New ISC2 Cert, and Five Free CPEs

in

ISC2 is developing a new cert, something to “certify entry-level professionals.” Now, I thought the SSCP already existed for that purpose…and I’m also curious how someone “entry-level” can also be considered a “professional”…..but if you are an ISC2 member, and you help fill out a survey that will be used to construct the exam that will be used for this new cert, you can get five free CPEs.

So…go get your CPEs: ISC2 Link to Survey

Udemy Course - How To Pass Your INFOSEC Exam

in

It’s my pleasure to announce my first Udemy course, available to the public, based on my book, “How To Pass Your INFOSEC Exam: A guide to passing the SSCP, CISSP, CCSP, CISA, CISM, Security+, and CCSK.” This course includes two sections: Security Basics, and Cryptography, totalling three hours of content. I intend to publish additional courses, with sections covering all the material in the book, in the future.

I’m very interested to hear feedback and suggestions; I hope you like it, and find the material beneficial for earning your certification!

 

https://www.udemy.com/course/how-to-pass-your-infosec-exam/?referralCode=CEB07D31DF60C7FB5113

Big News: ISC2 Online Testing

in

ISC2 is finally going to experiment with offering online testing. It’s the last major INFOSEC certification body to do so, and it’s taken a long time to get to this point. I applaud this evolution, and am pleased that underserved communities will finally be able to leap the barrier to entry that physical testing required. (I’m also glad that online testing will reduce pollution necessitated by travel.)

Well done, ISC2!

https://www.isc2.org/News-and-Events/Press-Room/Posts/2021/01/11/ISC2-To-Offer-Online-Exam-Proctoring-for-CISSP-and-Other-Cybersecurity-Certifications

New Year, New Book!

in

New year, new book!

If you're studying for the CCSK, I just published over 300 practice questions covering all topic areas of that exam. It might also be a useful resource for CCSP studies, too, as many of the questions will be applicable for that test.

Many thanks to Mohamed Malki for technical review and editing, the inimitable Rachel Ribando-Gros, for being the best go-to graphics pro (with the most patience!), and Robin Cabe for layout and formatting. Y'all are wonderful, and I can't thank you enough.

Enjoy!

https://www.amazon.com/dp/B08RR9KTZZ?ref_=pe_3052080_397514860

Got an email from the CEO of ISACA recently....

in

THIS is how professional responsibility is done. This is how to craft an apology. This is leadership.

”Dear ISACA Community,

The integrity, high professional standards and smooth delivery of our certification exams are essential to maintaining the trust we’ve earned with ISACA’s professional communities. Last month we stumbled with the smooth delivery promise, and I am writing to our full member community to apologize. We must do better.

As some of you know, we experienced some unexpected issues when our certification exam vendor PSI performed a system upgrade. About 17% of our exam takers in November and the first few days of December were impacted. Earlier this afternoon, I reached out to those individuals to personally apologize and to offer them a complimentary exam retake if they did not receive a passing score.

We have also heard that our customer experience center response times to questions from the affected candidates has been slower than it should be. We are taking immediate steps to improve this, starting with a dedicated email address that affected candidates can use so their messages are marked as top priority. We have also added additional staff resources to the customer experience team.

During times of change and turbulence, individuals make an important choice to invest in themselves, and our certifications are “go to” education opportunities for IT professionals to advance their careers. Exam candidates invest time, money and dreams into our tests, and they deserve a trusted and smooth experience. I want you all to know that I take direct responsibility for these issues regardless of where the experience fell short. My team and I are committed to turning this experience around and helping candidates have a more successful exam day and a more positive experience with ISACA. In fact, beginning in early 2021, we are introducing 24/7 customer support so ISACA members and exam candidates no longer have to wait for help based on their time zone.

In addition, we are holding PSI accountable for their part in this issue. From the moment we began receiving information about this issue, we started regular meetings with the PSI leadership team, and they have assured us the technology issues are resolved. However, we plan to increase the communication to ensure this does not happen again.

