Why is CISSP so challenging? Its comprehensiveness that we all agree with is just the exposed tip of the CISSP iceberg; The general management concepts as the hidden part of it under the sea is the substantial stumbling block.

CISSP is an experience-based exam. It requires at least 5 years of security-related work experience for CISSP aspirants to sit for the exam. Why is the 5-year experience one of the prerequisites? One should develop general management concepts and fundamental project management capabilities that are required in almost every business setting before or during your CISSP journey.

IMHO, The following are some of the key concepts or skills:

• Focus on effectiveness and understand the difference between effectiveness and efficiency.
• Understand leadership and management. Lead and/or follow people passionately and strategically; manage things or projects effectively and efficiently.
• Management by objectives; Plan-Do-Check-Act.
• Be curious and learn how the business works.
• Think strategically and integrate projects, programs, and portfolios.

Security is a business issue and by far beyond the scope of IT. CISSP aspirants have to be acquainted with specific technical and business areas, eg. operations, governance, and risk management.