তথ্য নিরাপত্তা ডোমেইনে যারা কাজ করে তাদের কাছে একটি বহুল আরাধ্য security certification হচ্ছে CISSP । CISSP=Certified Information Systems Security Professional
গতবছর(২০১৯) আগস্ট মাসে আমি ঠিক করি আমি CISSP পরীক্ষা দিবো । অক্টোবর এর ৭ তারিখ আমি পরীক্ষা দেই এবং পাশ করি। আমি ২ মাসের একটা রোডম্যাপ তৈরি করেছিলাম নিজের পড়াশুনার জন্য । আমার কাছে গত কয়েকমাসে বেশ কয়েকজন বড় ভাই জানতে চেয়েছিলেন আমি কিভাবে পড়েছিলাম CISSP এর জন্য। যেহেতু এই প্রশ্নের উত্তরটা বেশ বিশাল-বপু তাই পুরো উত্তরটা ঠিকভাবে দিয়ে উঠতে পারিনাই সবাইকে। এই লেখাটি মূলত তাদের জন্যই । তাছাড়া সামনের দিনগুলোতেও যেকেউ এ পরীক্ষা দিতে গেলে এই আর্টিকেলটি একটি রেফারেন্স হিসেবে কাজ করতে পারে
Resources I Used
1) CISSP Official Study Guide(Sybex book,8 th edition)
-The Sybex book comes with online practice exams and other study tools at sybextestbanks.wiley.com.
2) Eleventh Hour CISSP: Study Guide
3)VIDEOS Cybrary course by Kelly (free)
4) Boson Practice Exam(99$)
5)Audio:
a)Shon Harris (old and free), alternative link here
b) MP3s from Kelly’s Cybrary course.
6)Larry Greenblatt free lectures on 8 domains and this playlist of tips on youtube
7) Sybex 2nd edition 1320 practice questions
8) SLIDES /Notes:
a) Sunflower note
b)Memory Palace from Prashant
9) Supplementary Resource:
– CISSP Subreddit community
-CISSP Study Group BD, Whatsapp group
– Shon Harris AIO Book (For reference only – ended up reading the full networking chapter)
– IT Dojo questions from youtube
-CISM app by AceSoft
-Total tester AIO
-Kelly Handerhan`s why you will pass cissp video
My 2 Month Study plan
– Week 1: finish Eleventh Hour CISSP book, and finish 50% of shon harris audio lectures while commuting
–Week 2: Finish Chapter 1-6 from Sybex, finish 100% of shon harris audio lectures while commuting
– Week 3: Finish Chapter 7-11 from Sybex , finish Kelly`s lecture in audio while commuting
– Week 4: Finish Chapter 12-18 from Sybex ,revise Kelly`s lecture in audio while commuting
–Week 5: Finish Chapter 19-21 from Sybex , Revise Eleventh Hour CISSP book , revise Kelly`s lecture in audio while commuting
–Week 6: Finish boson test A, B. Solve CISSP Official Study Guide`s tests, revise Kelly`s lecture in audio while commuting
–Week 7: Finish boson test C,D,E. Finish sunflower guide,revise Kelly`s lecture in audio while commuting
– Week 8: Solve Sybex 2nd edition practice questions .Finish Memory Palace from Prashant. Finish Larry Greenblatt`s lectures
–Week 8.5: Review practice questions that i got wrong last 3 weeks . Solve 100 CISM app questions. Sit for the exam
Review of Study Resources
Kelly Handerhan – 9/10
I used to listen to Kelly`s lecture everyday while i commuted to and from office->home. Kelly is a great instructor. She has a way of breaking things down that just seem to really stick into my brain. However, it is not everything you need to pass. The greatest advantage I gained from Kelly, is for the mindset to take into the exam, through her video.
Boson Tests 9/10
Yes, the questions can be quite technical. But Boson does a good job of getting you to understand the “when” and “why” you would use a technology choice over another. The explanations are fantastic. As others have said, it’s not about getting these questions right. It’s about understanding why the other choices are wrong. Use the options available to you, if you are weak on a subject or domain, Boson will let you focus on those by choosing a domain or multiple domains, or just filtering by a keyword. The answers are summarized perfectly and go 2 inches deep, when all you really do need is the 1 inch. My actual test questions were more managerial than technical- which is not fully what boson prepares you for. But that’s ok. Boson is a great prep material non the less .
CISM App by AceSoft 9/10
I practiced around 60 questions from this app. Surprisingly, i found this app`s question to be most close to the real one. You dont need to solve a lot. Only solving a few will give you the right mindset for exam.
11th Hour book – 8/10
This was a short and sweet read.Everything is outlined in a very concise manner. But it does not cover everything. I used it as my first book to read, this made reading the sybex book a lot easier.I highly recommend reading this before reading sybex- it can save you a lot of time. You can use it as a first read or a final read before the exam.
Sybex 8th edition Book– 8/10
This was the meat and potato of my preparation. This book has everything that you need to know .It is very comprehensive.I found it to be mostly an easy read. But, had difficulty understanding the networking chapters from this book(read networking from shon harris for clearification).But, i admit- reading this book was not a pleasant experience at all- it was a giant dry book.
