Sunday, October 18, 2009

The Road To CISSP

About four months ago, I embarked on a mission to become a CISSP. The Certified Information Systems Security Professional (CISSP) certification is a daunting task for anyone, regardless of their background. While conventional thinking says this certification is achieved easier by technical people, the CISSP is a management certification. After being a Microsoft (and Unix/Solaris at one time) Systems Administrator for the past 11 years, I felt it was time to un-box those management skills I had learned and honed in the Army.

I've had several CISSP mentors over the years, most have moved on to greener pastures. One particular mentor would always tell me that everything is relative to how you think about a given circumstance or situation. My workday, for example, is chock-full of stressful issues as I deal one-on-one with end-users. When combined with the lack of direction, and the lack of policies and standards, a simple fix can turn into a nightmare. The mentor would ask why I was stressing about it. And I didn't get it, I couldn't make the connection, I was all about saving and fixing everything. The funny thing was, my boss wasn't stressing about any of it, so why should I? My stress was all in how I was thinking about the situation. A really nice benefit of going through the bootcamp Seminar is how they change ones way of thinking, at least for us technicians.

The training and exam are just the first step. I haven't even received my exam results, that usually takes a few weeks. Nonetheless, I am planning my next steps in transitioning from a technician to a manager, from the nuts and bolts of windows and PC's to information assurance and information management. My real barrier will be the thought process.

I developed a study plan to learn the ten domains, allocating one week for each. I scheduled to attend the bootcamp Seminar, and scheduled the exam. Scheduling the exam is probably the most important item in getting the brain into the learning mode. If you've attended an IT bootcamp, you know this is true. The psychology is something akin to a buffer overflow, or rather avoiding a buffer overflow.

My main source of reading was CISSP ALL-In-One Certification Guide by Shon Harris. Some current CISSP's and candidates find her book a bit too flamboyant with it's real life stories and her humor. I found it refreshing and inviting to the way I think.

Eighteen months ago when I finished my MCSE, the MCSE bootcamp was held at the same location as the CISSP bootcamp Seminar, co-located with the (ISC)² office in Vienna, VA. (ISC)² is the governing organization for the CISSP and several other Information Systems Security certification. It was then that I first decided to someday be a CISSP. At their recommendation, I purchased the "Official (ISC)2 Guide to the CISSP CBK". That was OK as a reference, but it reads like an encyclopedia, it's not for us folks with ADHD.

So earlier this year, I purchased CISSP ALL-In-One Certification Guide and CISSP For Dummies. These are good for getting the brain going in the thought process. Each also come with a CD and their own test engine.

During the last four months I carried the Shon Harris book with me when I wasn't at home studying. Allot of people noticed and asked questions. One particular gentlemen who happened to be a CISSP, recommended that I get The CISSP Prep Guide by Krutz and Vines. So I did. I found it to be a nice compliment to my studies with its unique view and a new pool of practice questions.

(ISC)² uses their own specialized curriculum during the seminar that accelerates the learning process I purchased the evening and Saturday review sessions from TrainingCamp which provided much needed practice questions and 16 additional hours of training. It's well worth the money for sure.

John Crawford

CISSP and (ISC)² registered certification marks of (ISC)², Inc.

Accokeek Computers
Mamas Best Recipes
The Cartouche - Science Fiction Reviews
Simple Opportunities

AddThis Social Bookmark Button

Add to Technorati Favorites