Category Archives: Professional Development

How I Passed My CISSP Exam

I passed my Certified Information Systems Security Professional (CISSP) exam on November 20th, 2018. It took me 50 minutes to answer 100 questions.  I am sharing this blog post as resource to colleagues who are intending to take the test and to the cybersecurity profession as my way of “paying it forward” since I received help from vast and free online resources and from advice I received from those I didn’t even know personally.

Motivation

I decided to take the CISSP exam for the following reasons:

  • Model my commitment towards professional development (one of this year’s four key areas in our department strategic plan by learning topics relevant to our organization (SIS&T) future direction including 1) improving our organizational resiliency (staffing, information systems), 2) improving processes (governance, operations, devops), and 3) “liberate data” – expose data across campus systems that have been siloed in the past.
  • I need new leadership/management and technical knowledge required in my role as IT leader on campus given emergent technologies and changing workforce dynamics and demographics. Campus initiatives including cloud adoption, integrated campus cybersecurity, data analytics and campus data integrations using Application Programming Interface (API) and visualization software for decision-making also require new knowledge and skills.
  • Continue my commitment to life-long learning.

Background

Though I had intended to take the CISSP exam in 2017 and my organization had even paid for an online course and books to prepare me for the exam, in retrospect, that I didn’t create the pressure for me to prepare led me to not dedicate the time and effort as I had done these last two months before my exam.

The CISSP exam is often characterized as “mile-wide and inch deep”. It is true the exam assesses the tester’s knowledge in the eight domains ranging from understanding of laws and regulations, best practices, networking/physical/software security, and operations. I am not so sure it’s an “inch deep” however as while the exam may indeed provide questions at a general level, the level of knowledge I felt I had to learn (and acquired) in the process of preparing for the exam went beyond general information.

Since my professional background/experience were mainly in application development and leadership/management, I found those domains to be relatively easier than the other domains. However, given my lack of experience in networking and data center management, I found myself needing to spend more time studying those areas than others. For example, I bought a book called Networking All-in-One for Dummies because I didn’t even know the differences between the networking mediums (cabling) and wireless networking specifications.

Approach

Though I read many online resources about the CISSP exam, there were no materials I read about the specific questions themselves. Even if I had come across them, I wanted to honor the integrity of the process and professional ethical standards by not using them. Given that I didn’t know what questions to expect, I found myself using different study materials (books, iphone apps, quizzes, videos, websites, social media) and I even tried different study styles to improve my chance of passing the test. I have learned that I comprehended concepts better if I understood the “big picture” and when I saw the relationships among the different areas. I created a mind map of the 8 CISSP domains as my roadmap using a mobile/website called MindMeister. Here is the link to my CISSP mind map.

I also found study methods to maximize the limited time I had between when I registered to take the exam (October 2nd) until the day of the exam (Nov 20th).  I created a schedule which required discipline and dedication. The kindle books and the iphone apps which I used anytime/anywhere during the day  (including between meetings, trips to the mall, commute) were useful. My wife’s support and encouragement throughout the process were also very helpful. She provided me with the space and time to study.

As I will share below, it was about two weeks before the test when I finally realized what methods increased my comprehension of the topics I was studying.

Timeline

September 2018

October 2018

  • Registered for the CISSP exam (Nov 20th) on October 2, 2018 on the PearsonVue website.
  • Created and completed exam preparation schedule for those seven weeks.
    • First two weeks of October – complete the Sybex book and Shon Harris’ All-in-One CISSP Exam books). This meant spending 2-3 hours a night reading at least one chapter a day and completing the end-of-chapter quizzes.
    • Entire October up to November 19th.
      • Completed CISSP course on Cybrary.It, and Lynda.com CISSP course.
    • Completed at least 200 questions a day from various quizzes (see list below) and improved my knowledge on areas of weaknesses based on my scores.
  • Five days before exam
    • Took days off from work. Spent at least 5 hours during the day/night of continued studying. This is the period when I realized how to significantly improve my understanding of the topics. At this point in the process, I had read books, taken thousands of questions, and watched hours of videos so the areas new to me became smaller. However, there were still areas I struggled because of my lack of experience as I noted above. So, every time I completed the quizzes, I researched the questions I had missed by re-reading the books and re-watching videos AND in the process, I also started understanding/noticing related topics I had missed before.
    • Two days before the exam, I continued my routine above, and I also reviewed summary materials I had found online including the following:
    • The day before the exam, I came across a blog post which recommended to watch the following videos to have the proper mindset going into the exam. I watched them, and they made a difference in how I approached the test – think like a manager and from a risk management perspective, not a techie. I encourage those preparing to take the test to watch these videos at some point in your preparation.

Lessons Learned

The benefit of the CISSP certification goes beyond the recognition of passing the exam. It has given me more confidence with the new knowledge learned about cybersecurity and how to study for future certification exams. In two months, I learned knowledge in areas I did not have opportunities to learn in my 20 years in IT. To pass the CISSP test requires the risk and organizational management mindsets AND technical knowledge. A technician’s approach of solving issues through tools only or a manager with little knowledge in the 8 domains will probably have a hard time passing the exam. Even with years of experience, the test also requires time and commitment to study the materials and be comfortable with the types of questions.

