Inch Deep, Mile Wide

The CISSP Journey

  • cissp cheat sheet, cissp exam results, cissp exam results how long, cissp results, cissp results how long, cissp exam results how long 2010, failed cissp, failed cissp exam, cissp failure rate, keepass vulnerabilities, cissp exam experience, cissp cram sheet, what to memorize for cissp exam, how long for cissp results, waiting for cissp results, cissp test results how long, cissp resources, eric cole cissp, cissp results 2010, how many questions can you get wrong and pass cissp, cissp failed, coworkers with cissp, cissp exam result, official (isc)2 guide to the cissp exam - 2010, keepass vulnerability, taking the cissp, failing cissp, cissp exam cheat sheet, cissp scantron, how many question can you miss on the cissp, keepass review 2010, cissp exam experience 2010, cissp exam results long, keepass review, failed the cissp, how long to get cissp results, cissp exam failure rate, i failed my cissp, how long does it take to get cissp results, eric reed cissp, failing the cissp, cissp exam cheat sheets, cissp exam, i failed my cissp exam, failing the cissp exam, torrey woodhouse cissp, how long do i have to wait for cissp exam score?, how long cissp results, how hard is the cissp exam, cissp cheatsheet, cissp dec exam result, waiting for cissp exam results, cissp fail, how many questions can you miss on the cissp, cissp results wait, how many people fail cissp, cissp results december 2010, fail cissp, cissp december, cissp exam fail, failure rate for cissp exam, cissp test experience, how many domains are covered in the cissp exam, cissp results email, failed the cissp exam, how long does it take to get cissp test results, cissp, torrey woodhouse, cissp exam statistics, do you have to pass each domain for the cissp exams final grade, fail the exam cissp, cissp failed 1st time, cissp scaled score +70, fail cissp test first time, waiting on cissp exam results, thank you for sitting for the certified information systems security professional (cissp)® examination on 12/05/2009. we recognize and commend the significant personal commitment, 2010 how long does it take for cissp results ,cissp exam failed, cheat sheet cissp, eric cole sans management 414, people who thought they failed the cissp exam, experiences with taking cissp, freepracticetests cissp exam, cissp dec result, cissp failed 2010, cissp cheat sheets, cissp personal study notes, cissp exam results email, cissp time until grade received, how long isc2 cissp exam results, how long should i wait for my cissp results, cissp questions, how is the cissp exam graded, how is cissp graded, cissp exam difficulty, freepracticetests.org, eric cole cissp audio, cissp exam status & results, wait time between cissp exams if you fail, how long does it take to get the results of the cissp exam, do people fail cissp, what should i know before taking the cissp, i feel like i failed the cissp, december 2010 cissp results, how many questions can you miss and still the cissp exam, should is used all in one cissp 5th edition to prepare for the cissp examination?, cissp exam results december 2010, are freepracticetest.org questions really from the test, cissp cheat, cissp exam result wait, cissp exam thoughts, how long until i get my cissp results, why does it take so long to grade cissp, cissp december exam result, how many fail cissp exam, took the cissp exam, cissp fail rate, cissp exam results nov 6th 2010, i am going to fail cissp, cissp exam result december, cissp exam result dec, difficulty level of cissp questions, why does cissp take so long to grade, cissp taking, my cissp exam experience. cissp exam cram failed cissp, cissp results take longer than other, cissp certification discouraged hard, cissp exam result email, what did you see on cissp exam?, least privileged blog, taking cissp exam, cissp results december, 7 types of hard cissp exam questions, waiting cissp exam results, how many questions can you miss on the cissp exam, cissp practice exam, took the cissp december 5, 2009, how long cissp results failed, cissp test results, cissp study sheet.xls, eric cole cissp prep, dec 6 2009 cissp results, cissp how long for results, cissp cryptography cheat sheet, hands-on ethical hacking and network defense 2nd edition pdf, fail cissp by 9 points, cissp dec 2010 results, cissp exam failure rates, i think i failed the cissp, sans enough for cissp exam, cissp cheat notes, when did you receive your cissp results, how many pass cissp exam first time>, cissp test rsponse time, cissp exam results fail, failure rate cissp exam, cissp exam questions, miss exam cissp, june 12 2010 cissp exam results, how long to wait for cissp results, how long does it take for cissp results, how long to receive cissp results 2010, cissp thought i failed, cissp study sheet, when will i get my cissp results, how long does it take to receive cissp test results, cissp 5 dec exam, cissp eric cole, cissp exam results fail experiance, cissp results, how long to get cissp exam results, cissp fail safe, cissp post exam syndrome, cissp exam can you bring notes?, keepass mcafee, what to bring to cissp exam, shon harris evo, cissp exam result 20th december, giac security leadership certification training programs wisconsin, cissp result score, 401, how many pass cissp exam on first change, cissp+cheat+sheet, eric cole sans cissp slides, pass fail for cissp, giac security leadership certification personal experiences, cissp cheat sheet 2010, how many questions can i miss on cissp and still get 70 percent, cissp recent exams feed, how many domains are covered in the cissp exam and list each domain name?, cissp 80% who fail first time, cissp exam results failed, about cissp failure rate, how long does it take to get a response after taking cissp, cissp post cheat sheet, how to pass cissp, if you fail the cissp exam, least privlaged cissp, beta questions on cissp test, how hard is cissp exam, dear candidate, certificate number: 360xxx, how long grade cissp, cissp experience, my experience taking the cissp exam, long cissp exam results, cissp cheat sheet notes, cissp exam tips, cissp online books resource, just wrote the cissp exam, cissp result 5th dec 2009, cissp post exam experience, cissp results fail, keepass + vulnérabilité, how to cheat on the cissp exam, carnegie-mellon cissp course, how long for the isc2 endorsement, how long after the exam the cissp results come in, cissp study plan .xls, how long does it take to get cissp exam results back, cissp test comments, 7 types of hard cissp exam questions, where do i check for my cissp result for pass or fail, sans cissp test answers wrong, cissp practice exams (all-in-one) download, real exam cissp pass, grading cissp test, percent of people who pass the cissp exam, taking the cissp exam - my personal experience, cissp cheat sheet free, failed cissp 2 times, how long cissp results december, failed 5 timees in cissp, cissp exam questions weighted, cissp exam experience, osi cissp notes, cissp 2010 results, cissp cheet sheet, cissp made easy, keepass malware, what if i fail cissp exam, cissp how many can i miss, keepass rainbow, waiting for cissp test results. cissp test results taking a long time results nov 6th, taking the cissp, cissp 2009 result fail, i am ready for the cissp exam, what to bring to cissp, cissp exam is really hard, what is the failure rate of 2010 cissp exam, cissp december 2009 results, cissp how long to get results, keepass security, ow many people fail the cissp, issp answer sheet a,b,c,d quarters, what to expect when taking the cissp exam, eric cole cissp mp3, i fail cissp, cissp pass fail rate, when you fail th cissp, what is the percent of per domain for cissp exam, how long does it take to get exam results for cissp, www.freepracticetests.org, transcender practice cissp forum hard easy, failed cissp test need help, cissp results 1 week, keepass online storage, cissp test fail rate, cissp december results, cissp dec 2009 result, isc2 said i passed cissp exam then turned around and said i did not, how to cheat on cissp, cissp exam 6 hours, brute force password cracker snapfish, cissp lectures, cissp access control cheat sheet, how long cissp exam results, cissp vs gslc, http://freepracticetests.org, how long doees it take for the cissp results, failing cissp exam, taking the cissp exam, time required to prepare for cissp, how many fail the cissp exam, cheat sheet for cissp, cissp results how long 2010, i failed the cissp exam, how long to wait for cissp exam results?, cissp exam, failed cissp exam what do i tell my boss, i think i failed the cissp exam, securitymanagementpractices1.mp3, cissp least privlaged access, pass fail cissp, eric cole cissp seminar, 2010 cissp exam blog, eric cole cissp notes, cissp exam failure, cissp exam write on blank paper, cissp december result, failed cissp longer, gslc vs cissp, keepass vulnerability ctrl-c, eric cole audio download cissp, free practice exams cissp, how close to real exam, cissp study plan, how to feel after taking cissp, how do they grade the cissp exam, how many questions can i miss on cissp exam and still pass, cissp test closer to real exams, cissp barely failed, freepracticetests cissp pro hard, what day do cissp results normally come out, cissp results how long, cissp missed questions, how many times can i write the cissp exam, cissp exam results e-mail, december 12, 2009 + cissp examination results, secret to passing the cissp exam, failed cissp exam 3 times, cissp exam no problem, cissp exam result for 5th december 2009, who took cissp exam in 2009, deepmile facebook, keepass vunerability, how many times have you taken the cissp, cissp weighted, cissp test timeto get your result, isc2 training camp archive, cissp shon harris, copied cissp questions 2010, cissp exam results time, how to find out cissp test results, cissp exam overview slides clement dupuis, issep practice exam, sans audio for cissp, official (isc)2 guide to the cissp pdf, cissp waiting game, how many questions can you miss on the cissp and still pass, prepare cissp exam, 7 days to cram for cissp, cissp fail test scores, passing the cissp exam, eric cole mp3 cissp, cissp exam room highliter, sans audio slides series eric cole, sans mgmt 414 mp3, cissp 414+, sans mgt 414 mp3, test results for cissp october 4, how to prepare for cissp, cissp domain 6 quiz, cissp december 2009 result, i received my cissp results today at, why people fail cissp, december 12 cissp exam results, free cissp mp3s, sans cissp practice test by eric cole, audio cissp eric, cissp domain 5, cissp exam 2009 drp, cisa barely passed, sans cissp eric cole mp3, clark-wilson model anti-malware, december 6th cissp exam 2009 still no results, cissp domain rss feeds, when will i get my cissp results?, cissp exam results december 2009, cissp eric reed, i took my cissp exam 2009, eric cole cissp video, cissp test october 2009, eric cole audio cissp, cissp exam december 5 2009 results, cissp exam december 2009 results, cissp frustration, management 414 sans +s training program for the cissp certification exam presented by eric cole!, december 5 cissp exam results, feel in exams personal experience, waiting on cissp score, what to expect when taking cissp exam, cissp fail one domain, how long will the result of cissp exam be kept, what if i fail the cissp, cram guides cissp practice exam 2010, what you need to know for the cissp exam 2010, skillport cissp, cissp results response, how long does it take to get the cissp exam results, eric cole cissp lectures mp3, failed time between cissp tests, inchdeepmilewide.wordpress.com, cissp 2009 domain 10 notes, cissp study sheet telecommunications and network security, cissp exam estimated results, how many times fail cissp exam, how long to find out if you passed cissp, failure rate of cissp exam, let someone else take cissp test, percentage of people that fail the cissp exam, how much time do i have after passing cissp exam, cissp exam results aug 2010, when can i expect my cissp results?, official (isc)2 guide to the cissp exam - 2nd edition, 2010 pdf, can i take a class for cissp exam and then take the exam, 7 types of hard cissp exam questions pdf business phone, brutal cissp exam, shon harris wiki, software review: keepass comment, how long should i study for the cissp exam, difficulty of cissp compared to gslc exam, cissp update, does cissp have a 80 failure rate, keepass got hacked, what day do cissp results arrive, cissp results taking forever, what is the password to print all in one cissp 4th edition, cissp exam results 2010, cissp night before, took cissp today mostly operations, cissp exam 5 times, cissp exam notes, cissp brutal 6 hour exam, cissp passing results take longer, cissp 5th front, i failed cissp 2009, cissp taking again, picturetrail password brute force, transcender cissp practice exams, cissp exam failing results, how many people fail cissp first time?, i'm socring 80 and higher on cissp practice exams, cissp difficulty level, i passed the cissp, isc2 exam results letter scanned, cissp booklet, how good is freepracticetests cissp, cissp one month passed, cissp exam results waiting, how i passed cissp exam, any experience before cissp exam, cissp exam result already 4 weeks, weighted cissp exam, cissp encryption cheat sheet, who grades cissp tests, cissp telecomm cheat sheet, took cissp exam questions focus more, cissp how long before taking the test if you fail, cissp failed again, cissp is an easy exam, but tricky, cissp exam most tested domain, cissp exam what to bring, cissp statistic, online cissp practice questions exam cram, cissp exam comments, cissp exam results takes a long time, cissp failed email, cissp exam results 2010 do they give you your score fail, cissp actual test feedback, length of time to learn results from cissp, issmp notes, least privileged +physical security, passing cissp 1st time, cissp how many questions can i miss?, keepass auto login vmware client, cissp waiting for results, feel like ive failed after taking cissp, cissp change grade, (isc)² eric cole review, freepracticetests any good for cissp prep, trick cissp scantron, how to pass a cissp exam buy guessing answer, cissp exam collector, cheating on cissp exam, how many cissp question can be missed, cissp exam 80 percent right to pass, what kind of pencils do you need for cissp exam, cissp exam audio cd, cissp exam grading time, cissp acronyms flash cards, post cissp test syndrome cccure, when does cissp exam start hours, keepass experiences, failed cissp exam?, eric cole cissp lecture, cissp pass for sure, failed exam cissp, how long does it take for the cissp results to come out, issap cheat sheet, help failed cissp three times, getting cissp results, does it take long to get cissp exam results, failed my cissp exam, taking cissp, waiting for cissp result, what is the hardest cissp domain

Taking the CISSP Exam – My Personal Experience

Posted by -Durk- on December 18, 2009

There were two groups of folks from my workgroup who prepared and took the CISSP exam. The first group of 3 (including my boss) started off with a CISSP boot camp, studied for about 10 weeks, traveled to a different city, stayed in a hotel and took the exam. They felt very unsure after the exam and thought that they either barely passed or barely failed. They all passed. So the pressure was on me and the rest of the second group! The first group studied about 500 hours.

