Welcome back to CyberVista’s Student Spotlight Series. In this series, we talk with newly credentialed CISSP, CISM, CEH, or Security+ practitioners who used CyberVista to prepare for their certifications. In this interview, we introduce Joseph Carnevali, VP/IT Manager at a community bank in Fresno, CA about his CISSP training experience.
CyberVista: How did you first get interested in cybersecurity?
Joe Carnevali: It’s pretty difficult to be in the IT world of any business and not be concerned about cybersecurity. Similar to Troy McMillan [Joseph’s instructor], I started in college as a music major and still enjoy teaching on any subject where students are willing to learn.
For a long time, I was planning my occupation around the music industry, but I realized that it’s not what you know but who you know. It was then that I trusted my gut and realized I was not meant to go this route.
I began my career in the financial services industry and carried several titles for over 40 years. In my industry, I saw the risks evolve and recognized there is a front door and back door to protect. The front door is the Internet gateway and the back door is the user of the technology. Educating users on the risks of the technologies they use and depend on is a goal of mine.
CV: What do you predict is the future of cybersecurity?
JC: I believe this industry is still in its infancy. We are up against threat actors that have time, tools, and talent. We must treat cybersecurity just as the first responder treats saving a life – especially in the financial services industry. There is an expectation of safety and security. The cybersecurity professional is that ‘first responder.’
“I believe this industry is still in its infancy.
We are up against threat actors that have time, tools, and talent.”
CV: Why did you decide to earn your CISSP certification?
JC: I wanted to get a certification that was respectfully recognized. At my advanced age, 61, I wanted to expand the one remaining brain cell. Part way in the CISSP course I figured that cell was going to explode, but to my surprise, it expanded.
The CyberVista training was extremely helpful. I am committed to lifelong learning and I believe this is what makes life worth living. It was a personal goal for many years to attain a professional certification. This personal goal evolved into a professional goal.
CV: Why did you choose CyberVista as a training provider?
JC: It wasn’t before earning my CISSP became a business goal that I realized I had to buckle down. When it was a personal goal it was almost too easy to keep pushing it aside; for example, I spent nearly 10 months studying on my own. I would also say that cramming the material isn’t an effective method for me. I was having a bit of trouble with accountability and personally, having an instructor to hold me accountable was paramount for me. The CyberVista instructors helped me stay on course.
Joseph’s instructor, Troy McMillan teaches using the light board in a live online lecture.
CV: What did you like best about your CISSP course?
JC: I started with a free self-study course and quickly found the accountability was missing. Live interactive courses using the light board were a first for me and a great experience. It kept me accountable and engaged. The real-life experience of the instructors was evident and their ability to articulate concepts was great. The value of interacting with other students in this live environment was also a significant benefit. It’s not easy getting folks to participate, but CyberVista made it happen.
CV: What CyberVista study resources were most helpful?
JC: Of course the study guide and student notebook were very important, but I valued the QBank and the hundreds of practice questions. Immediately seeing the correct answer (after answering the question) and the reasoning was extremely beneficial to me.
My goal was to score in the 80% to 90% ranges on practice test questions so it was nice to delete the lower scores and do it again…and again. I came from an era of memorization, so this was a stretch for me. For me studying meant, dedicating two hours each weekday plus six hours each Saturday and Sunday. I thank my wife of 40 years for understanding, and I have more confidence that I will see my 41st anniversary [laughs].
“The value of interacting with other students in this live environment was also a significant benefit. It’s not easy getting folks to participate, but CyberVista made it happen.”
CV: Do you have a favorite CISSP exam domain/topic?
JC: My favorite was Domain 9 and the topic was: Congratulations you passed. Kidding aside all of the domains had valuable information. If I had to pick one it would be Domain 1, Security & Risk Management because it contained so many fundamentals. Domain 2, Asset Security was also great because it applied directly to my daily work. I live more in the strategic world than a tactical one.
During the course, the instructors continually reminded me to think like a manager when taking the test. I must admit this was very helpful on some of the highly-difficult questions. I felt the questions were designed to draw you to the weeds when you actually needed to think strategically.
CV: Tell us about your exam experience
JC: I will admit that I failed my first attempt. I like to say I missed passing by one point, but that can’t be proven or denied. My first attempt was the previous test methodology [linear format] of 250 questions for 6 hours. Marathon training is always good practice. My second attempt was with the new CAT [computer adaptive testing] format with 150 questions over 3 hours. It was concerning that I would not be able to go back for review, but I think this forced me to focus and answer each question to the best of my ability. I could feel the questions getting more difficult as I progressed. It was challenging for me to move past the habit of rote memorization methodology I grew up with and replace it with the conceptual and experiential approach. My many years in technology and management served as an advantage for me.
CV: What are your predictions for the future of cybersecurity?
JC: Well currently, cybersecurity is too much of an afterthought. For instance, new technological devices are appearing on the shelves in multitudes, and aside from the new features the devices embody, they also embody cybersecurity risks. The issue is the discussion around cybersecurity isn’t growing in multitudes. Companies are quick to release a new device and will address the concerns around cybersecurity after the product is on the market.
On the other hand, the end user has an expectation that these devices have been vetted and are harmless to use. They trust the businesses to have already worked out all of the bugs or faults that could be dangerous. For example, I’ve seen many individuals download a new app on their phones and completely skip over the user licensing agreements. People aren’t in the habit of asking, “Why does this app need access to my contacts, camera, or my location services if it’s not applicable to the app’s main function?” In brief, I’m hoping there’s more end-user awareness or consumer awareness about these kinds of agreements.
CV: What do you like to do for fun outside of work?
JC: I live on the central coast of California, also known as wine country. Wine tasting at more than 200 local wineries is a hard job, but I try to support my community to the best of my ability. Learning something, anything, new really is my ‘fun’. Mostly this includes keeping current with technology and technology threats. Sharing what I learned with others comes in as a close second.
Do You Want To Pass?
If you’re like Joseph, hoping there’s another way to learn the CISSP exam material besides the daunting task of self-study, then let us show you a better approach. At CyberVista we have two goals: help you learn the material so you can pass the exam, and help you retain the information so you can apply what you learn for the long term. Learn more about CyberVista’s Live Online training courses including the CISSP, CISM, CEH, and Security+.