Personally, I found the preparation process as an opportunity to further assess what works for me in terms of learning style. I used a combination of books, videos, apps, mind maps to figure out what works for me. In the end, I believe memorizing the materials alone was not sufficient and it required some thoughtful understanding of how the different tools/approaches in combination should be applied to solve real-life situations. It also requires intuition gained through experience to be able to effectively assess a problem. I believe therefore experience is a requirement for the certification.

Like other folks online and colleagues in my organization have gave advice and who shared their knowledge for me to pass the exam, I would like to offer you any insight about the process (within the NDA and ethical boundaries) so you may also pass the exam. Please feel free to contact me at joe@joesabado.com.

Resources

My learning style is different from others and in general, every single resource listed here was helpful to me personally, but there were some I relied on more than others and ones I thought were most applicable to the areas and types of questions presented during my exam.

Exam Preparation/Mindset

Exam registration

Summaries

Videos

iPhone Apps

  • CISSP Certification Exam Prep – ImpTrax Corporation
  • CISSP Pocket Prep – Pocket Prep, Inc.
  • CISSP Study Guide by Cram-It – Rooster Glue, Inc.
  • CISSP Practice Questions – Laurie Hocking
  • CISSP Practice Exam Prep 2017 – Recurvo Learning & Educational Apps
  • CISSP Stress-Free: RocketPrep
  • CISSP Practice Test – Mark Patrick
  • LearnZapp CISSP Study Guide

Quizzes

Books

Websites

Social media

Tools

Conquering My Fear of Public Speaking

13254727_10104618107956467_5249131156685578437_o

Presentation for graduate students on digital reputation at the Beyond Academic conference at UCSB. [photo courtesy of Don Lubach]

Do you have a fear of public speaking? Do you get anxious and nervous days and even weeks before you’re to speak? I certainly was for most of my life. When I was in elementary school, I pretended to be sick during the days of oral book reports. Throughout high school I dreaded speaking in front of the class and one of the most painful three months or so of my life was when I was informed I had to speak at our graduation ceremony in front of a couple of thousands of people because I was the class Salutatorian. The prospect of doing the speech terrified me. Instead of enjoying the graduation ceremony and the months leading up to it, I was very anxious. In college, I had similar experiences. I still remember one particular year how terrified I was days leading up to when I had to speak in front of about 800 or so people at our campus, in front of parents and friends, at our annual show for the Filipino-American student organization.

Throughout my professional career, I felt hampered by my fear of public speaking until I decided to make a conscious effort to finally conquer it about three years ago. I felt as I had some good perspectives/ideas to share but I did not have the confidence to share them. Using the steps I share below, I’ve been able to enjoy public speaking and I now look forward to them. In the last four years, I have spoken and presented in several public settings on my campus and even at a couple of professional conferences. I always dreamed of being a “keynote speaker” or doing a webinar but I never thought I would have the opportunity because of my fear. I honestly would not have imagined being able to speak comfortably in front of many people but by conquering my fear of public speaking, I have been able to realize some dreams, present with colleagues I respect, and meet new folks and develop relationships with them.

Here are some of what I did which hopefully could help you too:

390574_308829922484183_214686241_n

Guest presenter at a marketing course when my I couldn’t use my PowerPoint slides. It became an even better session as it became a dialogue/conversation with the class.

1) Think about the root(s) of your fear and how to overcome them. When I finally started to deeply think about what made me nervous about public speaking through the years, it always came back to the idea that as one whose first language is Ilokano (a Filipino dialect), I was scared of being made fun of because I may “FOB” (fresh off the boat) accent. I was eleven when I immigrated to the US with my family, and I remember being made fun of by other kids because of how I spoke. That impacted me psychologically and it contributed to the anxiety I felt before I spoke in public. The other fear that I had was that when I’m nervous, I had (and still do)  the tendency to speak very fast. So, the possibility of “Fobbing” and speaking really fast, especially the first couple of sentences of my speech, really terrified me. However, as I thought about my past speeches, it dawned on me that once I started speaking, I was actually okay! Once I got going, I felt comfortable. it was the first couple of sentences that really scared me. Given this knowledge, I purposely practice my introductory statements to be really slow and deliberate because I realized that if I could get through my first couple of sentences fine, I’m good with the rest of the speech or even a whole hour or two workshop. This step has saved me from days and even weeks of anxiety.

208659_556064871094019_280898585_n

Panelist on student affairs career development at our campus.

2) Get experience public speaking. I really made it a point to seek out opportunities to speak. When asked to do workshops on mobile, social media, and web development or about my personal experiences as a first generation minority student, I accepted them even as terrified as I was. These are areas I have expertise and comfortable talking about so the content was not a problem for me. The more I spoke about these topics, the easier the experience became for me. What really helped in my initial effort to conquer my fear is that I asked a couple of my colleagues who are very good public speakers to join me for my workshops. By doing that, I felt less vulnerable and I gained the experience in the process. They became my crutches until I was ready to do events on my own. The more I spoke, the more comfortable I became.