Larry G: Spock/Kirk videos 8.5/10 … lectures 7.5/10:
Larry G`s youtube videos go greatly in depth in how to analyse the question and all the options,how to eliminate/choose with right mindset.
Larry’s questions are also ridiculously tough, tricky, and very often based on semantics or splitting hairs. While it really pissed me off throughout the process, upon reflection I can say that it helped develop a crucial skill that I needed to get through this exam: critical thinking.
His lectures are sometimes bit too lengthy- but i found it to be very helpful in developing key concepts.
Sybex 2nd edition practice tests: 7.5
They were okay. It helped me reinforce my learning from the book. But, explanation depth was missing.Also the questions were not at all reflective of the actual exam.
Shon Harris Audio 6/10
They are a bit outdated. I found it to be okay
How much Time did i study?
I studied around 6 hours every weekday and around 15 hours on weekends/holidays . And whenever i was commuting , i was listening to audio lectures. In those 2 months i had squeezed even the last bits of my time and energy to prepare for this. I really don’t think it was humanly possible to give any more effort from my side.
How was my exam experience
The questions hit me real hard. They weren’t anything like what i read/solved. Each of them seemed like a mystery piece of puzzle.And, none of the answers seemed like a bullseye . Had a really head-scratching tough time choosing the correct answers . Half way down the time, i was way behind the number of question i should have done with. I felt like was wasting my time, noway I am gonna pass this . But i held my nerve cool, and kept answering what felt right to my instincts. At question 100th, the exam ended.I had chills running through my spines. And when I went to get the printout and turned it over and it said “CONGRATULATIONS….”!!
I seriously couldn’t wipe the smile off my face
CISSP Rule of thumbs/Mindsets
Its very important that you go with the right mindset at the exam. Here are a few mindset/rule of thumbs that helped me:
1.You are a risk adviser. Don’t try to fix problems right away. Ready->aim->fire. Do not fire first. Think before you Act
2. Senior Management is ultimately responsible for security
3. How much security is enough? Just enough
4.Everything starts with risk analysis
5. Always think of the “end-game”:what happens at the end.
6. Security transcends technology. Technology comes and goes but fundamental concepts don’t change.
7.Importance of physical safety is foremost
8.If given a choice between a technical vs a managerial option- go for the managerial once.
9.Incorporate security in design. Security should be baked in not sprayed out
10.Always choose for multi-layered defense. Avoid single point of failures.
11.Try to choose the bigger umbrella or the widest answer
12. Humans are the weakest link. Amateurs hack system, professionals hack people.
13. Access through a trusted interface is better than accessing directly.
14. Don’t violate process/change management rules. plan-do-check-act and repeat
My tips
- MAKE A REAL DECISION! (It’s not a half decision, a more or less decision ) and schedule the exam right away. Have a deadline.I would recommend taking a deadline within 16 week, as taking more than that maybe challenging to fight distraction/holding on to willpower
- Read books to understand the concepts well, compare related technologies side by side ask yourself questions like (why, when, what, how) and try practice questions to mainly understand your weakness and then focus on covering the concepts comprehensively. Practice this approach repetitively every day. 95% of the questions are scenario based. If you understand the concepts – you can select the right answer .
- Watch this video of kelly handerhan to develop CISSP mindset. Watch this right before exam as well. You will find no common questions in the exam. The only thing that will help you is the right mindset, this video will help in that
- Read the questions well. CISSP is more of an English exam than technical .Pay attention to the MOST, FIRST, verbiage on the questions, and keep a managerial perspective. This test is for a security manager. You have to analyze scope, time, and cost for most questions. Your goal is to reduce the risk
- Solve a lot of questions.I solved around 4000 question from boson,sybex and AIO.
- Make a lot of notes.
- Develop an ecosystem of like-minded individuals. Individuals who follow the same passion and are as driven for passing the exam as you are. Join online communities , like cissp-subreddit/cissp-discord chat/Study notes theory group in facebook.
There you go. I have open-sourced the full blue print of my CISSP journey . If you have further queries, feel free to knock me in linkedin or email me at mashrur123@gmail.com. I would be happy to help.
ভাই আমিও এই এক্সামটা দিব সামনে ইনশাল্লাহ। আমি এখন সাইবার সিকিউরিটিতে মাস্টার্স করছি, ১ম বর্ষ শেষ প্রায়। কখন এক্সাম দেয়া উচিত আর কখন প্রিপারেশন শুরু করা উচিত?
এটার জন্য প্রায় ৫ বছরের সিকিউরিটি ফিল্ডে ইন্ডাস্ট্রি -এক্সপেরিয়েন্স লাগে । ওটা থাকলেই দিয়ে দিতে পারো
ভাইয়া আমি বর্তমানে ফোর্থ ইয়ার সিএসই স্টুডেন্ট। আমি সিকিউরিটি ফিল্ডে ক্যারিয়ার গড়তে চাই। শুরুটা কিভাবে করব একদম বিগেইনার লেভেল থেকে?
এটার উত্তর বেশ লম্বা। শিঘ্রই একটা ব্লগ লিখবোনে এটা নিয়ে