CISSP 考試心得 – Hank

Hank的讀書方式相當的紮實。研讀、搜尋、整理、筆記、以及作題目。學習並不會局限在Sybex OSG或AIO的學習指引中,而是搭配搜尋與研究,再加上其它重要的資料來源,把觀念確實釐清。

學習方法及執行力,才是CISSP真正的管理精神!Thank like a manager!

~ Wentz Wu

Continue reading

Ten Evaluation Tips for CISSP Preparedness

  1. Are you learning based on a robust conceptual model?
  2. Do you build a security glossary and be able to explain every terminology?
  3. Do you build a list of essential security processes and understand how to apply the concepts?
  4. Have you read the Sybex Official Study Guide thoroughly at least once?
  5. Have you finished questions in the Sybex online test bank to evaluate your performance of study?
  6. Have you finished all the CISSP Practice Questions on Wentz’s blog?
  7. Have you completed at least 2500 “quality” questions?
  8. Can you explain the CISSP exam outline well?
  9. Can you identify or list the questions you believe will appear in the exam?
  10. Have you read the Sunflower notes at least once?

CISSP考試十大關鍵要素!

  1. 觀念架構是否能掌握, 倒背如流?
  2. 基本名詞除了記憶, 是否理解?
  3. 基本流程是否理解, 能否應用?
  4. Sybex書是否完整的看過一次? 講義是否有看過一次?
  5. Sybex書的讀完後, 是否有作線上試題驗證?
  6. 是否有認真的作完並理解Bruce的網誌題目?
  7. 是否有作到2500題以上的題目? (只能作有品質的好題目)
  8. CISSP考試大綱是否能完全解讀?
  9. 能否指出每個Domain必考的基本題?
  10. 是否看過太陽花筆記至少一次?

Bruce Passed IIBA-CBAP on March 25, 2019

 

 

Today, I luckily passed the IIBA CBAP exam with around 30 study hours and 20+ years of IT experience. It is undoubtedly one of the most challenging exams I have ever had. This exam is based on 50% of a solid understanding of the BABOK and 50% of the field experience from my point of view. I am really impressed by the scenario-based questions and case studies, even though I’ve passed some challenging exams such as PMP, ACP, CISM, and/or CISSP.

Here is my exam strategy:

  1. Register as an IIBA member and download the BABOK.
  2. Buy the CBAP Certification Study Guide v3.0 from Watermark Learning
  3. Read BABOK, then Watermark Guide
  4. Subscribe the free Watermark online study exam for 5 days and renew it for one month
  5. Schedule the exam when my Watermark scores 60%
  6. Goal! Today!

As I’ve been working in the IT industry for 20+ years, I feel quite comfortable about software development project and requirement engineering. We develop quality software with the domain-driven and agile approach in mind and communicate using UML. The following books I read years ago lay the foundation of our software development approach:

Today is my day having passed my CBAP as I have cataract surgery on Friday and tight schedule after that.

Bruce Passed ISACA CGEIT Exam on 26th November

After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.

I used the following study materials:

For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.

This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.

I’ve achieved my annual goals as the following:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/26 CGEIT

 

Bruce Passed ISC2 CISSP-ISSAP Exam on 14th November

It’s a lovely afternoon and peaceful moment to enjoy the view looking out through the floor-to-ceiling window from the office.

When the ISSAP score report disclosed “Congratulations!”, my goal has been achieved pursuing the planned certifications from ISC2. I spent around 4 months in total studying intensively and finally passed the six ISC2 exams: CISSP, CCSP, CSSLP, CISSP-ISSEP, CISSP-ISSMP, and CISSP-ISSAP.

After studying for 40 hours within 8 days (from 2018/11/06 to 2018/11/13), I cleared the ISC2 CISSP-ISSAP (Information Systems Security Architecture Professional) exam today. This exam is one of the 3 CISSP concentrations. I would say the level of difficulty would be ISSAP < ISSMP < ISSEP.

The ISACA CGEIT is the last mile for me to declare success achieving my annual goal.

My plan of the year is revised as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/30 CGEIT (projected)

Addon, 2019/12/10:

When I passed the ISSAP exam, I was really excited as all my annual objectives were achieved and I didn’t note down the materials I used.

The following are the materials I used:

  1. CISSP-ISSAP exam outline
  2. All the CBKs I have (CBKs of CCSP, CSSLP, CISSP, ISSMP, ISSAP, and ISSEP-old version)
  3. NIST SP 800 series
  4. ISSAP CBK Suggested References (I bought as many as I can).

I didn’t use any test engine but the practice questions in the CBKs.

 

Bruce Passed ISC2 CISSP-ISSMP Exam on 6th November

After studying for 40 hours within 8 days (from 2018/10/29 to 2018/11/05), I cleared the ISC2 CISSP-ISSMP (Information Systems Security Management Professional) exam today. This exam is one of the 3 CISSP concentrations. As its name denotes, this exam is all about basic management concepts and the difficulty level is not that high as far as an experienced CISSP is concerned.

My original plan of the year for learning and growth is scheduled to be completed by the end of October with one month buffer (November as the worst case). Since my goals are achieved ahead of the schedule, I decide to do more as final optimization using the one-month buffer, that is, the month of November.

My plan of the year is revised as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP

Bruce Passed PSD I Exam on 28th October

The Professional Scrum Developer Level I certification (PSO I), accredited by scrum.org founded by Ken Schwaber, is a certification for developer. Based on my hands-on experience, I scored 92.5% and passed this exam today.

This exam is quite straightforward and has some duplicated questions. There are 80 questions to be answered in 60 minutes. I finished the exam in around 40 minutes without review.

Those who passed this exam will be entitled “Professional Scrum Developer Level I”. However, advanced levels for this certification are not available today. Some PSD aspirants criticize that Scrum is not bound to software development and the PSD exam should not be software or technology centric. I believe this is one of the major concerns for scrum.org to make this exam easy taking.

A junior developer with PSM I certification and experience of version control, TDD and CI/CD would pass this exam without much effort. It’s critical to take all the Open Assessments for PSM, PSPO and PSD before you sit for this exam.

My milestones of the year are updated as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD