Suggested Reading for SCRUM

Bruce Passed EC-Council ECSA v10 Exam on 12th October

ecsa-v-10-900x400

I enrolled in the official ECSA v10 course from EC-Council on 4th Aug, attended the class delivered by Melvin Sandro from Sep 26 to Sep 30, and passed the ECSA exam today. The course ware, iLabs modules, and iWeek class are awesome. I am willing to recommend the official course before you sit for this exam.

The scope of ECSA is highly overlapped with the one of CEH. However, ECSA emphasizes the project management of penetration testing, the EC-Council LPT methodology, and specific penetration testing scenarios.

If you are a CEH already, I don’t think ECSA adds much value while OSCP, CEH (Practical), or ECSA (Practical) certification would be a better choice. ECSA, EC-Council Certified Security Analyst, as it literally denotes gives people positive image or impression compared with the CEH, Certified Ethical Hacker. Most people feel better or safer when they come across a Security Analyst than a Hacker. Of course, this is just my guess why EC-Council promotes the ECSA certification.

My milestones are updated as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)

It’s about time to get some more bonus exams and than declare a success to achieving my annual goals!

Notes:

Bruce Passed EC-Council CEH v10 Exam on 9th October

maxresdefault[1]

I enrolled in the EC-Council iClass Self-Paced CEH v10 Course on 25th June, 2018 and passed the CEH (Certified Ethical Hacker) exam today. I would recommend the official courses from EC-Council as the CEH v10 course ware (2294 pages) is informative and well-organized. The iLabs lab modules are fantastic; it saves you huge time to set up your own labs. (I also attended the official iWeek online live class for ECSA v10. It’s helpful and effective as well.)

The CEH v10 exam itself is straightforward, but it does take a lot of time for me to get insights to or review the technical details, say, the TCP 3-way handshaking and flags. There are a lot of commands, tools and related arguments to memorize and exercise.

Besides the official course ware, I used the following as supplements:

My milestones are updated as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/29 ECSA

My DESK for the certifications:

  • Discipline: goals and commitments
  • English: critical to the non-native speaker as I am
  • Study: the room/environment for study and the methodology
  • Keeping going: persistence and lifelong learning

 

 

Bruce Passed ISC2 CISSP-ISSEP Exam on 25th September

IMAG3392

After studying for 42 hours in 12 days (from 2018/09/14 to 2018/09/25), I cleared the ISC2 CISSP-ISSEP exam this afternoon and it’s really lucky for me, probably, to be the first exam taker who passed this exam in Taiwan.

The following is what I used to prepare for this exam:

  1. Official (ISC) 2® Guide to the CISSP®-ISSEP® CBK® ((ISC) 2 Press) 1st Edition
  2. Systems Engineering Fundamentals Kindle Edition
  3. Official (ISC)² Guide to the CSSLP, Second Edition
  4. Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press) 4th Edition
  5. Official (ISC)2 Guide to the CISSP-ISSMP CBK ((ISC)2 Press) 2nd Edition
  6. Official (ISC)2 Guide to the ISSAP CBK ((ISC)2 Press) 2nd Edition
  7. The Official (ISC)2 Guide to the CCSP CBK 2nd Edition
  8. Official (ISC)2® Guide to the CAP® CBK® ((ISC)2 Press) 2nd Edition
  9. IATF Release 3.1
  10. FEA Consolidated Reference Model Document Version 2.3
  11. FEA Practice Guide
  12. ISO 27001
  13. ISO 27005
  14. ISO 21827
  15. PMBOK® Guide – Sixth Edition
  16. NIST Special Publications
    • 800-12
    • 800-100
    • 800-64 Rev 2
    • 800-18 Rev 1
    • 800-34 Rev 1
    • 800-39
    • 800-30 Rev 1
    • 800-27 Rev A
    • 800-37
    • 800-37 Rev 2
    • 800-161 (vol1 & vol2)
    • 800-55
    • 800-50
    • 800-53
    • 800-53A
    • 800-60 (vol1 & vol2)
    • 800-86
    • 800-61
      800-40 Rev 3
    • 800-128
    • 800-137
    • 800-115
    • 800-92
    • 800-88

My exam preparation is completely directed by the ISC2 CISSP-ISSEP exam outline. The most common references used for the ISSEP by domain from ToniHardy and the ISC2 official references are quite helpful. Having passed CSSLP exam helps as well.