Thank you for your trust in ISACA and our globally recognized credentials. We are committed to giving you and all of our members, customers and certification candidates the support you need and being a valued partner on your career and learning journeys.

Best regards,
David

David Samuelson
ISACA CEO”


I don’t think I’ve ever been more proud to be an ISACA member.

40. Test Prep Books With Prashant Mohan

in

34. Which INFOSEC Certification Pathway is Right For You - LIVE presentation

in

We had a great time doing the live show; thanks so much to everyone who joined in (we were thrilled to see more than our Three Listeners!); and more thanks for our hosts, New Horizon (and Queen Circe), for inviting us to take part in the event.

If you’re interested in seeing the slides associated with the audio track, please use this link to YouTube: https://www.youtube.com/watch?v=RU5moEg5noU&feature=youtu.be

Live Webcast Open To Everyone!

in

This is extremely exciting: Robin and I will be hosting a free webinar for New Horizons during their Awareness Month seminar. We'll be doing a live episode of the "The Sensuous Sounds Of INFOSEC" that you can participate in! So, if you ever wanted to be on the show, now's your chance.

Did I mention it's free?

We're going to discuss different INFOSEC certifications, and which pathways might be best for different practitioners. Come check it out, ask questions, and hassle us.

Also, you don't have to pay for it.

We look forward to seeing you there!

https://register.gotowebinar.com/register/3599988395504979725

There are also some other sessions being offered by excellent presenters:

https://bangor.newhorizons.com/resources/free-webinars

Encouraging Words About CISSP

in

A former student wrote in yesterday to tell me:

” I passed the exam last Wednesday.  A few observations on my experience:

 

1.  Like others posting their results to LinkedIn recently, my exam cut off at the 100 question mark.  My elapsed time at that point was somewhere between 90 and 100 minutes.

2.  Candidly, the first thought that passed through my mind when the exam cut off was that I failed, because...

3.  A lot (I would estimate 60-70%) of the questions required a good deal of domain knowledge synthesis to answer.  By that, I mean the question wasn't just asking for a fact or straightforward application of domain knowledge.  I got about 50 questions into the exam and considered walking away from the test, I thought I was doing that poorly.  I really thought "OK, those first 25 or so were the 'evaluation' questions for future exams, now the real exam is starting" but the questions didn't change in style after that. 

4,  I really had to slow myself down to make sure I read the questions and answers correctly and thoroughly.  This is probably what saved me from failing, of course, since the result is only pass/fail there's no way to know if the answers I changed after re-reading the question and answer while thinking about every word were the correct choice.

5.  Notwithstanding the "synthesis" comment above, most questions did have 2 fairly obvious wrong or distractor answers.  It was deciding between the remaining two that created the most frustration.

6.  I did use current editions of both the Shon Harris and Mike Chapple texts and practice exams for preparation.  I guess that's why I was a bit surprised at the nature of the questions.  Practice exam questions from both books were for the most part more oriented toward straightforward domain knowledge demonstration.”

Great advice— SLOW DOWN, everybody. And remember that you can’t fail until you’re done. Good luck to you all!

One of the best pieces of advice I have found in a long, long time:

in

Saw this on reddit recently:

“So, to your primary question, during those best 90 minutes of my exam - I passed at 100Q at 90 minutes - this was what I'd written on my dry-erase board and what I focused on:

  • YOU ARE A RISK ADVISOR/CEO – think like one.

  • Do NOT fix things (unless asked to do so, or unless those are the only answer options)

  • Think END GAME

  • Read EACH question 3x and then THINK before responding

This said, during my last two weeks, I did a high-level but comprehensive review of notes from ALL domains, and I particularly focused on making sure I knew and understood processes like RMF, SDLC, IR, BCP/DRP, etc. I took several 100-125 question practice exams during the last 10 days and used feedback from those exams to further hone the things I needed to focus on prior to my exam. Good luck and all the best as you make final preps for your exam!”

https://www.reddit.com/r/cissp/comments/i1eshf/exam_tips/fzx8qth/

Another bit of feedback about CISSP....

