
    Posts
    144

    Certifications
    Linux+, CCSKv4, OCEJPAD, CSSLP, Server+, Cloud+, CCP, CASP, Mobility+, Storage+, OCP Java SE 8 Professional, Security+, OCM Java SE 6 Developer
    #3
    Quote Originally Posted by Daniel333 View Post
    Cloud+ Done!
    In prepping for the Cloud aspects of the CISSP I went ahead and self-bootcamped the Cloud Essential and Cloud+ Exam from compTIA. The process exposed some gaps in Storage, Federated Identity and Application life-cycle.

    Bootcamp - Scheduled
    Right now I have a 5 day CISSP bootcamp schedule for end of the month just to surface more weaknesses.

    In the Pipe
    But after that I am going to break down and work through some Windows 2016/Azure training on Federated Identify and go volunteer to help with our federation projects at work to close the gap some.
    Good luck with studying for the CISSP exam! I am going to take it too after I get my Linux+/LPIC-1 certification.
    2019 Goals: CISSP, CCSP, eCPPT, CySA+, PenTest+
    Achieved: Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2017
    Location
    Asia
    Posts
    318

    Certifications
    CISSP, CASP, CRISC, CISA, ISO27001 LA, CISM (application pending)
    #4
    Good job on the Cloud+ pass!

    If I may, would suggest adding the CISSP course in Cybrary.it by Kelly Handerhan (still the 2015 course also) and the free practice tests at https://www.mhprofessionalresources....=AccessControl
    Last edited by Info_Sec_Wannabe; 08-17-2018 at 02:14 AM. Reason: Updated link
    Reply With Quote Quote  

  6. Scruffy-looking nerfherdr tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    828

    Certifications
    SSCP, Security+, eJPT +4
    #5
    Quote Originally Posted by Info_Sec_Wannabe View Post
    Good job on the Cloud+ pass!

    If I may, would suggest adding the CISSP course in Cybrary.it by Kelly Handerhan (still the 2015 course also) and the free practice tests at https://www.mhprofessionalresources....=AccessControl
    Looks like it's still set up for the old 10-domain test. Interestingly, when I remove the ?id=AccessControl from the address, I get the following errors:

    Warning: include(exams/.inc.htm): failed to open stream: No such file or directory in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

    Warning: include(): Failed opening 'exams/.inc.htm' for inclusion (include_path='.:/web/sites/books/pear/share/pear:/web/sites/books/smarty/libs:/web/sites/books/pear') in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

    Nothing like leaving your website wide open.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2017
    Location
    Asia
    Posts
    318

    Certifications
    CISSP, CASP, CRISC, CISA, ISO27001 LA, CISM (application pending)
    #6
    Quote Originally Posted by tedjames View Post
    Looks like it's still set up for the old 10-domain test. Interestingly, when I remove the ?id=AccessControl from the address, I get the following errors:

    Warning: include(exams/.inc.htm): failed to open stream: No such file or directory in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

    Warning: include(): Failed opening 'exams/.inc.htm' for inclusion (include_path='.:/web/sites/books/pear/share/pear:/web/sites/books/smarty/libs:/web/sites/books/pear') in /web/sites/books/htdocs/sites/CISSPExams/exam.php on line 47

    Nothing like leaving your website wide open.
    Yes, although most of the concepts still apply. Oh... haven't checked that before.. the irony of it..
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,064

    Certifications
    None?
    #7
    So status report -

    Self Study -
    1) I completed CBTNuggets video series
    2) Completed a Video series on Application Lifecycle management
    3) Slowly hacking through the book "CISSP Exam Prep Q&A book"

    Experience -
    I realize I have an application life cycle gap and not enough international experience. So I started attending our lifecycle teams meetings and working on GDPR

    Formal Training -
    In a physical class all week for the CISSP with Quickstart.com so far so good.

    Changes to my plan -
    Adjusting my battle plan to include the CEH bootcamp. The legal parts of the CEH sound kind of interesting. I would do CompTIA PenTest+ but I can't find enough material on that yet.
    -Daniel
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,064

    Certifications
    None?
    #8
    About 150 pages into my Q&A book and finished day 4 of the bootcamp. A lot of networking which was pretty low level stuff so I checkout for most of it and read the book some. "feels" like December based on all the standards I have to memorize
    -Daniel
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,064

    Certifications
    None?
    #9
    Finished a CISSP bootcamp. I picked up a few little things but largely it's just refining definitions. I made a flashcard for every major term and am hacking through it. Taking the weekend off from studying them I am going to finish this book of Q&A https://www.ebay.com/itm/Cissp-Exam-...YAAOSwz7NaV~TO

    then when I am done doing that, I'll start the official text book. Aiming for December at this rate.
    -Daniel
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,064

    Certifications
    None?
    #10
    Status report -

    1) Completed a CEH bootcamp as a review of hacker misc. Was probably the worst class I have done online. But at least it forced me to review.
    2) I am in a number of security talks at the upcoming Splunk conf in Orlando.
    3) Nearly done working though CISSP Exam Prep Q&A book. Going slow, reading on every subject I Have the slightest hesitation on.

    Once I finish Splunk conf and this book. Then I am working through the SYbex Q&A book. Then ill probably go into a massive review mode, and schedule the test. AIming for November ish now.
    -Daniel
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks