DoD 8570 Approved Baseline Certifications

It seems that CEH, CISSP, and CISM are one of the most cost-benefit combinations for security professionals to invest. (Please be reminded that the table lists only part of the DoD 8570 Approved Baseline Certifications.)

 

My Collection of Books in 2018

The year 2018 is fruitful as I passed a couple of certification exams from PMI, ISC2, ISACA, and EC-Council and get ready to start a new business of training and education.

This picture is the collection of books, not including Kindle e-books, I bought in 2018 to prepare for the exams. They helped a lot.

ISC2 member counts

The latest InfoSec professionals statistics according to the ISC2 member counts as of Dec 31, 2018.

  • Compared with the number as of June 1st, 2018, CISSP increases by 3 in Taiwan, while CCSP, CSSLP and ISSEP increase by 1 respectively. Wentz Wu is one of the increases.
  • There is a decrease of CISSP in Korea, ISSEP in India, ISSMP in Singapre and Hong Kong.
  • The CCSP  certification grows fast.

Bruce Passed ISACA CGEIT Exam on 26th November

After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.

I used the following study materials:

For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.

This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.

I’ve achieved my annual goals as the following:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/26 CGEIT

 

Bruce Passed ISC2 CISSP-ISSAP Exam on 14th November

It’s a lovely afternoon and peaceful moment to enjoy the view looking out through the floor-to-ceiling window from the office.

When the ISSAP score report disclosed “Congratulations!”, my goal has been achieved pursuing the planned certifications from ISC2. I spent around 4 months in total studying intensively and finally passed the six ISC2 exams: CISSP, CCSP, CSSLP, CISSP-ISSEP, CISSP-ISSMP, and CISSP-ISSAP.

After studying for 40 hours within 8 days (from 2018/11/06 to 2018/11/13), I cleared the ISC2 CISSP-ISSAP (Information Systems Security Architecture Professional) exam today. This exam is one of the 3 CISSP concentrations. I would say the level of difficulty would be ISSAP < ISSMP < ISSEP.

The ISACA CGEIT is the last mile for me to declare success achieving my annual goal.

My plan of the year is revised as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/30 CGEIT (projected)

Addon, 2019/12/10:

When I passed the ISSAP exam, I was really excited as all my annual objectives were achieved and I didn’t note down the materials I used.

The following are the materials I used:

  1. CISSP-ISSAP exam outline
  2. All the CBKs I have (CBKs of CCSP, CSSLP, CISSP, ISSMP, ISSAP, and ISSEP-old version)
  3. NIST SP 800 series
  4. ISSAP CBK Suggested References (I bought as many as I can).

I didn’t use any test engine but the practice questions in the CBKs.

 

Bruce Passed ISC2 CISSP-ISSMP Exam on 6th November

After studying for 40 hours within 8 days (from 2018/10/29 to 2018/11/05), I cleared the ISC2 CISSP-ISSMP (Information Systems Security Management Professional) exam today. This exam is one of the 3 CISSP concentrations. As its name denotes, this exam is all about basic management concepts and the difficulty level is not that high as far as an experienced CISSP is concerned.

My original plan of the year for learning and growth is scheduled to be completed by the end of October with one month buffer (November as the worst case). Since my goals are achieved ahead of the schedule, I decide to do more as final optimization using the one-month buffer, that is, the month of November.

My plan of the year is revised as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams: scrum.org
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP

Scrum Guide Notes

  • The Product Owner discusses the objective that the Sprint should achieve and the Product Backlog items that, if completed in the Sprint, would achieve the Sprint Goal.
    • Goal vs Objective
  • During Sprint Planning the Scrum Team also crafts a Sprint GoalThe Sprint Goal is an objective that will be met within the Sprint through the implementation of the Product Backlog, and it provides guidance to the Development Team on why it is building the Increment.
    • The Product Owner propose an objective for discussion; the Scrum Team reach a consensus and turn the objective into the Sprint Goal. The Development Team commits to the Sprint Goal.
  • The Sprint Goal is an objective set for the Sprint that can be met through the implementation of Product Backlog. It provides guidance to the Development Team on why it is building the Increment. It is created during the Sprint Planning meeting. The Sprint Goal gives the Development Team some flexibility regarding the functionality implemented within the Sprint. The selected Product Backlog items deliver one coherent function, which can be the Sprint GoalThe Sprint Goal can be any other coherence that causes the Development Team to work together rather than on separate initiatives.
    • One coherent function as the Sprint Goal to work together
  • As the Development Team works, it keeps the Sprint Goal in mind. In order to satisfy the Sprint Goal, it implements functionality and technology. If the work turns out to be different than the Development Team expected, they collaborate with the Product Owner to negotiate the scope of Sprint Backlog within the Sprint.
    • The scope of Sprint Backlog
  • These strengths continue operating in single, several, many, and networks of teams that develop, release, operate and sustain the work and work products of thousands of people.
    • work product is a tangible or intangible output that is completed as part of a project.
    • deliverable is a tangible or intangible output of a project that is delivered to a customer.
    • Artifacts are either final or intermediate work products that are produced and used during a project. Artifacts are used to capture and convey project information
  • To participate in Daily Scrum vs To present in Daily Scrum