Professional Development

How I Passed the CISSP Exam: A Study Guide for IT Professionals

I passed my Certified Information Systems Security Professional (CISSP) exam on November 20th, 2018. It took me 50 minutes to answer 100 questions.  I am sharing this blog post as resource to colleagues who are intending to take the test and to the cybersecurity profession as my way of “paying it forward” since I received help from vast and free online resources and from advice I received from those I didn’t even know personally.

Motivation

I decided to take the CISSP exam for the following reasons:

  • Model my commitment towards professional development (one of this year’s four key areas in our department strategic plan by learning topics relevant to our organization (SIS&T) future direction, including 1) improving our organizational resiliency (staffing, information systems), 2) improving processes (governance, operations, devops), and 3) “liberate data” – expose data across campus systems that have been siloed in the past.
  • Given emergent technologies and changing workforce dynamics and demographics, I need new leadership/management and technical knowledge required in my role as an IT leader on campus. Campus initiatives require new knowledge and skills, including cloud adoption, integrated campus cybersecurity, data analytics, and campus data integrations using Application Programming Interface (API) and visualization software for decision-making.
  • Continue my commitment to life-long learning.

Background

Though I had intended to take the CISSP exam in 2017 and my organization had even paid for an online course and books to prepare me for the exam, in retrospect, that I didn’t create the pressure for me to prepare led me to not dedicate the time and effort as I had done these last two months before my exam.

The CISSP exam is often characterized as “mile-wide and inch deep.” The exam assesses the tester’s knowledge in the eight domains, from understanding laws and regulations, best practices, networking/physical/software security, and operations. I am not so sure it’s an “inch deep,” however, as while the exam may indeed provide general questions, the knowledge I felt I had to learn (and acquired) in preparing for the exam went beyond general information.

Since my professional background/experience was mainly in application development and leadership/management, I found those domains to be relatively easier than the other domains. However, given my lack of experience in networking and data center management, I found myself needing to spend more time studying those areas than others. For example, I bought a book called Networking All-in-One for Dummies because I didn’t even know the differences between the networking mediums (cabling) and wireless networking specifications.

Approach

Though I read many online resources about the CISSP exam, there were no materials I read about the specific questions themselves. Even if I had come across them, I wanted to honor the integrity of the process and professional, ethical standards by not using them. Given that I didn’t know what questions to expect, I used different study materials (books, iPhone apps, quizzes, videos, websites, and social media). I even tried different study styles to improve my chance of passing the test. I have learned that I comprehended concepts better if I understood the “big picture” and when I saw the relationships among the different areas. I created a mind map of the 8 CISSP domains as my roadmap using a mobile/website called MindMeister. Here is the link to my CISSP mind map.

I also found study methods to maximize the limited time I had between when I registered to take the exam (October 2nd) and the day of the exam (Nov 20th).  I created a schedule that required discipline and dedication. The kindle books and the iPhone apps I used anytime/anywhere during the day  (including between meetings, trips to the mall, and commutes) were useful. My wife’s support and encouragement throughout the process were also very helpful. She provided me with the space and time to study.

As I will share below, about two weeks before the test, I finally realized what methods increased my comprehension of the topics I was studying.

Timeline

September 2018

October 2018

  • Registered for the CISSP exam (Nov 20th) on October 2, 2018 on the PearsonVue website.
  • Created and completed exam preparation schedule for those seven weeks.
    • First two weeks of October – complete the Sybex book and Shon Harris’ All-in-One CISSP Exam books). This meant spending 2-3 hours a night reading at least one chapter a day and completing the end-of-chapter quizzes.
    • Entire October up to November 19th.
      • Completed CISSP course on Cybrary.It, and Lynda.com CISSP course.
    • Completed at least 200 questions daily from various quizzes (see list below) and improved my knowledge of areas of weakness based on my scores.
  • Five days before the exam
    • Took days off from work. Spent at least 5 hours during the day/night of continued studying. This is when I realized how to improve my understanding of the topics significantly. At this point in the process, I had read books, taken thousands of questions, and watched hours of videos, so the areas new to me became smaller. However, there were still areas I struggled with because of my lack of experience, as I noted above. So, whenever I completed the quizzes, I researched the questions I had missed by re-reading the books and re-watching videos. In the process, I also started understanding/noticing related topics I had missed.
    • Two days before the exam, I continued my routine above, and I also reviewed summary materials I had found online, including the following:
    • The day before the exam, I came across a blog post recommending watching the following videos to have the proper mindset going into the exam. I watched them, and they made a difference in how I approached the test – thinking like a manager and from a risk management perspective, not a techie. I encourage those preparing to take the test to watch these videos at some point in their preparation.

Lessons Learned

The benefit of the CISSP certification goes beyond the recognition of passing the exam. It has given me more confidence with the new knowledge learned about cybersecurity and how to study for future certification exams. In two months, I learned knowledge in areas I did not have opportunities to learn in my 20 years in IT. Passing the CISSP test requires risk and organizational management mindsets AND technical knowledge. A technician’s approach of solving issues through tools only or a manager with little knowledge in the 8 domains will probably have a hard time passing the exam. Even with years of experience, the test requires time and commitment to study the materials and be comfortable with the types of questions.