From another former student, just received yesterday:

“ I passed the CISSP earlier this evening, with much thanks owed to you! At 150 questions.

I didn’t interact much in class but paid a ton of attention and also rewatched the recordings over again. And also bought and read your book, along with Boson and the mike chappel practice tests. I felt that the class paired with the student guide prepared me the best, and the boson was a decent approximation for the questions but also not so much... I read your book in the two days before the exam and it helped solidify my mindset as well. 

As for the test, there were some bizarrely worded questions there for sure. I assume the test is slightly different for everyone, but for me there were MAYBE 10 questions that I would deem ‘technical’, and I may very well have got them all wrong, yet here I am on the other side! I am more of a big picture person in my role at work and I think that helped.”

Awesome news! Thanks so much for the feedback— great stuff, and congrats.

Recent CISSP Feedback

in

Got a note from a former student who tells us:

“ I sat for the exam this morning and I provisionally passed!!

This test was one of the hardest, most interesting exams I have ever taken.  It really does test your conceptual knowledge, as well as how you handle different situations at different levels.  There were some items on the exam that I was able to remember using your "Foot stomps" which really helped drill those concepts into my brain.

The best advice I can give is to just be confident that you know the material, and read the question, read the answers, then read the question again, and if you feel like you still cannot eliminate an answer or two....read the question again!  The questions are really not there to "trick" you.”

Really well said, and extremely useful. Thanks to Daniel Hill for sharing, and a big congratulations!

And More CISSP Feedback

in

Another of my recent students recently took the test, and had a hard time with it. Here’s some personal insight:

”….unfortunately I did not pass my CISSP exam taken last Friday 30th Jan.

I received:

6 domain "near proficiency level" 

2 domains "below proficiency level".

My main sources were:

- Official online self-paced training course;

- CISSP official study guide 2018;

- CISSP official practice tests (totally not useful);

- Kelly Handerhan’s video on Cybrary.

Exam was very strange. 

I was not prepared as in other my successfully certifications (itil expert, prince2 pract, cobit etc etc) where my score was always much higher than the minimum required to pass, but I think that even if I had studied more, not much would have changed (i.e. cissp exam not passed).

Questions were using terminology not used in official materials.

Sometimes I was not able to understand the real meaning of the question.

I noticed that after 100 questions, they become more difficult and longer, long time to read the question and answers and then I was stopped after 180 minutes at around 120/130 questions and I was sure to have not passed the exam.

After question number 100 my hope was to be stopped since exam did not seem to me so bad.”

Sad to hear, and I’m hoping the experience was not too discouraging. Best of luck to everyone studying at the moment, and those who are going to take the test.

More CISSP Exam Feedback

in

One of my recent students, Buddy Lott, shared some of his feedback about his recent exam experience. Thanks, Buddy!

I got to question 99 in about 1.5 to 2 hours. Was settling in for another 20 or 30 questions with plenty of time. I don’t think I had more than 5 more questions  when I got the “Test over” screen.  It scared the crap out of me. I was sure I had failed.   I don’t know exactly how many questions I had to answer. Then I had to wait for the check out procedures to get the results and discovered I had passed. It felt like forever.


I felt like the test was pretty challenging. I have no idea which questions I got the right or wrong but lots of the questions I felt had answers that were very similar or the correct answer depended on how much you read into the question. I had to make a focused effort to not read too much into the question while making sure I was paying attention to the details that were there.


Plus … I had to make sure I answered some of the questions based on the the book/class and not what my experience is/was.




Thanks again.


Leslie Lott

buddy_lott@outlook.com

www.linkedin.com/in/leslielott/