14568029_1318129554887543_3999751103836970889_n

Keynote speaker for an outreach program for Filipino-American high school students.

3) Develop a niche area (or areas) you can feel comfortable speaking and understand your natural style. As mentioned above, there are topics I feel comfortable talking about and the more I had the opportunity speak about them, the better I got in my presentation styles, delivery, and content. I look back at my first few PowerPoint presentations and I cringe at the amount of text I had per slide! I was using the slides as my crutches because I did not feel comfortable talking without reading what’s on the slides. Nowadays, I’ve come to rely more on the slides to augment/enhance my points through visuals and short text snippets. The slides are now intended for the audience rather than for me. There was actually one time when I was a guest speaker for a marketing course and I had my PowerPoint presentation ready but because the instructor could not login to the computer, I spoke for about an hour without slides. It was actually one of my best presentations because it was conversational and free-flowing. With regards to style, I came to realize that I felt most comfortable and effective when I walked around and not behind a podium. I feel most comfortable when I felt as if the presentation was a conversation and not a monologue. I’ve developed a cadence in how I speak and how I move around when speaking. Engaging with the audience has become one of my habits when speaking.

There are additional steps I’ve learned along the process of conquering public speaking, but three advice above have been the most helpful for me. Try them out and go share your ideas to the world!

 

My Professional Reading List 2015

thumbAnother year of professional growth and learning. As a significant of my time went to my MBA (IT Mgmt Specialization) course work in 2015, I was not able to devote as many hours to reading about other topics I enjoy such as higher education and student affairs. Nevertheless, I still managed to enjoy reading the books below. As it was with my professional reading lists of 2013  and in 2014, the majority of the books below are kindle books I read through my iphone and ipad. The beauty of mobile learning. Please feel free to ask me for any recommendations.

Business & Productivity

Change and Innovation

Higher Education / Student Affairs

Information Technology

Management/Leadership

Technology

 

 

My Knowledge System – A Visual Diagram

Learning is fun, isn’t it? It should be. One can learn from anyone, anywhere, and in many ways. Technology has made it so much easier to learn and connect with folks around the world. Through technology with the combination of web, mobile, cloud, social media, and other communication tools, one can pursue self-directed learning. One must also be curious, have a growth mentality, and be committed to improving oneself. Earlier today, I was thinking all the different ways I’ve used to learn about student affairs, technology, and about personal development. I used a mobile app called Mindly to do a visual diagram of the sources and activities I’ve done in recent years for formal and informal learning. The diagram is as you see below. Click on the image to view a bigger version of the diagram. If you’re to map yours knowledge system, what would it look like?

knowledge_system_th

Cohort-Based IT Leadership/Management Program for Higher Ed

This post contains some of the ideas I will be proposing to our HR department as an officially endorsed training program to address two issues I see present on our campus IT community. These two issues are 1) lack of a cohesive community among the different IT units (and leadership), and 2) needed training on IT leadership and management knowledge and skills. As it is, our campus has a decentralized IT environment and there are minimal opportunities for planning and communication among the IT leadership themselves as well as between the IT leaders and the campus business leaders. As for community building, there aren’t too many opportunities for IT folks to get to know each other as there are only two campus-wide IT events: once-a-year holiday party and a summer beach party. With regards to training, it’s very common for technically adept staff to be placed into management positions without management and leadership training. It is not really a surprise when these staff struggle in their new roles. Even with previous management experience, the campus bureaucracy can be daunting and confusing for those new to the campus.

The idea behind  a cohort-based program is to promote community building among the participants, a selected group of campus IT managers with varying degrees of experience and levels of positions.  The community-building process happens as they complete a set of  training curriculum on areas related to IT leadership/management. In addition, a mentorship component could also be part of the program that pairs up more experienced with new IT managers and/or IT managers with senior campus executives.

Personally, I’ve experienced the benefits of a cohort-based and mentorship program through my participation in our Division of Student Affairs’ Management Development Group (for mid-level SA managers), a campus-wide program called GauchoU, and through a new professionals program within the Division of Student Affairs called Foundations.

I envision the curriculum to be a mix of formal training and monthly discussions on IT leadership/management topics.  A schedule could be something like this:

* Two day institute that could include the following topics:

  • Introduction to campus organizational structure and politics
  • Budgeting
  • Introduction to HR processes (hiring, on-boarding, performance-evaluations, etc)
  • Policies (Security, PCI, FERPA, HIPAA, etc)

* Monthly sessions (discussions/training) that could include, but not limited to the following:

  • IT Project Management
  • Employee Engagement
  • Technology Trends (security, cloud, infrastructure, etc)
  • Career Development
  • Leadership/Communication Styles
  • Conflict Resolution
  • Change Management

Beyond community building and leadership/management training is the benefit of cheaper cost of training for the campus. By bringing trainers and having the training done on campus to a pool of participants the campus can save a significant amount of money spent on travel and accommodations.

Would you have a campus-wide IT leadership/management training program on your campus? Anything you’d add to the curriculum?