Personally, I found the preparation process as an opportunity to further assess what works for me in terms of learning style. I used books, videos, apps, and mind maps to figure out what works for me. In the end, I believe memorizing the materials alone was insufficient. It required some thoughtful understanding of how the different tools/approaches in combination should be applied to solve real-life situations. It also requires intuition gained through experience to effectively assess a problem. I believe, therefore, experience is a requirement for the certification.

Like other folks online and colleagues in my organization who have given advice and shared their knowledge for me to pass the exam, I would like to offer you any insight about the process (within the NDA and ethical boundaries), so you may also pass the exam. Please feel free to contact me at joe@joesabado.com.

Resources

My learning style is different from others. In general, every single resource listed here was helpful to me personally. Still, there were some I relied on more than others and ones I thought were most applicable to the areas and types of questions presented during my exam.

Exam Preparation/Mindset

Exam registration

Summaries

Videos

iPhone Apps

  • CISSP Certification Exam Prep – ImpTrax Corporation
  • CISSP Pocket Prep – Pocket Prep, Inc.
  • CISSP Study Guide by Cram-It – Rooster Glue, Inc.
  • CISSP Practice Questions – Laurie Hocking
  • CISSP Practice Exam Prep 2017 – Recurvo Learning & Educational Apps
  • CISSP Stress-Free: RocketPrep
  • CISSP Practice Test – Mark Patrick
  • LearnZapp CISSP Study Guide

Quizzes

Books

Websites

Social media

Tools


Overcoming the Fear: How I Conquered My Fear of Public Speaking

13254727_10104618107956467_5249131156685578437_o

Graduate students’ digital reputation presentation at the Beyond Academic conference at UCSB. [photo courtesy of Don Lubach]

Do you have a fear of public speaking? Do you get anxious and nervous for days and weeks before you speak? I certainly was for most of my life. In elementary school, I pretended to be sick during the days of oral book reports. Throughout high school, I dreaded speaking in front of the class. One of the most painful three months of my life was when I was informed I had to speak at our graduation ceremony in front of a couple of thousands of people because I was the class Salutatorian. The prospect of doing the speech terrified me. Instead of enjoying the graduation ceremony and the months leading up to it, I was very anxious. In college, I had similar experiences. I still remember one particular year how terrified I was days leading up to when I had to speak in front of about 800 or so people at our campus, in front of parents and friends, at our annual show for the Filipino-American student organization.

Throughout my professional career, I felt hampered by my fear of public speaking until I decided to make a conscious effort to finally conquer it about three years ago. I felt as if I had some good perspectives/ideas to share, but I did not have the confidence to share them. I’ve enjoyed public speaking using the steps I share below, and I now look forward to them. In the last four years, I have spoken and presented in several public settings on my campus and even at a couple of professional conferences. I always dreamed of being a “keynote speaker” or doing a webinar, but I never thought I would have the opportunity because of my fear. I honestly would not have imagined being able to speak comfortably in front of many people. Still, by conquering my fear of public speaking, I have realized some dreams, present with colleagues I respect, met new folks, and developed relationships with them.

Here are some of what I did, which hopefully could help you too:

390574_308829922484183_214686241_n

Guest presenter at a marketing course when I couldn’t use my PowerPoint slides. It became an even better session as a dialogue/conversation with the class.

1) Think about the root(s) of your fear and how to overcome them. When I finally started to think deeply about what made me nervous about public speaking through the years, it always came back to the idea that as one whose first language is Ilokano (a Filipino dialect), I was scared of being made fun of because I may “FOB” (fresh off the boat) accent. I was eleven when I immigrated to the US with my family, and I remember being made fun of by other kids because of how I spoke. That impacted me psychologically and contributed to the anxiety I felt before speaking in public. The other fear I had was that when I’m nervous, I had (and still do)  the tendency to speak very fast. So, the possibility of “Fobbing” and speaking fast, especially in the first couple of sentences of my speech, really terrified me. However, as I thought about my past speeches, it dawned on me that once I started speaking, I was okay! Once I got going, I felt comfortable. it was the first couple of sentences that scared me. Given this knowledge, I purposely practiced my introductory statements to be slow and deliberate because I realized that if I could get through my first couple of sentences fine, I would be good with the rest of the speech or even a whole hour or two workshop. This step has saved me from days and even weeks of anxiety.

208659_556064871094019_280898585_n

Panelist on student affairs career development at our campus.

2) Get experience in public speaking. I made it a point to seek out opportunities to speak. When asked to do mobile, social media, and web development workshops or about my personal experiences as a first-generation minority student, I accepted them even as terrified as I was. I have the expertise and am comfortable talking about these areas, so the content was not a problem for me. The more I spoke about these topics, the easier the experience became for me. What helped in my initial effort to conquer my fear, I asked a couple of my colleagues who are very good public speakers to join me for my workshops. By doing that, I felt less vulnerable and gained experience in the process. They became my crutches until I was ready to do events independently. The more I spoke, the more comfortable I became.