There were 4 guys from my team that made up the second group (including me). I started out with just the AIO Shon Harris book (Fourth Edition) and the online searchsecurity.com site that is extremely introductory but has some short Shon Harris videos (basically just introduces each domain). Shortly after I added a SANS audio/slides series taught by Eric Cole. The audio and slides were from a 1-week CISSP boot camp sponsored by SANS.  And then I took many practice tests (http://www.freepracticetests.org/quiz/quiz.php). And I was failing miserably! I had to switch gears! Read the rest of this entry »

Posted in CISSP, CISSP Exam, CISSP Preparation | Tagged: , , , , , , , , , , , , | 76 Comments »

The Secret Life of Passwords (New York Times article)

Posted by -Durk- on March 9, 2016

I found this article extremely interesting and a really great read!

“Passwords do more than protect data. They protect dreams, secrets, fears and even clues to troubled pasts, and for some, they serve as an everyday reminder of what matters most. ”

I would love to read your thoughts.

New York Times – The Secret Lives of Passwords

Posted in Security, Trends | Leave a Comment »

(ISC)² Official Announcement of the (ISC)² Kansas City Metro Chapter and Inaugural Meeting

Posted by -Durk- on December 23, 2014

From (ISC)²:

Dear Member,

(ISC)2 is proud to announce that the (ISC)2 Kansas City Metro Chapter has recently received its charter and is now an official chapter of (ISC)2! It will provide information security professionals in the local community an opportunity to build a local network of peers to share knowledge, exchange ideas and earn CPEs. In addition, you will be able to:

  • develop or enhance your leadership skills by serving as an officer or chairing a committee
  • pursue speaking or writing opportunities for chapter functions or general public
  • collaborate with other local chapter organizations to develop synergy and share knowledge
  • advance security awareness within the local community, from children to senior citizens
  • mentor students as they pursue and enter the information security profession

The (ISC)2 Kansas City Metro Chapter will be holding its inaugural chapter meeting on January 7, 2015. Details about this event are listed below:

When: January 7th, 2015 (The first Wednesday of January)
Time: 6:30 PM to 8:30 PM
Where: THE CAVES! Cavern Tech Phase 4
Address: 17501 W 98th St #856, Lenexa, Kansas 66219

To RSVP or learn more about the (ISC)2 Kansas City Chapter, please contact Keith Shaw at Kds4269@gmail.com .

Kind regards,
(ISC)² Chapters


That’s right boys and girls, we are meeting in a fricken cave!  OH YEAH!  How cool is that?  For free. With tables and chairs and projector and…well, yeah, like real meeting space.  Our inaugural meeting will include a guest speaker from the FBI who will be facilitating an interactive discussion around the topic of The Insider Threat.

I think our format is what will set us apart from other local security groups.  The format: Roundtable, interactive discussion with security professionals from many different industries, tech companies and organizations, from upper management to operators who have many diverse experiences. We invite knowledgeable and expert members and guests to facilitate and keep the discussion moving along and on-task.

I am serving as the Director of Membership.  And I am super excited about this new local information security group.

Here is our official website:  http://isc2kcchapter.wordpress.com/

If there isn’t a local (ISC)² chapter in your area, consider staring one.

Posted in Uncategorized | Leave a Comment »

Chartering a Local (ISC)² Chapter: Learn from Others

Posted by -Durk- on March 18, 2014

It is always wise to look back before moving forward.  History has much to teach those who are moving into the future.   (ISC)² has an annual (ISC)² Chapter Report that they have available to members and there is a wealth of information within!  The report gives stats and annual reports from chapters all over the world.  But it also offers advice to those that wish to start a new local chapter.  Here is what the report has to say:

Chapter Advice

In the chapter reports, officers offered advice to help new chapters meet their challenges. Below is a summary of their suggestions:

Organization: Develop long and short-term business plans that include the vision and mission of the chapter. Understand and budget for operating and activity costs. Establish a formal process to help gauge success and progress. Establish an open channel of communication among chapter leaders. Hold regular, in-person meetings of chapter officers and provide written copies of agendas at the meetings to establish structure and set expectations. Set goals and follow-up action items at the end of each meeting. And lastly, promote chapter events well in advance.

Growth: As the chapter grows, the number of committee chairs and support volunteers should grow in order to ease the burden on chapter officers and utilize additional resources to organize new initiatives and events for chapter members. It also provides leadership opportunities and encourages member involvement.

Support: New chapters should reach out to more established chapters to learn from their successes and leverage their ideas. Also, chapters should collaborate on initiatives to share resources and generate interest among members. [Chapter contact information can be found in the (ISC)2 Chapter Directory at www.isc2.org/ch-directory.] Also, chapters should seek support from members’ employers or local companies to assist with the chapter’s activities when appropriate.

Leadership: Elect members to leadership positions who are enthusiastic and active. Leaders should understand the objectives and share the vision of their chapters and be willing to work to make their chapters successful. Involvement should not be based on self-serving purposes, such as seeking visibility, building one’s resume or earning CPEs. Officers should realize the amount of time and level of commitment required to help build a chapter. Lastly, candidates should be recruited throughout the year.

Overall, the key message was to be patient. It takes a great deal of time and effort into developing a chapter to ensure its success. It is important to understand the duties and responsibilities involved and find people who are willing to make the commitment and are enthusiastic about the vast opportunities available to the chapter and the local community.

