On June 1st, 2018, I officially became a Certified Information Systems Security Professional (CISSP). This post will very closely mirror a previous post, Becoming a CEH, as I used many of the same resources. I’m transitioning out of the military and I want to work in cyber security. Several months ago, I set in motion my plan to get two or three certifications that covered as much of the DoD Approved 8570 Baseline Certifications table as possible. I decided on pursuing the CEH and the CISSP initially, which together would cover 12 of 14 categories/levels. Since I am writing this from the perspective of a transitioning service member, some of the resources I mention will be limited to and/or geared toward active service members and/or veterans.
To begin, I used the FedVTE Training Program to study at my own pace. If you are military/veteran, interested in cyber security, and haven’t heard of FedVTE, you need to go sign up now. You will probably not find a better source of free training material. To be honest, I picked and chose random portions of the CISSP training for review purposes, so I can’t attest to the overall quality of it, but free training is better than no training.
To follow up on my self-study, I decided to attend a local New Horizons center’s online-live CISSP class. Why? Because G.I. Bill! New Horizons’ policy is that students attending with the G.I. Bill will have their certification exam covered in the cost of the class, which in turn gave me motivation to pass on the first try so I didn’t have to pay out of pocket. Using the G.I. Bill means that you must attend a New Horizons facility, even though the actual class is web-based (they must be able to prove to the VA that you attended). This wasn’t so bad, as it gave me a quiet, distraction-free environment to learn in (plus they had free snacks). Overall, I would rate this part of my preparation a 8/10. The instructor kept me engaged and was able to offer the kind of interaction you just can’t get from books or prerecorded lessons. He also provided tons of extra reference material to review.
Throughout my self-study and classroom training, there were a few resources I used regularly to help me prepare for the actual exam. First and foremost were the official CISSP Study Guide and Practice Tests books. The second, a great quick-reference, was the Eric Conrad’s Eleventh Hour CISSP Study Guide. The third was miscellaneous resources from Safari Books Online, including Shon Harris’s AIO Guide (Note: while I believe this is definitely an amazing CISSP resource, and every CISSP should have it for reference, I don’t personally feel like it was necessary to pass the exam). If you are active military, you can sign up for free when there are slots available. Otherwise, it is available for $39/month on the regular site. The number of technical books and training materials available through this program would be totally worth the $39/month, in my opinion. I used the Boson ExSim-Max for CISSP, as recommended by many on Reddit. For quick reference, I also used what’s referred to as the “Sunflower Guide“. It’s a great cheat sheet-type resource for easy reference.
Of all of the additional resources I used, as with my CEH preparation, I would say Boson was the most valuable. They are extremely well-written questions, which in many cases are more technical than the actual exam, but they give you solid explanations for why an answer is the right one. The Eleventh Hour guide was also great when I really didn’t feel like studying, as it is in a more “bite-sized” format.
Overall, I found the CISSP certification process very enjoyable, other than the long wait to be official. I was lucky to find a really great endorser who chatted with me at length about my background and experience until he was confident in endorsing me. Below is the timeline from when I took the exam to when I was officially certified:
- Exam Provisionally Passed: 04/20/18
- Exam Provisionally Passed Email: 04/23/18
- Endorsement Completed: 04/25/18
- Endorsement Being Processed Email: 05/16/18
- Congratulatory Email: 06/01/18
Resources (where applicable, I have provided links to materials more up-to-date than what I used):
- Safari Books Online (Military Site/Public Site)
- FedVTE Training Program (Military/Veterans Only)
- New Horizons Training Centers
- Boson ExSim-Max for CISSP v2018
- (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 8e & CISSP Official (ISC)² Practice Tests, 2e
- Eleventh Hour CISSP: Study Guide, 3e
- Shon Harris’s AIO Guide
- CISSP Sunflower Guide