~ 卓建全 (Steven Cho), 總教練, CISSP, CEH, CHFI, PMP
邁向CISSP成功之路
2020/07/16 今天是我初步通過CISSP考試的一天。從2019年6月上Wentz Wu的實體課程。他只跟我說“跟他的腳步一起邁進,考取CISSP只是時間的早晚”。
從一開始的蕃茄時鐘的讀書方式,想偷懶就吃維他命,規律的讀書計畫及有效讀唸書。在這段期間我遇到很多困難,但是在Wentz Wu鼓勵下一直往考取CISSP路前進。課程中遇到Sky & Ethen & Joy這些好同學讓我再學習CISSP路上豐富許多。
我本身是從Sybex OSG的書開始閱讀起,閱讀時要讀懂,不要讀心安(不是讀很多次就會過)。每章閱讀前需要先做後面的題目,做這些題目是了解自己哪些知識不足之處,這樣在進行閱讀時就自己不懂的地方可以加強。
閱讀完成第一次時,這樣已經對於CISSP中的知識有初步的了解,並且建議規劃好自己的讀書計畫,利用PDCA來Recheck自己的讀書計畫(建議閱讀時間要有250小時以上->我本身超過250小時)。
實體課程的部分建議要上課前要預習,下課後要複習老師上過的知識(與Sybex書籍及NIST相關重要指引互相配合閱讀)。5週的時間會相當的快,不過也會大量的吸收知識,切記與同學多多討論及老師問問題,這樣會讓自己更快進入狀況。
每天跟隨Wentz Wu的QOTD做題目,這些題目會讓你思考&了解更多相關的知識(做這些題目並不是要知道答案,要本身去思考每個答案的用意有不同的思考邏輯)。加上Wentz Wu出的書“The Effective CISSP”也是釐清風險管理的一本好書。
其實CISSP的考試都隨Exam Outline來考,隨時隨地要修正自己讀書的方向,要與Exam Outline對齊,並且跟隨Wentz QOTD題目來每天做題也是重點,作題時並不是做對答案而是要經過思考,對於選擇題的其他答案也要去了解。
我本身有做完Sybex OSG考題及ISC2 官方考題 2nd Edition(作題目建議要超過3000題以上)。作題目是讓自己去了解不同觀點的知識,而且自己本身也要了解相關的知識,最後上場前”讓自己成為一間企業的CISO來思考每個考題,你的決定會成就你的成功“。
考取CISSP是一條艱辛的路,但是沒有辛苦過哪來甜蜜的果實,
“失敗不可怕,可怕是你不往前進”。
~Steven
文章的最後只想說一句話”跟隨Wentz Wu老師的腳步來走,取得CISSP證照只是時間早晚的問題“。最後感謝Wentz Wu帶領我成為CISSP,當然考取證照只是一開始,接下也要好好經營資安之路。
每個人唸書的方式不同僅提供大家參考。
PS. 讓我深刻的一片文章”CISSP很難考嗎?“
Steven在IT邦幫忙的中文部落格
Steven於2020/07/21補充:
本身考取cissp提供以下幾點的方式提供大家參考:
書籍:
- (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, the 8th Edition
- (ISC)2 CISSP Official Practice Tests, 2nd Edition
- The Effective CISSP: Security and Risk Management
網站
YouTube
課程
社群
考試重點
- CISSP考試大綱
- NIST的相關重要指引
Today, 2020/7/16 is the day I provisionally passed the CISSP exam. I started Wentz’s CISSP Exam Prep course last June. He told me, “follow me and don’t give up! You definitely will pass the CISSP exam sooner or later.”
I followed my plan regularly, studied effectively, and used the tomato clock to control the pace of study. If I was exhausted someday, I would browse or pretend to study CISSP books for minutes to fool my brain and impress myself that I kept studying every day. We call it “taking the vitamin for the day.”
I have encountered difficulties in these two years, but Wentz has been encouraging me to keep moving towards my goal to succeed in the CISSP exam. I also met Sky, Ethen & Joy in the course. They enrich my journey in CISSP.
I followed Wentz’s QOTDs (CISSP Question Of The Day). These questions provoke thinking, and you can learn more detailed knowledge (practicing these questions is not to know the answer but to think about the intention of each option and the answer by different thinking logic).
Wentz’s book, The Effective CISSP: Security and Risk Management, is a good one to clarify concepts of risk management.
Finally, thanks to Wentz Wu for guiding me to CISSP. It is only the beginning to pass the CISSP exam and about time for me to plan for my professional career in cybersecurity.
For those who are preparing for the CISSP exam, I would say:
“Failure is not terrible; the truly terrible is you stop moving.”
PS: I am deeply impressed by the post “Is the CISSP Exam Hard?“