The first phase of my studying is complete and I felt great this morning because I knew what was coming.
Finally get my first crack at a practice exam for the Certified Information Systems Security Professional (CISSP). Everyone says this test is tough but I’m not hearing any of that. I’m going in guns blazing and hoping to show myself that I got this. Wish me luck.
Three Hours Later / First Impressions of CISSP
What a nightmare that was. Don’t get me wrong, it was the experience I wanted but man it definitely didn’t hold any punches back. I definitely have a newfound respect for test taking.
One thing I noticed right away was the amount of options for a response was not the traditional 4. Many of the multiple choice were 8 responses, with a lot of combination answers (i.e. option a, option e and option d). Thinking about it, this is likely a method to ensure that you know the content in and out. It’s not enough, nor should it be, to know what the acronym are, you really need to take the time to understand the concepts. This is key in separating the novices from the professionals.
The other thing that caught me off guard was the scenario questions. Here the question would explain that you are a security professional tasked with providing recommendations of a security plan or business continuity plan. It explains a lot of the current controls and deficiencies of the corporation you are working with. About 9 paragraphs long, no joke, but when you read what the question asks you, it quickly becomes apparent that it has nothing to do with the actual scenario itself, at least not directly. My only concern with this is how much of a time sink this is and as I will explain in the next section, time management has to be top of mind.
Always Think Time Management
In no way do I consider myself a great test taker. With that being said, I believe the key to being successful on this test beyond knowing the content is managing the clock. The CISSP test is 3 hours long and approximately 150 questions. This means each hour you will need to have completed at least 50 questions to avoid running out of time.
As mentioned prior, the scenario questions took me for a loop. I literally spent roughly 4 minutes reading and analyzing the question only to be told that everything I read was irrelevant. This was definitely frustrating as I knew I shouldn’t spend more than a minute and half at best for each question.
Going forward I believe I will start reading the direct question first, then the available answers. If they make sense, I may forgo the scenario altogether.
The CISSP Aftermath
After the dust settled I received an unsatisfactory score of 61.33%. The thing I appreciate about this practice test is that it shows me exactly where I struggled and I will be focusing on those areas throughout the week.
By far my weakest area shows Identity and Access Management. I believe this section had the most 8-answer option questions and some current technology I was not aware of like the Clipper Chip. Apparently that chip was developed by the United States National Security Agency (NSA) as an onboard encryption device for secure communications. It also doubled as a backdoor device. May need to do a blog post on that sometime soon.
It is good to know where your weaknesses lie as it can be used for motivation. The only way to success in life is to learn from the mistakes you have made. I intend to do just that.
I hope to have better results next week. April is crunch month. Plan on taking the test in May providing the pandemic allows
For over 20 years, I have had the distinct opportunity to work in the Information Technology space under a variety of distinct roles.
My unique position has helped me become a risk management Maven for Fortune 500 and Small Business Companies around the world. For the last 12 years, I have assisted Small Business Owners and Insurance Agency understand the impacts of Cyber Incident exposures and what steps to take to help mitigate potential data breaches.
My desire to expand my reach related to cyber security has led me to establish the Sage Knows IT blog as a way to help Small Business Owners and aspiring Information Technology (I.T.) Professionals better understand the road-maps of I.T. through the experiences I have had.
Information Technology and Information Security is the future of our world and I hope this blog will inspire those that are interested in joining our ever involving field.