Posted in Uncategorized | 1 Comment »

Chartering a Local (ISC)² Chapter: Petitioning Process

Posted by -Durk- on March 18, 2014

Here is an update regarding chartering a local (ISC)² Chapter in Kansas City.   First, from (ISC)²:

Determine Eligibility and Petition to Start an (ISC)² Chapter
First determine if a chapter already exists in your area by referring to the (ISC)² Chapter Directory.  If not, then review the (ISC)² Chapter Guidelines for requirements and if eligible, complete and submit the (ISC)² Chapter Petition for review and approval.  Once approved,(ISC)² will reserve your requested territory and post your contact details in the directory.

I submitted an (ISC)² Chapter Petition (Feb 21st) and received an initial response from (ISC)² Friday (March 7th).  The response indicated that (ISC)² will indeed assist in the formation of a new chapter in Kansas City.  WOOT!  It informed that there are 180 members in our area, which is super encouraging.  The next step is for the petition to go to the (ISC)² chapter committee for “further review and consideration”.  And the response indicated that we “should receive feedback and/or approval within 2-3 weeks.”  This approval merely means that we may proceed with forming a charter of a local chapter.  It isn’t the acknowledgement that a chapter has been formed.

Although we have a small group of guys that are interested in launching the chapter, I filled out and submitted the petition on my own.  Although this wasn’t a mistake, I would recommend perceiving that you are not one person petitioning (ISC)², but rather a small group.  Use words like “we” and “us” when responding to (ISC)².  Also have an initial mission and vision in mind.

We do not quite have 15 (ISC)² members on board yet.  This is our next hurtle.  But I am confident that we will gather that group and proceed to the next step of holding an initial start-up meeting.

Here is a quick overview on the steps involved in starting an (ISC)² Chapter in your local community:

  1. Determine Eligibility and Petition to Start an (ISC)² Chapter
    First determine if a chapter already exists in your area by referring to the (ISC)² Chapter Directory.  If not, then review the (ISC)² Chapter Guidelines for requirements and if eligible, complete and submit the (ISC)² Chapter Petition for review and approval.  Once approved,(ISC)² will reserve your requested territory and post your contact details in the directory.
  2. Hold a Start-up Meeting and Submit an Application
    Notify local members, hold a start-up meeting, discuss chapter goals and plans, elect officers and collect signatures on the (ISC)² Chapter Application from a minimum of 15 (ISC)² members,  and then submit to (ISC)² for review and approval.
  3. Process Documentation and Establish Chapter Governance
    Once the application is approved, you’ll receive an information packet containing the paperwork necessary to finalize the application process.  This includes signing off on the (ISC)² Chapter Affiliation Agreement, registering your chapter (if applicable), and developing your Chapter Bylaws (or other governance document).
  4. Become an Oficial (ISC)² Chapter and Receive a Welcome Kit
    Once the required paperwork has been processed and finalized, you will become an Official (ISC)² Chapter!  You will receive a welcome kit containing your custom chapter materials and access to the chapter officer portal.
  5. Send Official Chapter Announcement and Hold an Inaugural Meeting
    (ISC)² will send an email notification on your behalf to announce your chapter to all local (ISC)² members within your geographic boundaries, and to invite them to the first chapter meeting.
  6. Maintain Chapter Reporting and Activity Requirements
    Submit interim activity reports after 90 and 180 days of receiving your charter, then annually thereafter; and hold regular chapter member and officer meetings throughout the year.

Posted in Uncategorized | Leave a Comment »

Chartering a Local (ISC)² Chapter

Posted by -Durk- on March 18, 2014

I finished my first 3-year CISSP certification cycle.  I was scrambling to finish the last 30 CPEs, but I finished and am re-certified.

My plan was to write posts that communicated (cool, simple, interesting) ways to earn CPE’s.  But if I were to summarize my CPEs from the last 3 years I would include a few vendor and (ISC)² conferences and a lot of podcasts and training courses.

My co-workers and I have been talking for awhile now about starting a local (ISC)² chapter.  We finally started the process.  There are tons of benefits but what I hope to gain out of the experience is learning leadership and security skills, networking, serving the community and lastly earning CPEs.  Here is what (ISC)² has to say:

Being a member of an (ISC)² Chapter has its benefits. Not only will you gain a sense of fellowship with colleagues in your profession, you will also be able to network and exchange ideas with fellow (ISC)² credential holders and other information security professionals in your local area.  Other opportunities consist of:

  • Advancing Information Security
  •  Local network of peers to share knowledge, exchange resources, collaborate on projects
  •   Engaging in leadership roles 
  •  Earning CPEs
  •  Participating in co-sponsored events with other industry associations
  • Assisting (ISC)² initiatives by speaking at industry events or writing articles for publication
  • Participating in local community outreach projects (public service) to educate people about information security
  •  Receiving special discounts on (ISC)² products and programs

Take the Lead! Start an (ISC)² Chapter in Your Community!

(ISC)² Chapters are forming throughout the world. If a local chapter is not located near you, then start one!  The basic structure of an (ISC)² Chapter is:

  • A minimum of 15 members are required to form a chapter; exceptions may be made for extenuating circumstances
  • Only (ISC)² members are able to start up chapters and serve as officers
  • (ISC)² members are not required to be a member of a chapter
  • Non-(ISC)² members are eligible to join after a chapter has been chartered
  • Chapter member dues are at the discretion of each chapter
  • (ISC)² does not collect fees from chapters

(ISC)² Chapter Formation Process

Here is a quick overview on the steps involved in starting an (ISC)² Chapter in your local community:

  1. Determine Eligibility and Petition to Start an (ISC)² Chapter
    First determine if a chapter already exists in your area by referring to the (ISC)² Chapter Directory.  If not, then review the (ISC)² Chapter Guidelines for requirements and if eligible, complete and submit the (ISC)² Chapter Petition for review and approval.  Once approved,(ISC)² will reserve your requested territory and post your contact details in the directory.
  2. Hold a Start-up Meeting and Submit an Application
    Notify local members, hold a start-up meeting, discuss chapter goals and plans, elect officers and collect signatures on the (ISC)² Chapter Application from a minimum of 15 (ISC)² members,  and then submit to (ISC)² for review and approval.
  3. Process Documentation and Establish Chapter Governance
    Once the application is approved, you’ll receive an information packet containing the paperwork necessary to finalize the application process.  This includes signing off on the (ISC)² Chapter Affiliation Agreement, registering your chapter (if applicable), and developing your Chapter Bylaws (or other governance document).
  4. Become an Official (ISC)² Chapter and Receive a Welcome Kit
    Once the required paperwork has been processed and finalized, you will become an Official (ISC)² Chapter!  You will receive a welcome kit containing your custom chapter materials and access to the chapter officer portal.
  5. Send Official Chapter Announcement and Hold an Inaugural Meeting
    (ISC)² will send an email notification on your behalf to announce your chapter to all local (ISC)² members within your geographic boundaries, and to invite them to the first chapter meeting.
  6. Maintain Chapter Reporting and Activity Requirements
    Submit interim activity reports after 90 and 180 days of receiving your charter, then annually thereafter; and hold regular chapter member and officer meetings throughout the year.

