I recently wrote a short blog on my plans to attain my CISSP certification. I was planning to attend a week long revision course (remotely) and then plan my final few weeks of revision before taking the exam.
I've taken the week long course and feel much more confident than I did before hand on the whole CISSP CBKs. I've been working as an IS Admin / Sys Admin / Infrastructure manager / IS dogs-body for upwards of 10 years since I left uni and this experience is definitely given me a broad knowledge of IS security. My recent experience in setting up a Business Continuity Suite and the organisations Disaster Recovery plans was, I thought, going to ensure I knew most of the Risk Management section - but I was very wrong! The CISSP is all about what you have to do to identify, quantify and address risks and includes a raft of equations (not difficult) and possible models for getting this done.
Having spent a week looking at the CISSP exam, I'm getting the feeling that it is a lot of 'read-this-remember-that'. I wasn't under any illusions, I knew it wasn't very hands-on but thought it would be a little more in-depth than it is.
In a nutshell - there's a heck of a lot to learn (mile wide, inch deep) but my general experience in IS over the last 10 years, including 6 of those with a focus on BC, risk management and ISMS will definitely stand me in good stead. I'm not reading the huge exam books from cover to cover, but rather going through the smaller 11th hour and exam cram books - following that up with a focus on the things I know I'm not hugely knowledgeable about yet (e.g. Encryption). I'm slowly getting all of my practice exam scores up into the 80%+ range which is where I want them all to be before taking the exam. Which is booked for October, so watch this space!
