Guide to CISSP preparation

Transcript

1. GUIDE TO CISSP PREPARATION 1 - Sukesh Shetty (@daemon_user)

2. TODAY’S TAKEAWAY FROM THE SESSION ➢ Background & Benefits of

   pursuing CISSP certification ➢ How to Get Your CISSP Certification ➢ Eligibility & Validity of CISSP ➢ Syllabus for CISSP ➢ CISSP Member Counts ➢ New CISSP exam outline – CAT ➢ Study materials & Timelines for cracking CISSP ➢ Study plan ➢ Conclusion 2

3. BACKGROUND ON CISSP ➢ Certified Information Systems Security Professional (CISSP)

   is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)². ➢ CISSP is a globally recognized certification in the field of IT security. ➢ The CISSP certification is accredited by the American National Standards Institute (ANSI). This means it complies with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. ➢ What industry says about CISSP – ▪ Named one of 8 Valuable Security Certifications for 2017– Dark Reading ▪ Ranked #4 on the Top 15 Moneymaking Certifications for 2017 list – CRN 3

4. BENEFITS OF PURSUING CISSP CERTIFICATION ➢ Worldwide recognition of competence

   in the field of cybersecurity ➢ Strengthen your cybersecurity skillset ➢ Catapult your career ➢ Rate of Salary Hikes ☺ ➢ A must have for some roles e.g. For Promotion, etc. For more benefits, refer below site: https://www.simplilearn.com/reasons-you-should-do-cissp-certification-article 4

5. HOW TO GET YOUR CISSP CERTIFICATION ➢ Obtain the Required

   Experience ➢ Study for the Exam ➢ Schedule the Exam ➢ Pass the Exam ➢ Complete the Endorsement Process ➢ Maintain the CISSP Certification 5

6. ELIGIBILITY & VALIDITY OF CISSP ➢ Possess a minimum of

   five years of direct full-time security work experience in two or more of the (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a master's degree in Information Security, or for possessing one of a number of other certifications*. ➢ A candidate who doesn’t have the required experience to become a CISSP may become an Associate of (ISC)² by successfully passing the CISSP examination, valid for a maximum of six years. ➢ During those six years, a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. *Certification details: https://www.isc2.org/Certifications/CISSP/experience-requirements 6

7. ELIGIBILITY & VALIDITY OF CISSP ➢ The CISSP credential is

   valid for three years; most holders renew by submitting Continuing Professional Education (CPE) credits. There is also a yearly membership fee required to maintain certification. ➢ Three-Year Certification Requirement Over the three-year CISSP certification cycle, you must earn and post a minimum of 120 CPE credits. A minimum of 20 CPEs must be posted during each year of the three year certification cycle. ➢ Paying Annual Maintenance Fees (AMFs) Once you earn this cybersecurity certification, you must pay USD$85 each year of your three-year certification cycle. 7

8. CISSP MEMBER COUNTS *Source: https://www.isc2.org/Certifications/CISSP/experience-requirements 8 CISSP Member Counts* (per

   country) – Stats as per Jun’18 Country (Top 10) Count United States 82577 United Kingdom 6674 Canada 5329 Korea, Republic of 2756 Netherlands 2418 Australia 2309 India 2155 Japan 2089 China 2038 Germany 2029

9. SYLLABUS FOR CISSP Domains Average Weight Security and Risk Management

   15% Asset Security 10% Security Architecture and Engineering 13% Communication and Network Security 14% Identity and Access Management (IAM) 13% Security Assessment and Testing 12% Security Operations 13% Software Development Security 10% 9 Source: https://www.isc2.org/-/media/ISC2/Certifications/CISSP/CISSP-Exam-Outline-121417--Final.ashx

10. NEW CISSP EXAM OUTLINE – CAT The CISSP exam uses

    Computerized Adaptive Testing (CAT) for all English exams. You can learn more about CISSP CAT at www.isc2.org/certificatons/CISSP-CAT. 10

11. STUDY MATERIALS ➢ Books: ▪ Sybex 8th Edition (Primary Book)

    ▪ CISSP All-in-One Exam Guide, 7th Edition - Shon Harris (Reference Book) ▪ Eleventh Hour CISSP – Eric Conrad (Last minute Brush-up) ▪ CISSP CBK (Reference Book) – Although never referred☺ ➢ Videos: ▪ Cybrary ▪ Udemy ▪ More Free Videos 11

12. STUDY MATERIALS ➢ Other Notes: ▪ Sunflower notes ▪ CISSP

    Process Guide ▪ CISSP Combined Notes ▪ Cram Study Notes, Flashcards, MindMaps, etc. ➢ Groups & Sites worth looking into: ▪ Facebook CISSP Study Group ▪ CISSP Study Notes and Theory Site ▪ CISSP-Study-Guide ➢ The ultimate study material for cracking CISSP is your InfoSec experience. 12

13. STUDY MATERIALS & TIMELINES FOR CRACKING CISSP ➢ Practice Exams:

    ▪ 1,500 questions bank from Sybex official guide ▪ Questions from Exam cram, Actualtests, PassLeader, cccure, online groups, etc. ▪ Questions at the end of each chapter of Sybex book, Eric Conrad, Shon Harris. ➢ Timelines for cracking CISSP: ▪ 3 months, 6 months, 1 year, ………. 13

14. STUDY PLAN ➢ Refer Sybex Official Study Guide as the

    primary book and Shon Harris as the reference book. ➢ After each chapter thorough understanding from Sybex, I later refer the Shon harris for the conceptual understanding of the same chapter and mark the quick tips & bold points provided in the book. Also, use to make my own notes. ➢ Post that, use to practice the Questions at the end of each chapter from Sybex and Shon Harris. ➢ Eric Conrad CISSP Study guide third edition - Tip is to read this book after the Sybex guide as it provides a high level summary. ➢ Moreover, read Sybex book 3 times cover to cover and gone through summary notes like Sunflower notes, Combined notes, Cram study notes, etc. for the brush-up of the concepts learned and trick to remember the same by making short forms & all. 14

15. STUDY PLAN ➢ Once you feel confident, schedule your exam,

    i.e., 1-2 months down the line (to feel the pressure & increase your focus). ➢ Post that, try to practice & solve as much as questions from various question banks, also noted some key points in my notes. ➢ Try to take mock exams to get the gist of the CISSP exam. ➢ During the exam month or last 15 days, I only looked on summary notes and my own notes which I took on during the study phase from all the books and practice I studied. ➢ The exam day: ▪ Very tough one and questions proves very challenging. There were no flagging options and I answer based on the conceptual understanding & experience. I got whole 150 questions. Time management is crucial as well. ▪ I got the result at the reception and glad to see the Congratulations & provisionally passed printed on it ☺. Tips: Identify the keywords in questions and read the whole question once with all options and try to eliminate wrong ones. 15

16. CONCLUSION ➢ Focus on concepts, and only concepts. ➢ Your

    InfoSec experience plays a key vital role. ➢ Do as many practice questions as possible which provides you on how to approach the exam. ➢ Check your weak domains by referring as many books until you have solid understanding. ➢ More importantly take notes and refer them during the exam days as last minute prep. 16

17. THANK YOU 17