The milestones are updated as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/15 CEH
    • 2018/10/29 ECSA

Moving forward is the best strategy of retreat! I’ll keep moving.

Bruce Passed ISC2 CSSLP Exam on 13th September

CSSLP Logo

After studying for 36 hours in 6 days (from 2018/09/08 to 2018/09/13), I cleared the ISC2 CSSLP exam this afternoon. The following is what I used to prepare for this exam:

The ISC2 official Guide to the CSSLP helps. The exam is not so challenging for an experienced developer with CISSP qualification.

The milestones are updated as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
  • Milestone #4: EC-Council
    • 2018/10/15 CEH
    • 2018/10/29 ECSA

What a relief! Keep moving!

Bruce Passed ISC2 CCSP Exam on 7th September

CCSP - 2 lines

After studying for 40 hours in 9 days (from 2018/08/29 to 2018/09/06), I cleared the ISC2 CCSP exam this morning. The following is what I used to prepare for this exam:

It helps to pass this exam having some hands-on experience in cloud computing, ex. Azure and/or AWS, and sticking to the official CCSP CBK and study guide.

After evaluating the criticality of the CCSP and CSSLP exams, I changed my strategy to take CCSP exam first.  The milestones are updated as follows:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/28 CSSLP
  • Milestone #4: EC-Council
    • 2018/10/15 CEH
    • 2018/10/29 ECSA

Keep moving!

Bruce Passed ISACA CISA Exam on 28th August

cisa-large

CISA Cleared!

After another 50-hour study in 2 weeks (from 2018/08/14 to 2018/08/28), I cleared the ISACA CISA exam today. The following is what I used to prepare for this exam:

Milestone Achieved!

It’s about time to declare I’ve achieved my second milestone for 2018.

  • Milestone #2: ISACA
    • 2018/08/28 CISA
    • 2018/08/13 CRISC
    • 2018/07/24 CISM
  • Milestone #1: PMI + CISSP
    • 2018/07/10 RMP
    • 2018/06/19 CISSP
    • 2018/04/27 PBA
    • 2018/04/09 ACP

Long Way to Go!

I am still on my way to build my profession on information security and the coming milestones are as follows:

  • Milestone #3: ISC2
    • 2018/09/14 CSSLP
    • 2018/09/28 CCSP
  • Milestone #4: EC-Council
    • 2018/10/15 CEH
    • 2018/10/29 ECSA

 

Bruce Passed ISACA CRISC Exam on 13th August

crisc

To pass the CRISC exam, I spent around 50 hours in 3 weeks (from 2018/07/24 to 2018/08/13) studying the following materials:

Candidates have 4 hours to complete the 150-question exam; It takes me 3 hours to nail it, 2 hours for answering questions and 1 hour for review.

The risk management discipline is still evolving and it takes time to get yourself acquainted with the terminologies used in CRISC. There are even some conflicts or inconsistencies between risk management methodologies.

Just follow the official CRISC review manual and questions from ISACA. It would be the most efficient way to pass this exam.

Bruce Passed ISACA CISM Exam on 24th July

CISM

After passing CISSP and PMI-RMP on 06/19 and 07/10 respectively, Bruce provisionally passed ISACA CISM exam today (07/24). The exam is completed in 100 minutes.

It takes around 40 study hours to nail it. The preparation materials are listed as follows:

  1. CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition
  2. YouTube Videos: Isaca CISM Real Exam 1~6
  3. Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Ed.
  4. NIST Special Publication 800-61 Revision 2 (Computer Security Incident Handling Guide)
  5. CISA Review Manual, 26th Edition
  6. CRISC Review Manual, 6th Edition
  7. CGEIT Review Manual, 7th Edition
  8. Organizational Project Management Maturity Model (OPM3) Knowledge Foundation
  9. The Standard for Portfolio Management
  10. The Standard for Program Management

I really love the exams from ISACA. They are management-centric, or more specifically, they are for CIOs, CISOs, or Information Security Managers. Exam candidates should have solid foundation about Governance, Strategic Management, Risk Management, and know some technical stuff at conceptual level.

Frankly, CISM is not so challenging for business people, while technical guys would have to spend some time in studying the business stuff. This exam is all about concepts and principles. Don’t just memorize without understanding how the business world works. Some questions are tricky and you have to distinguish the minute differences between the answer options.

Some final words:

  1. Business always wins
  2. Align with the organizational objectives and strategy
  3. Don’t forget risks
  4. Know the current situation before taking any actions
  5. Know the Roles and Responsibilities