My Dream Comes True Today

My Expertise Stack

MY DREAM COMES TRUE TODAY

I dreamed a dream 30 years ago and it comes true today. When I was a 10th grade student, I got in touch with the 8086 PC and DOS for the first time. It is the moment that determines my passion and career to be an “IT professional”.

After working for 20+ years in the IT industry, I developed an expertise stack as the above diagram and achieved annual goals to pass a list of planned exams with the purpose to be certified, to deliver quality services, and assure customer confidence.

Today is the historic moment in my life, becoming an experienced and certified IT professional.

Quality Software Criteria

My InfoSec Expertise Roadmap

My Exam Preparation Days

My Exam Timeline

ISC2 Member Counts

 

Bruce Passed ISACA CGEIT Exam on 26th November

After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.

I used the following study materials:

For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.

This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.

I’ve achieved my annual goals as the following:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/26 CGEIT

 

Outlook for 2019

  • Mission: To Inspire People to Enjoy Learning
  • Vision: To be one of the most influential share points of people and knowledge in Taiwan

Annual goals for 2019

  1. To publish a book of agile and/or CISSP for exam prep in memory of my father
  2. Start a new business initiative with a long term goal to train 1000 CISSPs in Taiwan
  3. Get insights to AI/machine learning with emphasis on Python

CGEIT Notes

  • Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise.
  • Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
  • Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
  • Architecture can be defined as a representation of a conceptual framework of components and their relationships at a point in time.
  • Key Assets
    • Weill and Ross identify six key assets
    • Human, Financial, Physical IP, Information and IT, and Relationship assets
  • Define KPIs before implementing IT BSC.
  • The board of directors provides input for business strategy and IT strategy.
  • The IT strategy committee is responsible for providing guiding principles for a business-aligned IT strategy through the enterprise architecture.
  • The IT steering committee implements the IT strategy developed by the IT strategy committee using guiding principles.
  • The IT architecture review board
  • The CIO is responsible for developing the IT enterprise architecture using guiding principles. (Senior/Executive Management)
  • Having leaders who inspire new values is the most relevant in the enterprise change of an IT governance implementation. The culture of an enterprise is a reflection of leadership consciousness (values, beliefs and behaviors of the leaders and the legacy of the past leaders).
  • An IT governance framework can exert its greatest influence in resolving cross-departmental conflicts for IT-related issues. When a governance framework is in place, business units are aligned to strategies and resource prioritization is made accordingly.

Goal Matters

Alice: Would you tell me, please, which way I ought to go from here?

The Cheshire Cat: That depends a good deal on where you want to get to.

Alice: I don’t much care where.

The Cheshire Cat: Then it doesn’t much matter which way you go.

Alice: …So long as I get somewhere.

The Cheshire Cat: Oh, you’re sure to do that, if only you walk long enough.

Lewis Carroll, Alice in Wonderland

It’s about time for me to review my performance for the year of 2018 and plan for the coming year of 2019.

  • Mission: To Inspire People to Enjoy Learning
  • Vision: To be one of the most influential share points of people and knowledge in Taiwan
  • Annual goals for 2019:
    • To publish a book of agile and/or CISSP for exam prep in memory of my father
    • Start a new business initiative with a long term goal to train 1000 CISSPs in Taiwan
    • Get insights to AI/machine learning with emphasis on Python

Bruce Passed ISC2 CISSP-ISSAP Exam on 14th November

It’s a lovely afternoon and peaceful moment to enjoy the view looking out through the floor-to-ceiling window from the office.

When the ISSAP score report disclosed “Congratulations!”, my goal has been achieved pursuing the planned certifications from ISC2. I spent around 4 months in total studying intensively and finally passed the six ISC2 exams: CISSP, CCSP, CSSLP, CISSP-ISSEP, CISSP-ISSMP, and CISSP-ISSAP.

After studying for 40 hours within 8 days (from 2018/11/06 to 2018/11/13), I cleared the ISC2 CISSP-ISSAP (Information Systems Security Architecture Professional) exam today. This exam is one of the 3 CISSP concentrations. I would say the level of difficulty would be ISSAP < ISSMP < ISSEP.

The ISACA CGEIT is the last mile for me to declare success achieving my annual goal.

My plan of the year is revised as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/30 CGEIT (projected)

Addon, 2019/12/10:

When I passed the ISSAP exam, I was really excited as all my annual objectives were achieved and I didn’t note down the materials I used.

The following are the materials I used:

  1. CISSP-ISSAP exam outline
  2. All the CBKs I have (CBKs of CCSP, CSSLP, CISSP, ISSMP, ISSAP, and ISSEP-old version)
  3. NIST SP 800 series
  4. ISSAP CBK Suggested References (I bought as many as I can).

I didn’t use any test engine but the practice questions in the CBKs.

 

List of Jargon

Information Security Architecture

  • Enterprise Architecture [CNSSI 4009]
    The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
  • Information Security Architecture
    An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security
    systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic
    plans.
  • Enterprise architecture also promotes the concepts of segmentation, redundancy, and elimination of single points of failure—all concepts that can help organizations more effectively manage risk.
  • The Federal Enterprise Architecture (FEA) defines a collection of interrelated reference models including Performance, Business, Service Component, Data, and Technical as well as more detailed segment and solution architectures that are derived from the enterprise architecture.
    • Organizational assets (including programs, processes, information, applications, technology, investments, personnel, and facilities) are mapped to the enterprise-level reference models to create a segment-oriented view of organizations.
    • Segments are elements of organizations describing mission areas, common/shared business services, and organization-wide services. From an investment perspective, segment architecture drives decisions for a business case or group of business cases supporting specific mission areas or common/shared services. The primary stakeholders for segment architecture are mission/business owners.
    • Following closely from segment architecture, solution architecture defines the information technology assets within organizations used to automate and improve mission/business processes. The scope of solution architecture is typically used to develop and implement all or parts of information systems or business solutions, including information security solutions. The primary stakeholders for solution architectures are information system developers and integrators, information system owners, information system/security engineers, and end users.

Source: NIST SP800-39

Links: