
VPN: Tunneling and Security Services

It seems that CEH, CISSP, and CISM are one of the most cost-benefit combinations for security professionals to invest. (Please be reminded that the table lists only part of the DoD 8570 Approved Baseline Certifications.)
The latest InfoSec professionals statistics according to the ISC2 member counts as of Dec 31, 2018.
After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.
I used the following study materials:
For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.
This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.
I’ve achieved my annual goals as the following:
It’s a lovely afternoon and peaceful moment to enjoy the view looking out through the floor-to-ceiling window from the office.
When the ISSAP score report disclosed “Congratulations!”, my goal has been achieved pursuing the planned certifications from ISC2. I spent around 4 months in total studying intensively and finally passed the six ISC2 exams: CISSP, CCSP, CSSLP, CISSP-ISSEP, CISSP-ISSMP, and CISSP-ISSAP.
After studying for 40 hours within 8 days (from 2018/11/06 to 2018/11/13), I cleared the ISC2 CISSP-ISSAP (Information Systems Security Architecture Professional) exam today. This exam is one of the 3 CISSP concentrations. I would say the level of difficulty would be ISSAP < ISSMP < ISSEP.
The ISACA CGEIT is the last mile for me to declare success achieving my annual goal.
My plan of the year is revised as follows:
Addon, 2019/12/10:
When I passed the ISSAP exam, I was really excited as all my annual objectives were achieved and I didn’t note down the materials I used.
The following are the materials I used:
I didn’t use any test engine but the practice questions in the CBKs.
After studying for 40 hours within 8 days (from 2018/10/29 to 2018/11/05), I cleared the ISC2 CISSP-ISSMP (Information Systems Security Management Professional) exam today. This exam is one of the 3 CISSP concentrations. As its name denotes, this exam is all about basic management concepts and the difficulty level is not that high as far as an experienced CISSP is concerned.
My original plan of the year for learning and growth is scheduled to be completed by the end of October with one month buffer (November as the worst case). Since my goals are achieved ahead of the schedule, I decide to do more as final optimization using the one-month buffer, that is, the month of November.
My plan of the year is revised as follows:
I enrolled in the official ECSA v10 course from EC-Council on 4th Aug, attended the class delivered by Melvin Sandro from Sep 26 to Sep 30, and passed the ECSA exam today. The course ware, iLabs modules, and iWeek class are awesome. I am willing to recommend the official course before you sit for this exam.
The scope of ECSA is highly overlapped with the one of CEH. However, ECSA emphasizes the project management of penetration testing, the EC-Council LPT methodology, and specific penetration testing scenarios.
If you are a CEH already, I don’t think ECSA adds much value while OSCP, CEH (Practical), or ECSA (Practical) certification would be a better choice. ECSA, EC-Council Certified Security Analyst, as it literally denotes gives people positive image or impression compared with the CEH, Certified Ethical Hacker. Most people feel better or safer when they come across a Security Analyst than a Hacker. Of course, this is just my guess why EC-Council promotes the ECSA certification.
My milestones are updated as follows:
It’s about time to get some more bonus exams and than declare a success to achieving my annual goals!
Notes: