Unlocking the CISSP: A Red Team Consultant's Path to CISSP

Introduction

This article details a roadmap for cybersecurity experts not only to successfully pass the CISSP exam but also to effectively broaden their knowledge in all cybersecurity domains. Additionally, it reveals the detailed mindset behind solving the CISSP exam questions with ease and adopting the "Think like a manager" mindset.

Author's Background

I am a senior red team cybersecurity consultant. Years ago, I embarked on a journey to broaden my knowledge and expertise beyond penetration testing to encompass all domains within cybersecurity. So it is a journey from CRTE, CRTP, OSCP, CEH to CISSP, the objective is to better support my customers in multiple domains in cybersecurity and have a more wide view of all cybersecurity domains. Besides CISSP, I also focus on improving my soft skills within a business context, to achieve that,? I joined Mckinsey Forward program and proudly, I have been named to Mckinsey Forward Champions.

The below is a suggested roadmap from my point of view. It is not the shortest roadmap, it is not even short; it is the longest way to be CISSP certified. Yet it is a transformation journey that builds up your skills and shifts your mindset. My goals are to widen my knowledge, acquire new skills, adjust my problem-solving skills and acquire a new mindset that knows how to solve the problem correctly, to improve the process, to solve the problem's root cause, instead of chasing secondary reasons. This is what they refer to as "Think like a manager." If we share the same goals, let's jump in!

CISSP Preparation Journey

The preparation journey comprises 5 steps:

Step 1:? Exploring and Identifying Unfamiliar CISSP Domains

Explore and skim through the CISSP Official Study Guide (OSG) to identify topics you are familiar with and those that need further effort. We do this to recognize areas of knowledge and areas requiring more attention.

The CISSP Official Study Guide(OSG) discusses 8 domains, as detailed below:

• Domain 1: Security and Risk Management
• Domain 2: Asset Security
• Domain 3: Security Architecture and Engineering
• Domain 4: Communication and Network Security
• Domain 5: Identity and Access Management (IAM)
• Domain 6: Security Assessment and Testing
• Domain 7: Security Operations
• Domain 8:? Software Development Security

Step 2: Studying for CISSP domains

Let's start by diving into those unfamiliar CISSP domains! Take all the time you need to digest the new topics. While it may take time, this approach will ultimately set you apart as reliable and skilled professional. Remember, our goal is to excel in our roles, not only to pass the exam.

Start by reading these domains from the official study guide, watching videos, reading articles about them, and discussing these new topics with your manager, or mentor, or someone who is a subject matter expert in these domains, if applicable, work on relevant projects in these areas. The objective is ensure that you fully digest these areas.

Then move on to the domains that you are familiar with; check subtopics as there may be details you are not familiar with. Note that you will often encounter new expressions and terminologies, but by looking at their definitions, you may find yourself already familiar with the concept, or it may be a concept that makes sense; you just didn’t know the terminology, which is fine.

Recommended resources for studying:

The main source of studying is the official study guide; it is our main reference. We may use other resources to help us better understand the topics in this book.

For videos, I recommend two sources:

1. Kelly Handerhan , she is really good at adjusting your mindset to think like a manager, which is key for this journey. You can find her course on Cybrary.
2. Mike Chapple , one of the authors of the CISSP Official Study Guide, has his CISSP course available on LinkedIn Learning.

Choose any or both of them; picking some topics from each course is fine. However, note that all videos may miss a lot of information mentioned in the OSG, so make sure to read it anyway. For me, I watched Kelly's course fully, then picked some topics to view from Mike's course alongside reading the OSG.

Step 3: Practice Time

Besides studying, it is crucial to solve practice questions and exams to train your mind on how to think like a manager. But first, let's agree that exam questions are unique, and no similar questions will be found anywhere.

What does exam questions look like? Tricky and long questions full of details that may potentially mislead you, all answers seem correct!