For questions or more information, contact us at chapters@isc2.org or call +1.727.785.0189.

If there isn’t a local (ISC)² chapter in your area, consider staring one.  I will keep you posted!

Posted in Uncategorized | 1 Comment »

iCISSP – (ISC)² goes paperless! Leave Your Pencils at Home

Posted by -Durk- on July 6, 2012

https://www.isc2.org/cbt/default.aspx

(ISC)² is pleased to provide the opportunity for candidates to take computerized examinations via Computer-Based Testing (CBT) at local testing centers worldwide. This new testing method provides candidates with top-of-the-line security measures and a comfortable testing environment. Further, candidates are able to take their examination closer to home, saving both time and money.

Posted in Uncategorized | 1 Comment »

CISSP Continuing Professional Education (CPEs): The Basics

Posted by -Durk- on December 20, 2011

A CISSP-certified individual needs to earn 120 CISSP CPEs over a 3 year period.  CISSP Continuing Professional Education (CPEs) are the continuing education that one has to earn to remain CISSP certified.  There are two CISSP CPE categories, Category A directly relates to CISSP domains and Category B relates more to information tech in general (presentations, learning Office or programming or a new system, etc.) and professional learning in general.  One has to have a minimum of 20 Category A CPEs per year and a total of 80 CPEs from Category A at the end of 3 years and 40 CPEs from Category B at the end of 3 years.  There is no minimum from Category B per year.

There are many activities you can do to earn CPEs, but they basically boil down to 2 categories, passive and active.  Passive, attend some sort of event where you listen and learn.  Active, take a class or attend some sort of training, prepare for a presentation, read an approved security periodical, publish a security article or book, write a book review, or volunteer.

Here’s detailed info from the (ISC)2® CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES (you may have to login), pages 8-12

Calculating CPE Credits

CPE credits are weighted by activity. Shown below are common categories of activities and the amount of credits you can earn for each. Typically, you will earn one CPE credit for each hour spent engaged in an educational activity. However, some activities are worth more credits due to the depth of study or amount of ongoing commitment involved. In general, CPE credits are not earned for on-the-job activities.

  • Attending Educational/Training Courses and Seminars

Educational training course and seminars related to the domains of your credential will qualify for one Group A CPE credit for each hour of attendance. Training courses and seminars that are not domain-related to your credential, qualify as one Group B CPE credit for each hour of  attendance.

  • Attending Conferences

One CPE credit for each hour of attendance (or one session). Security conferences qualify as Group A credits. Other educational conferences qualify as Group B credits

  • Attending Professional Association Chapter Meeting

One Group A CPE credit for each hour of attendance at a professional association chapter meeting. The qualifying professional association must be related to the domains of your credential.

  • Attending Vendor Presentations

One Group A CPE credit for each hour of attendance at a vendor presentation. The presentation must have an educational aspect with regard to the domains of your specific credential. Note: If you are attending a conference which includes vendor presentations, do not enter your CPE credits in the “vendor presentations” category. Instead, you should enter your CPE credits in the “conference” category – and, accordingly, determine your CPE credits by using the method described under “conferences”.

  •  Completing a Higher Academic Course

One Continuing Professional Education credit (CPE) is permitted for each hour spent in class, or for online classes. Credit will only be given on passing/completing the course. The course must be related to the domains of your certification to qualify as a Group A credit. Otherwise it may be considered a Group B credit.

  • Providing Security Training

Four Group A credits per hour of presentation for the initial preparation training materials. CPE’s may be earned for updating an existing presentation. CPE credits are not earned for time spent presenting the course, lecture, or training. This CPE activity is most relevant for short presentations of a few hours. Examples would include Webinars or Pod Casts.

Credits are not earned for teaching or training courses that are multiple days, weeks, or months in length.

  •  Publication of a Security Article or Book

Group A CPE credits for the first publication of an article placed in a journal or magazine. The article must be related to the domains of your credential. The article may be printed or in  lectronic form. The below chart identifies the number of CPE’s that will be earned based on the length of the article.

You are entitled to 40 Group A CPE credits for the initial publication of a book. Reprints or republications do not apply. The book must be related to the domains of your credential. You cannot earn Group B CPE credits within this category.

  •  Board Service for a Professional Security Organization

A maximum of 40 CPE credits per year of service on the boards of professional security organizations. Credits will be based on the level of contribution, as determined by the board of the relevant organization. Please maintain a record of your hours of participation for audit purposes. We recommend that you document your service hours by having an officer of your organization sign a statement specifying the hours. You may post your own CPE credits if the organization will not do this for you.

CPE credits will be given for those performing volunteer work on behalf of (ISC)²®, either serving as a board member, committee member, item writing contributor, or other type of approved volunteer activity. (ISC)² will determine the amount of credits earned for such activity and will submit credits on your behalf.

  •  Self-Study, Computer-Based Training [CBT], Web Casts, Pod Casts

Members can earn one CPE credit per hour for completing a self-study program, computer-based training, or viewing a Web Cast or Pod Cast. (ISC)2 will allow you to submit no more than the maximum number of CPEs/hours recommended by the self study provider. Please keep your documentation in the event that you are audited. This category may also be used to record credits when there is no other category available to record such credits. This would most often cover any type of research that is done in conjunction with preparation of other activities that are not listed in any of the other categories.

If you have done preparation work to obtain another professional certification, which is not a certification from (ISC)2® and if this other certification is one in which you have increased your knowledge-base, then you are entitled to CPE credits for the preparation or self-study work you did to achieve this other certification. Your preparation or self-study work for the non-(ISC)2 credential must have been completed during the three years of your current (ISC)2 certification cycle. If the non-(ISC)2 credential is related to the domains of your (ISC)2 credential, then you would earn Group A credits. If the other credential is not related to the domains of your (ISC)2 credential, you would earn Group B credits. Your CPE credits associated with another  certification are not for achieving this non-(ISC)2 certification, but, rather, CPE credits are for the time you spent in preparation to obtain the non-(ISC)2 certification.

