CISSP Journey

deanwebb · December 02, 2015, 08:44:32 PM

Just started it. Got a 70% on the pretest, which is right at the passing mark. But, I'm not going to kid myself, since I had to guess on a number of managerial and programming "Due diligence" types of questions. I've got a good foundation, so I feel like I'm ready to get into the book and start prepping for the exam.

Feels funny that I won't be labbing anything for this one. I kinda want to spin up a Linux box and practice commands on it, but that won't mean a thing for this test.

I'm using the Sybex (ISC)² official prep guide. Reads pretty well, so far.

config t · December 04, 2015, 12:00:14 PM

I started this journey.. and then I realized I don't need this so I stopped

Good luck man, that one is a doozy.

icecream-guy · December 04, 2015, 01:18:16 PM

Yeah, it's like a mile wide and an inch deep.

I ready the CISSP Study guide a while back. provided a good foundation for my business skillz, lots of other things to think about other than switch/router/firewall.

deanwebb · December 04, 2015, 02:03:38 PM

Having worked at Major Multinational Business for the last 2+ years, there's a lot of procedure and policy that we follow that is this CISSP stuff to a T.

It's like filling out all the BS paperwork is now me labbing for this exam...

icecream-guy · December 04, 2015, 02:19:53 PM

Quote from: deanwebb on December 04, 2015, 02:03:38 PM
Having worked at Major Multinational Business for the last 2+ years, there's a lot of procedure and policy that we follow that is this CISSP stuff to a T.

It's like filling out all the BS paperwork is now me labbing for this exam...

no labs required, should be straight memorization...

unless you want to go get a ladder and climb through the ceiling to validate that there are no entries into your data center through the hanging ceiling.

or go down to where the power comes into the building, (well, actually both places) so you can validate that there are 2 distinct entry points for power into your building, and then trace those on the outside to make sure that they each go to independent power grids.

while you are tracing power cables through the city streets, make sure your redundant internet connections go to separate Central Offices...

LOL

wintermute000 · December 06, 2015, 07:24:23 PM

good feedback guys, might actually think about this one then!

deanwebb · December 06, 2015, 10:07:53 PM

First chapter went well... lots of discussion about Confidentiality / Integrity / Availability and related concepts. This was covered pretty thoroughly in the CCNP-Security curriculum, so it was a comfortable sort of review for me. I start Chapter 2 tomorrow...

deanwebb · December 08, 2015, 04:54:52 PM

Chapter 2 is about the human element...

Say you have a guy that puts in long hours, gets the job done, is capable of doing amazing things with the network. He's totally dedicated, because he never takes a day off.

A manager may see this guy as a star employee.

A security guy suspects he's building empire and doesn't want anyone to step into his role, for fear that guy might discover what kind of shenanigans the supposedly star employee is up to.

Job rotation and mandatory vacation help to keep guys from going down those paths of abusing privileges.

I like this chapter.