Roll up your sleeves hero; let's get ready to tackle these questions. To pass, stick to the below simple steps in the sequence provided:

• Read the exam question carefully till the end and identify what is the question wants.
• Sometimes when we start reading the question, we instantly have the intuition that the question's context is going in a certain direction. Ignore that for now; continue reading the question carefully until the end, then look at the choices. Do not assume; read the question carefully instead.
• You not only want to know why this particular choice is correct, but also why the rest of choices are not adequate to the situation described in question.
• What if all answers look correct? Solve by eliminations; that's fine!
• Prepare valid reasons for eliminating every potentially incorrect answer.
• Repeat for every choice, till you have reasons for every choice.
• Re-read the question and its choices and make sure that you have chosen the most valid answer from the manager's point of view.
• Check question answer and adjust your mindset accordingly.

Is that process lengthy? Remember the first time you drove your car versus months after? At first, you were overwhelmed by the steps, but as you moved forward, you could do everything while driving!

Resources to Practice from:

I've limited my resources to avoid overwhelm. The key is adjusting your mindset and practicing extensively with the resources below:

• ISC2 practice book and LearnZapp mobile application.

They both have the same questions but are represented differently. The former is a traditional book, while the latter is an interactive mobile application that gives you the flexibility to solve questions from anywhere, bookmark questions, see statistics about your readiness in every domain, and overall readiness.

• Adam Gordon

He posts CISSP questions on his LinkedIn profile every week and discusses them with the community, helping us adjust our mindset to think like a manager. At the time of writing this article, he has written over 1100 CISSP questions!

• "How To Think Like A Manager" by Luke Ahmed ?? This book greatly helps in adjusting your mindset to think like a manager.

Step 4: Exam preparation

By this step, you may feel overwhelmed with the huge amount of information in the materials and you may feel that you have forgotten everything. I hear you; you are not alone my friend. We all felt the same. You haven't forgotten, but it is time to start mind mapping your genius brain.

The resources below create mind maps for all domains, quickly refreshing your mind and helping identify areas you lack confidence in. I recommend listening to them during your commute initially, identifying the areas you don't feel confident about, and then reviewing them carefully during study time.

1. Destination Certification Inc.
2. CISSP Exam Cram by Pete Zerger, vCISO, CISSP

Another important videos during this period is Mike Chappel's on how to pass the CISSP exam, as well as Kelly Handerhan's video titled "Why You Will Pass the CISSP Exam."

Note that during this period, you may feel down. Make sure to ask for support from your ecosystem and reward yourself with nice retreats after reaching small milestones. Prepare for a big one after successfully passing the exam.

Step 5: Reward yourself!

After successfully passing the exam, treat yourself to something significant that brings you joy. You've done a great job and you deserve it!

Be thankful to God who made you pass, then be proud of your committed self. Be happy and proud, and celebrate in your own way.? As for me, I traveled to a new country and participated in many thrilling activities. Laugh from the heart and embrace happiness; you've accomplished your goal!

General Notes:

• Misconception about CISSP: "It is a managerial-level certification so there's no need to dig deep into technical details." That's not true. Cybersecurity managerial roles are different from other fields; you still need to have an adequate level of technical knowledge alongside management and soft skills to be a highly skilled manager.
• Reflect as You Study: While studying the CISSP domains, try to map what you study to real life.
• CISSP New Exam Changes: According to the ISC2 article titled "Changes to the CISSP Exam Weighting – What You Need to Know": "Domain 1, Security and Risk Management, has increased in weight from 15% to 16%. Domain 8, Software Development Security, has decreased in weight from 11% to 10%. All other domain weights remain the same. In addition to the domain weighting changes, the time limit for the computerized adaptive testing (CAT) exam will be a maximum of three hours beginning April 15, 2024. Candidates taking the CAT version of the exam (currently only available in English) will see a minimum of 100 and a maximum of 150 items. The linear (Chinese, German, Japanese, Korean, and Spanish) exam length will remain six hours. Candidates taking the linear version of the exam will receive 225 total items." Source: ISC2 Insights

Final Thoughts

I hope this guide has been helpful for you and addressed your challenges, supporting you during your tough journey. If it helps you pass the exam, please let me know someday; it personally encourages me to keep sharing.

I wish you the best of luck in your exam, and remember that the taste of success at the end is worth it! And always keep in mind, if it doesn't challenge you, it won't change you. If you have any further questions, let me know in the comments.

?