  •  Read Information Security Book / Magazine

Members can earn five (5) CPE credits, limited to one book per year and one authorized magazine subscription per year, for a total of ten (10) CPE credits per year. Please note that beginning June 1, 2011, members will no longer be awarded five (5) CPE credits by simply subscribing to (ISC)2 approved magazines.

  • Beginning June 1, 2011, (ISC)2 will ask its members to validate their learning experience for reading a security book or for subscribing to an authorized magazine.
  • Reading Security Books – Members upload a brief summary (approx. 150 words) of their learning experience from a security book they read in order to earn CPE credit.
  • Subscribing to Security Magazines – Members may receive five (5) CPE credits for subscription to an authorized magazine in one of the following ways:

1. Members upload a brief (approx. 150 words) summary of the learning experience gained from reading any issue of the magazine subscription at (ISC)2 website to claim the CPE credits.

2. Members complete a quiz provided by the magazine publisher, and the publisher will automatically submit five (5) CPE credits to (ISC)2.

If members subscribe to one of the following magazines, the magazine, as an approved CPE credit submitter, will submit the five (5) CPE credits to (ISC)2 if a quiz is madeavailable and successfully completed.

The (ISC)2 Journal (qualifies as a magazine subscription)

Information Security Magazine

InfoSecurityToday Magazine

CPE credits for the above magazine subscriptions, if a quiz is provided by the magazine publisher, will be posted for new subscriptions or renewals. These credits for the successfully passed quiz will be submitted by the magazine publisher and may not be added by the member.

 If members read other information security magazines, they must submit their CPE credits through the (ISC)² website. Members must retain information that could support their CPE claim if they are audited.

  •  Read InfoSecurity Professional magazine

Members will not earn five (5) CPE credits for subscribing to the InfoSecurity Professional magazine because it is the (ISC)²’s digital, members only-magazine, which will allow members to earn two (2) CPE credits per issue if they complete and pass the online quiz associated with each issue. Members must submit their credits on the (ISC)² website. Please be sure to retain all certificates for the successful completion of the quiz, as CPE’s will be subject to random audit.

  •  Information Security Book Review

One book review per year which is accepted and published on the (ISC)2® Website. Earn five Group A CPE credits. The book must be related to your (ISC)2 credential domain. The review must be at least 500 words and should include a brief description of the book’s contents and an overall evaluation of the entire book and its value to the professional. Please keep in mind that other members will be reading your book review. They may use your book review to determine whether a book is worth purchasing or reading.

Submitter and members should allow up to 3 weeks for (ISC)² to post CPE credits to member records.

  •  Government, Public Sector, and other Charitable Organizations Volunteering

You are entitled to one CPE credit for each hour of volunteer work. As documentation of your volunteer efforts, you must retain a signed confirmation on the organization’s letterhead, indicating the number of hours of volunteer work you have performed. This volunteer work must be a domain-related activity and would earn only Group A CPE credits.

Many of the CISSP folks I know attend a week-long security conference and they’re good to go on their A credits from one event.  Most of the time their job pays for traveling, attendance and accommodations.  This takes time and money, but it is an easy and fun way to earn lots of credits at one time.

However, I like cheap and easy (there’s a joke there somewhere).  I will go into more detail in the next posts, but I’ve chosen mostly to attend a few podcasts and seminars.

More Info from (ISC)2:

Group A & B Credits https://www.isc2.org/group-credits.aspx

Calculating CPE Credits https://www.isc2.org/calculating-cpes/default.aspx

CPE Opportunities https://www.isc2.org/cpe-opportunities/default.aspx

Posted in CISSP CPEs | Tagged: , , , , | Leave a Comment »

CISSP Continuing Professional Education (CPEs): Preliminary

Posted by -Durk- on December 12, 2011

OK,  so I told you that I’d continue to write about CISSP Continuing Professional Education (CPEs)-the continuing education that one has to do to remain CISSP certified.  And I will, but first I’d like to hear from you.  What have YOU done to gain CPEs?

My initial take is that gaining the CPEs is pretty easy.  I have 37 under my belt, 24-A & 13-B.  But others say it is a hassle and difficult.  I started out very strong, got busy with work and then gathered a few more towards the end of the year.

What are YOU doing to earn CISSP CPEs?  I look forward to your replies.

Posted in CISSP CPEs | Tagged: , , , | 2 Comments »

What Makes a Password Stronger

Posted by -Durk- on June 25, 2011

http://finance.yahoo.com/family-home/article/113007/strong-online-passwords-wsj

by Stu Woo
Friday, June 24, 2011

provided by
wsjlogo.gif

With concern about hackers, tools for remembering so many codes; no more pet names or 123456.

For all its benefits, the Internet can be a hassle when it comes to remembering passwords for email, banking, social networking and shopping.

Many people use just a single password across the Web. That’s a bad idea, say online-security experts.

“Having the same password for everything is like having the same key for your house, your car, your gym locker, your office,” says Michael Barrett, chief information-security officer for online-payments service PayPal, a unit of eBay Inc.

More from Yahoo! Finance:

Companies Run Exclusively By Men

Things Your Neighbors Won’t Tell You

Most Dangerous Cities in the U.S.


Visit the Family & Home Center

Mr. Barrett has different passwords for his email and Facebook accounts — and that’s just for starters. He has a third password for financial websites he uses, such as for banks and credit cards, and a fourth for major shopping sites such as Amazon.com (Nasdaq: AMZNNews). He created a fifth password for websites he visits infrequently or doesn’t trust, such as blogs and an online store that sells gardening tools.

A spate of recent attacks underscores how hackers are spending more time trying to crack into big databases to obtain passwords, security officials say. In April, for instance, hackers obtained passwords and other information of 77 million users in Sony Corp.’s (NYSE: SNENews) PlayStation Network, while Google Inc. (Nasdaq: GOOGNews) said this month that hackers broke into its email system and gained passwords of U.S. government officials.

So-called brute force attacks, by which hackers try to guess individual passwords, also appear to be on the rise, Mr. Barrett says.

PayPal says two out of three people use just one or two passwords across all sites, with Web users averaging 25 online accounts. A 2009 survey in the U.K. by security-software company PC Tools found men to be particularly bad offenders, with 47% using just one password, compared with 26% of women.

Another PC Tools survey last year showed that 28% of young Australians from 18 to 38 years old had passwords that were easily guessed, such as a name of a loved one or pet, which criminals can easily find on Facebook or other public sites. Other passwords can be easily guessed, too. Hackers last year posted a list of the most popular passwords of Gawker Media users, including “password,” “123456,” “qwerty,” “letmein” and “baseball.”