14568029_1318129554887543_3999751103836970889_n

Keynote speaker for an outreach program for Filipino-American high school students.

3) Develop a niche area (or areas) you can feel comfortable speaking and understand your natural style. As mentioned above, there are topics I feel comfortable talking about, and the more I had the opportunity to speak about them, the better I got in my presentation styles, delivery, and content. I look back at my first few PowerPoint presentations, and I cringe at the amount of text I had per slide! I was using the slides as my crutches because I did not feel comfortable talking without reading what was on the slides. Nowadays, I’ve come to rely more on slides to augment/enhance my points through visuals and short text snippets. The slides are now intended for the audience rather than for me. There was one time when I was a guest speaker for a marketing course and had my PowerPoint presentation ready, but because the instructor could not log in to the computer, I spoke for about an hour without slides. It was one of my best presentations because it was conversational and free-flowing. Regarding style, I realized that I felt most comfortable and effective when I walked around and not behind a podium. I feel most comfortable when I feel the presentation was a conversation, not a monologue. I’ve developed a cadence in how I speak and how I move around when speaking. Engaging with the audience has become one of my habits when speaking.

There are additional steps I’ve learned along the process of conquering public speaking, but the three pieces of advice above have been the most helpful for me. Try them out and go share your ideas with the world!


My Professional Reading List 2015

thumbAnother year of professional growth and learning. A significant amount of my time went to my MBA (IT Mgmt Specialization) course work in 2015; I could not devote as many hours to reading about other topics I enjoy, such as higher education and student affairs. Nevertheless, I still managed to enjoy reading the books below. As it was with my professional reading lists for 2013  and 2014, most of the books below are kindle books I read through my iPhone and iPad. The beauty of mobile learning. Please feel free to ask me for any recommendations.

Business & Productivity

Change and Innovation

Higher Education / Student Affairs

Information Technology

Management/Leadership

Technology


My Knowledge System – A Visual Diagram

Learning is fun, isn’t it? It should be. One can learn from anyone, anywhere, and in many ways. Technology has made it so much easier to learn and connect with folks around the world. Through technology with the combination of web, mobile, cloud, social media, and other communication tools, one can pursue self-directed learning. One must also be curious, have a growth mentality, and be committed to improving oneself. Earlier today, I was thinking all the different ways I’ve used to learn about student affairs, technology, and about personal development. I used a mobile app called Mindly to visualize the sources and activities I’ve done in recent years for formal and informal learning. The diagram is as you see below. Click on the image to view a bigger version of the diagram. What would it look like if you were to map your knowledge system?

knowledge_system_th


Cohort-Based IT Leadership/Management Program for Higher Ed

This post contains some ideas I will propose to our HR department as an officially endorsed training program to address two issues I see present in our campus IT community. These two issues are 1) lack of a cohesive community among the different IT units (and leadership), and 2) needed training on IT leadership and management knowledge and skills. As it is, our campus has a decentralized IT environment, and there are minimal opportunities for planning and communication among the IT leadership themselves as well as between the IT leaders and the campus business leaders. As for community building, there aren’t too many opportunities for IT folks to get to know each other as there are only two campus-wide IT events: a once-a-year holiday party and a summer beach party. Training makes it very common for technically adept staff to be placed into management positions without management and leadership training. It is not a surprise when these staff struggle in their new roles. Even with previous management experience, the campus bureaucracy can be daunting and confusing for those new to the campus.

The idea behind a cohort-based program is to promote community building among the participants, a selected group of campus IT managers with varying degrees of experience and positions.  The community-building process happens as they complete a set of training curricula on areas related to IT leadership/management. In addition, a mentorship component could also be part of the program that pairs up more experienced with new IT managers and/or IT managers with senior campus executives.

I’ve experienced the benefits of a cohort-based mentorship program through my participation in our Division of Student Affairs Management Development Group (for mid-level SA managers), a campus-wide program called GauchoU, and through a new professional program within the Division of Student Affairs called Foundations.

I envision the curriculum as a mix of formal training and monthly IT leadership/management discussions.  A schedule could be something like this:

* Two-day institute that could include the following topics:

  • Introduction to campus organizational structure and politics
  • Budgeting
  • Introduction to HR processes (hiring, onboarding, performance evaluations, etc.)
  • Policies (Security, PCI, FERPA, HIPAA, etc.)

* Monthly sessions (discussions/training) that could include, but are not limited to, the following:

  • IT Project Management
  • Employee Engagement
  • Technology Trends (security, cloud, infrastructure, etc.)
  • Career Development
  • Leadership/Communication Styles
  • Conflict Resolution
  • Change Management

Beyond community building and leadership/management training is the benefit of the cheaper cost of training for the campus. By bringing trainers and having the training done on campus to a pool of participants, the campus can save a significant amount of money spent on travel and accommodations.

Would you have a campus-wide IT leadership/management training program on your campus? Anything you’d add to the curriculum?

1 Comment more...

  • Archives

  • Copyright © 1996-2010 Joe Sabado - Higher Education & Technology Leadership. All rights reserved.
    iDream theme by Templates Next | Powered by WordPress