So Hash Value Doesn’t Mean the Value of Your…Hash?
Seven months ago I thought a pen tester was a person hired by pen manufacturers to test the functionality of their products before they were boxed and shipped out to customers. Seven months ago I didn’t know why Macs came with their own specific numbers. And I certainly didn’t understand how bug spray allowed for redundancy. But being uninformed didn’t mean that I couldn’t learn.
I recently passed my CISSP exam and I want to share some important lessons that I learned as I prepared. Hopefully they will be helpful to you and your studies. As the Chinese proverb explains, “If you want to know the road ahead, ask those coming back.”
I have thought upon the 400 hours of studying, the 24 hours of live online instruction, and the 6 hours of test day experience and tried to condense the most important lessons into about 500 words. Think of this as the UTM of blog posts.
Schedule the Test, Embrace the Stress
My initial studying was a struggle. My mind was like an IDS; just passively scanning the material. My flashcards lazily flowed through my brain without sticking or staying. Then, I scheduled the exam. I picked a test date. Overnight, things changed.
Once I scheduled my exam, the stakes became real. As a consequence, the information stuck. I was focused. The pressure and anxiety of the approaching exam magically softened something in my brain into a sponge that helped me absorb and retain the material.
I finally understood what the British thinker, Samuel Johnson, meant when he observed, “…When a man knows he is to be hanged in a fortnight, it concentrates his mind wonderfully.”
Study the Forest, Not the Trees
Speaking of concentrating, I often found myself focusing on minute details that, it turns out, matter little for the CISSP exam. I memorized the key lengths of encryption algorithms. I filled my brain with the technicalities of SAML token exchange. I knew all the details, but I didn’t understand why they mattered. And why the details matter is what matters for the CISSP exam.
I finally got a higher level perspective from CyberVista’s live online sessions. Since each session is three hours long, and students already come to class with a strong foundation through short videos and assigned reading, the instructor can talk about the concepts at a high level.
The sessions helped me answer questions such as “Why does this matter?” “How do these concepts impact an organization’s security and business?” “What encryption algorithm do you use in a certain situation?” “What is the overall role of SAML in Single Sign-On?”
Pick Themes and Stick With Them
When you see concepts from a high level you can identify themes they are emphasized on the CISSP exam. You can recognize patterns that are woven throughout CISSP questions. The answer that best fits into one of these important themes or rules is probably the right one.
Just as Polonius shared wise, universal principles with his son before he sailed for France, I want to share with you the most important rules that will never steer you wrong when you are choosing an answer. These, above all:
- Protect human life
- Understand that security must enable the business, not hinder it
- Value policies and procedures over ad-hoc responses
- Never try to solve problems on your own. Consult outside experts
- Document all incidents and report to Senior Management
Have faith in these rules.
Confidence Versus Swagger–Know the Difference
Have as much faith in yourself as you do in those rules. I feel that the factor that most contributed to my passing was my swagger, which should not be confused with confidence.
Here’s the difference, as I use the words: Confidence is “Yeah, I studied. I’m ready.” Swagger translates to “Ask me anything. If I don’t know it, it doesn’t matter. Because I can let that question go and make up for it later.”
When you just have confidence you still waste time agonizing over impossible questions. Swagger is seeing a question that you have never seen before, taking a best guess, and thinking, in the words of French Montana, “Ain’t worried about nothin.”
Let Us Help
In the days following my exam, I updated my LinkedIn and posted the CISSP banner on my email signature (just kidding, who does that?!). I then got a few unsolicited job offers. But I decided to keep my job as a CISSP Product Developer at CyberVista. And here is why that matters for you. I have been through the student experience. And I, along with my colleagues, have poured all that we have learned into your course.
I told you that I was a history major. So you’ll understand that I take great pride in the fact that our course is one “of the student, by the student, and for the student.”
Learn more here.