“If your password is on that list, please change it,” says Brandon Sterne, security manager at Mozilla Corp., which makes the Firefox browser and other software. Hackers “will take the first 100 passwords on the list and go through the entire user base” of a website to crack a few accounts, he says.

People typically start changing online passwords after they’ve been hacked, says Dave Cole, general manager of PC Tools. However, “after a relatively short time, all but the most paranoid users regress to previous behaviors prior to the security breach,” he says. He and other security experts recommend people change or rotate passwords a few times a year.

To come up with a strong password, some security officials recommend taking a memorable phrase and using the first letter of each word. For example, “to be or not to be, that is the question,” becomes “tbontbtitq.” Others mash an unlikely pair of words together. The longer the password — at least eight characters, experts say — the safer it is.

Once people figure out a phrase for their password, they can make it more complex by replacing letters with special characters or numbers. They can also capitalize, say, the second character of every password for added security. Hence “tbontbtitq” becomes “tB0ntbtitq.”

No matter how good a password is, it is unsafe to use just one. Mr. Barrett recommends following his lead and having strong ones for four different kinds of sites — email, social networks, financial institutions and e-commerce sites — and a fifth for infrequently visited or untrustworthy sites.

Even the strongest passwords, however, are useless if criminals install so-called malware on computers that allow them to track a person’s keystrokes. Security experts say people can avoid this by keeping their antivirus and antispyware software updated and by avoiding downloading files from unknown websites and email senders.

Some security experts recommend slightly modifying passwords within each category of site. Companies such as Microsoft Corp. (Nasdaq: MSFTNews) offer free password-strength checkers, but users shouldn’t rely on them wholly because such strength tests don’t gauge whether a password contains easily found personal information, such as a birthday or a pet’s name.

It’s especially important to have a separate password for an email account, says Mozilla’s Mr. Sterne. Many sites have “Forgot my password” buttons that, when clicked, initiate a password-recovery process by email. Hackers who break into an email account can then intercept those emails and take control of each account registered using that address.

Some websites, such as Google and Facebook, now let people register a phone number along with their account. If a person forgets his passwords, the sites reset the passwords by calling or sending a text message to that person.

Mr. Barrett says people should be able to remember four or five good passwords. If not, they can write them down on a piece of paper and stick it in their wallet, and then throw the cheat sheet away once all the passwords are memorized.

People who still struggle to remember them all can use a password manager. Several, such as LastPass, are free. LastPass prompts users to create a master password and then generates and stores random passwords for different sites. Some security experts warn against using managers that store passwords remotely, but LastPass Chief Executive Joe Siegrist says hackers can’t access the passwords because all data is encrypted.

The worst thing that people can do after creating their different passwords: Put it on a sticky note by their monitor. “That defeats the entire purpose,” says Mr. Sterne.

Heather O’Neill, a 27-year-old tech-company employee in San Francisco, had her Google email account broken into earlier this year. She says she used the same password for several sites, and that it was a weak one.

“I can’t have one password for everything,” she says. “Everything is going to be different.”

Write to Stu Woo at Stu.Woo@wsj.com

Posted in Security | Tagged: , | Leave a Comment »

The Secret 11th CISSP Domain: Understanding How to Learn, How to Study and How to Take A Test

Posted by -Durk- on May 21, 2011

poster for The Matrix

Why didn't I take the blue pill?

I took this personality test in high school, the teacher was finishing up his masters or PHD or something and he passed out these self-examination tests to the class.  It focused on how one learns.  I remember answering a question regarding how I learned with one answer then basically getting the same question later on and answering it differently!  I remember thinking, “I have no clue how I learn”.  “Are there different styles or methods?”  I just didn’t know!

Fast forward 20 years, one failed CISSP exam behind me and a year of studying ahead; I had to figure out how I learned, how to study and how to pass a freaking test as I prepared for the CISSP exam 2.0!   The process that I went through to prepare and pass the (second) CISSP exam taught me a lot about how to study, learn and take the hardest exam I have ever taken!

OK, here’s the point:  Identifying how YOU learn and identifying the best study and test methods that work for YOU are vitally important to passing the CISSP exam.

I’m convinced of this:  Understanding how one learns, how to study and how to take a test could be the difference between passing or failing.  Especially those that have failed multiple times and feel like they have studied their asses off and can’t possibly memorize or cram any more security info into their brain, lest it will explode!  Take pause, take an introspective inventory, do some research on learning, studying and test taking and then switch gears.  Think of this as the secret eleventh domain.

I am not going to spend a lot of time talking about how one learns in general, it is just too vast of a topic.  If you read through the rest of this post and simply can’t identify with any of it, then please keep searching and take the time to understand what it is that makes you tick.  Take a few personality tests to see what type of social person you are.  Are you an introvert or extrovert.  This answers the question of if you should study alone or in a group.  If you have some sort of learning disability then you really need to spend some time understanding yourself and how to overcome and be successful.  Talk with experts.  This will help you in all areas of your life.  Do yourself a favor and seek professional educational counseling.  Are you ADD?  Then you have to structure your studying accordingly by eliminating distractions and stick to a more formal plan.

Open Brain, Insert Content

Remember the scene from the sci-fi movie The Matrix when Neo (Keanu Reeves) is learning how to fight?  They plug this cable into his head, they download all these different styles of martial arts, Neo’s eyes are fluttering and all of a sudden his eyes pop open and he says “I know Kung Fu”?  [In my best Chris Farley Impersonation]:  “Yeah that was really awesome”.  Bad news:  That  ONLY happens in the movies!

Book Worms

How do you get the info from the 10 CISSP CBKs into your head, process them into an organized and memorable fashion so that you can regurgitate all that info when it counts on the exam?  I know some folks who can take a book, read it from cover to cover and then KNOW the concepts and understand the subject.  They can turn around and put all of that knowledge into practice.  People who can do this are pretty smart people.  And I can’t begin to relate to these type of people!  If you are one of these people you are probably in pretty good shape.  Use Shon Harris‘ CISSP All-in-One Exam Guide and the Official (ISC)2 Guide to the CISSP CBK.  I started out by myself with Shon Harris’ book.  I read and read, I highlighted, I underlined, I wrote in the book, I tabulated the book with sticky tabs and sticky bookmarks.  Although I could find just about any topic fairly easily I wasn’t getting very deep and although I was learning, I was not memorizing and wasn’t able to regurgitate on any kind of detailed level.  It was a lot of dry reading, I saw the words, but, what did they mean?  And most of all how can I apply the knowledge to different situations?  So I was reading and re-reading which was a waste of time for me.  Reading books are great for some people.  But I needed more.
–(CISSP book resources & practice test info:  https://inchdeepmilewide.wordpress.com/cissp-resources/)

Experience

Some people like to just dig in, start taking stuff apart, or building something and they just learn as they go.  They start by taking the engine all apart for no real good reason but to learn how to put it all back together again.

Engine

Most of the time there is only a part or two left over!

They have to touch, they have to feel, they crack the manual now and again when they get stuck but at the end of the day they have a re-built engine in their car and most of the time there is only a part or two left over!  The other HUGE caveat-it took them 5 years to put it all back together.  Gaining experience takes time.  Most people who have extensive technical experience fall into this category.  There’s simply no substitute for time and experience gained, and if you have enough of it, most likely the CISSP exam will be cake for you.  If your background is deep and wide most likely the practice tests will be fairly easy.  If they are not, dig deeper and wider.  Can you turn around and teach it?  That’s the level of knowledge required to pass the CISSP.  If yes you are set, if you fumble a bit, keep going.  Although I have 5 plus years in a network security group, my background is not in building networks or building server systems or managing firewalls and routers.  Even if you can teach the telecom domain in your sleep you may struggle with the more in-depth security concepts.

My co-worker falls into these first two categories.  He can read a book or manual from cover to cover and he can turn around and explain it in technical and deep articulation.  He has been in the technology and telecom industry for 30 plus years and he paid very close attention.  He can program in several languages, not only build a PC but explain how it works in detail, he can re-build a car engine while he explains the history and physics behind every detail.  He is by far the smartest person I know.  He finished the exam in just over 3 hours and he passed his first time out.  The other 99,9% of the population just do not function this way!  There’s hope…keep reading.
–(Practice test info:  https://inchdeepmilewide.wordpress.com/cissp-resources/)

Back to School

Many people are traditional student learners, they can listen to or watch lectures, take quality notes, make study cards, study in groups, create cheat sheets and take practice tests.   Most classrooms fall into this category.  If college was the best learning experience of your life then this is for you!  If this is definitely you skip reading a book from cover to cover and please, don’t bother with an expensive boot camp. Purchase a couple of video (Shon Harris CISSP Video Seminar) and/or audio lectures (Management 414 SANS +S Training Program for the CISSP Certification Exam presented  by Eric Cole or enroll in college classes or a semester worth of classes that focus on CISSP.  If you thrive in a classroom spend the time and money and take a few quality instructor-led courses either in a real classroom or find something outside of your home (like a conference room or library) and create your own personal classroom.  For the most part I used this method.  I took a book with me to a conference room that I would turn into a classroom.  I found a study buddy and we watched a couple of different Shon Harris’ lectures, listened to an audio lecture and paid for online video lectures.  For the most part this worked for me.  If you are a social learner like me, take classes or create a classroom environment with others.
–(CISSP resources & practice test info:  https://inchdeepmilewide.wordpress.com/cissp-resources/)

Note To Self:  Take Better Notes!

stickynote

Remember taking notes in school?  Of course you do!   Taking notes and studying them solidifies and reinforces what you’ve been hearing and seeing.  There are many different methods of taking notes.  There are outline techniques, term/definition techniques, shorthand, flash cards and the list goes on and on.  If you struggle in this area find a book or a webinar or lecture or a college orientation class or materials that focus on taking notes!  Heck, find a person who can take excellent notes and learn from them.  I have excellent index-style study cards, but I don’t want to merely give them to you because as you make them yourself you are organizing and learning!  And of course the last word on notes is to actually review them, study them.  I took way too many notes that I never looked at after I penned or typed them.  That was just stupid.

How to take a test

Unless you have a photographic memory, very few people have some magical edge when taking tests.  Stick to the basics:

  • Spend the night at or near where the exam will be given
  • Don’t cram
  • Go to bed early-take a Tylenol PM (Benadryl) if you are restless
  • Awake at least 2 hours before the exam doors open
  • Eat a healthy and hefty breakfast
  • Arrive before the doors open, check in find a good seat
  • Turn off all noisy electronics, don’t just mute or vibrate, pack the distractions away, forget about them
  • Bring Your Registration Letter and ID
  • Bring food and drink
  • Bring your own #2 pencils and a huge eraser
  • Bring meds in case of a headache
  • Take notes on the test-mark the questions you don’t know or aren’t sure of (use different markings)
  • Circle the answer on the test THEN transfer the answer to your answer sheet
  • Read the question carefully and completely
  • Read all answers before choosing an answer
  • Answer all questions
  • First answers are usually right-but mark and review those that were a complete guess
  • Take breaks-at least one per 60 to 90 minutes
  • Break the test up into sections and when you reach the end reward yourself with a break, go potty, walk around or stretch for a minute or two, relax, consume food and drink, get back to it.
  • Pay attention to the time
  • Use all 6 hours, if you finish early take a break, review, then review again
  • Be one of the last to leave

I think I am pretty good at taking tests in general-mostly because I commit to an answer and move on.  Most of the time if you know it, you know it, and if you don’t you don’t.  Failing the exam the first time simply told me I wasn’t quite prepared enough.

However, some people are worse at taking tests in general than others.  Some people suffer from test anxiety.  Some people psych themselves up for failure or get overly nervous or anxious or just freak out once they get the test in front of them.  From eHow.com, “Relax on the day of the test. Once you’re in the testing room, you can do nothing more to prepare. Worrying when you can do nothing more to improve your chances of scoring high on the test will affect your performance.”  People do weird things like read things into the questions that’s not there or second guess everything.  Although most of these folks know the content and understand the concepts they’ve studied, they are a completely different person as they take the real exam.  They go slower or faster, their minds go blank, they sweat, they have negative conversations with themselves, etc.  If you are one of these people then you HAVE to figure out a way to compensate.  Train your mind to take the exam.  Take lots of practice tests.  Take many long 250 question practice test.  Print out a practice test with the questions and use a Scantron to record the answers-just like the real exam.  Time yourself.  Pace yourself.  Find new questions so you’re not memorizing the question and answer rather than learning the concepts. Take practice tests at a crowded McDonald’s.

Knowledge is Power

Finally, learn from others’ experiences and mistakes and successes.  Walking into the exam my first time and sitting down to take the exam was like ice cold water or a bitchslap to the face-it was incredibly painful, frustrating and shocking.  Read my personal experiences.  Join CISSP forums.  Read security blogs.

Posted in CISSP Exam, CISSP Preparation | Tagged: , , , , , , , , , , | 5 Comments »

 
%d bloggers like this: