CISSP for Cheap!

hey welcome everybody I am Jeff Hoskins and yeah that's the title is how to get your CISSP for cheap this came from all the things i wish that somebody would have told me whenever i was thinking about this certification and yeah i went to people and said hey you've got this I'm thinking about it and I got one of two responses I was um yeah I got it 10 years ago I have no idea I never want to do that again and I don't really remember what was on it but I have some books and I'll send you the books then they didn't send me the books or I got just go to boot camp

and then I looked up boot camp and it was lots of money so um I decided to go about it a different way save a little money see if I could do it without spending all that money and I did and I want to tell people what these sources are so here we go we'll go through the what is the CISSP I guess we need to break down that those five letters why do it how to do it and how to do it cheap the goals are to save money save time and to be confident when you walk in to do your test oh yeah and I've got a disclaimer on there that um you know I'm not really my

feedback doesn't my opinions don't or not for any other companies or anything so who is this presentation for if you are thinking about taking the CISSP if you are concerned about passing it are you concerned about funding are you considering using the CISSP to develop others and you don't really want to pay $10,000 to fund their education but you want to help them get it especially because they could just get it and leave your company and you've developed them so what now where do I start so what is it here is the is c-squared explanation of what a certified information systems security professional is that's a lot of bla bla bla basically this shows your experience

in your exposure it could just be a check box for applying it is considered the gold standard for information security certificate and our certifications you are a security adviser when you get this you're not deeply technical in anything and it doesn't indicate basic that you really have an expertise it just says you've put some time and you've tried to really go around and learn this from a well rounded point of view there's a lot of misconceptions about how deep you need to go and it's really it's it's not very deep it's more about connecting ideas so why would you get the CISSP you may want to do it for self growth self growth you may have a position

requirement you're trying to get a position and it's a requirement or maybe you've been told you need to grow in that to keep your position or to keep you know getting good evaluations you may have heard about a skills gap in the industry and that these are needed or people and you want to shine above other people whenever you're going after opportunities one thing I put in this presentation months ago when I first started drawing it up unless you might want to get the CISSP for your confidence I actually don't believe that anymore I believe that um you should you need to find your confidence within yourself and even do things where you're not confident go up in if you think the

CISSP is gonna help you go talk in front of people or go talk to people in a if we ever get to network in person again and you see a group of people and this certification is not going to make you better at interacting with them go interact with them and you know people aren't that evil you're gonna have a good conversation so you'll learn something maybe they'll learn something maybe you'll realize that there's they're not they're not the wizards which goes into the next slide how do you get the certificate you need five years of experience in two or more domains and if you don't have the experience there's some other stuff you can do but these are the eight domains

just to give you a little bit of my history Atlas more I've been more in the security and risk management I do a little bit of everything but security risk management and then I didn't the access management are my two big ones and yeah got some some of the other ones but not as deep that number one and number five or my deepest just from my experience you need some book knowledge like I said broad but not deep and forget the idea that you have to be a wizard or a magician or some you know savant you you don't need any of that so I just want people to know that you can just build the blocks up get this

knowledge under your belt go take the test and you'll be good so what does the certificate cost or what does the certification cost you can you might be in buying books you could spend hundreds of dollars on various books boot camps that was one of the big things people told me to go do they told me the company might pay for it I had some I'm maybe maybe if you want to go and you consider hey I got to go away for a week but if you have to pay for yourself that's the boot camp the travel the lodging the food you're missing work so all of that I just didn't want to go after that in that way also boot camp

puts a lot of pressure on you and your a lot of them let you take the test on the last day if I'm not ready then I don't want to be pressured into taking the test so I decided to try to get ready without boot camp if I have failed miserably May got a look at it you have to pay for the test itself you're gonna have the hassle of all of this coordination and any of the that's an overall cost time away from family as you prepare and then you've got fees to is C squared and you know of course you've got fees there's no way I'm gonna tell you how to get around those the

path that most people told me to do with the boot camp in the books was probably gonna cost me around $7,000 and I did all this and I'm gonna tell you how I did it for about nine hundred dollars and eight hundred twenty-five dollars of that was going to is C squared so that was unavoidable okay so how do you get the certification what are the steps first you have to confirm you have the required experience just for yourself and then you go go register they're going to back after everything and make you show and prove you have the experience but just for yourself count up how are you going to get to your five years of

experience and you know there's eight domains so if you were doing networking that's one of the domains if you were doing security assessments that's a domain so you can a lot of stuff count so don't count yourself out until you actually go and look into the requirements then you register for the test that is going to cost you six hundred ninety nine dollars I typed this up back in like November December so I don't think it's going up but it might have and actually just to tell you all I took the test in like November first so and I passed or I wouldn't be given this presentation so yet to pass the test then you contact a sponsor somebody else

who has the certification that knows you and knows that you've actually put time into this or they can vouch for your experience and you get them to sponsor you so as you pass the test you will get an email that says hey you made it you passed the test now you need to give us tell us who's going to sponsor you you contact that sponsor they will give you their sponsor information and then you put that into the tool on the is c-squared webpage and submit that you allow them Tom this this is like the longest six weeks ever even though I knew I had a passing score I was you know well we'll get those scoring in a

few minutes you finally received accept its notification and then you pay another $125 and as soon as you pay that they say wow you're certified you're always in this from the time you pass the test until the time you pay that fee you're in this pending phase but as soon as you pay you're magically certified at that point and then for the rest of your life until you retire or you decide you don't want to do this security thing anymore you pay that annual fee because you never want to take this test again you also collect CPEs those are going to be a requirement but all certifications seem to have that and you'll get some today and then you can

help advance the profession helped others just be a good steward of this certification and helping this be a good career path for many other people all right what are the experience requirements like I said five years in two of the domains I've told you I was in domain one and domain five for the majority of my experience if you don't have that you can you can get one year of experience by showing that you have a four-year degree in a relevant for a relevant for your degree or that you have another security credential you can look up the exact requirements on the CISSP website I did put the URL there you're going to need to become familiar

with that site to go forward anyway you can pass the exam without any experience and get an associate level credential and I didn't really have to look too deep into that cuz I had the experience but you can do that if you just want to get ahead and have it and then it'll turn over when you prove the experience okay so what is the test how does the test work this is something that made me pretty nervous to think about so first of all you're paying your $700 I can't help you get around that that's your biggest fee so the way the test is these days and this is not the test that people 10 years ago had but you get on

you get three hours you will get a minimum of 100 questions and a maximum of 150 questions and the tool is dynamic so if you are showing that you are not showing expertise on some questions it's going to give you more questions in that area to give you a chance to show expertise if you do answer well and show your expertise it'll move on to another subject so that tells you it's going to be dynamically changing as you answer out of the first 100 questions 25 of them are going to be test questions that don't even count against you they're just seeing if they work if they look like they're good indicators of somebody having mastered this knowledge

at question 100 the test might stop at question 110 the test might stop at question 150 the test might stop so you'll get to a point in the test where it has made a decision the tool has said with you know 95% clarity or you know whatever their algorithms are they don't release the exact numbers but it has said I statistically know that you're good or I statistically know that you're not good so at 100 questions it could stop and fail you it could stop and pass you or at 150 it could stop it or anywhere in between one thing that that leads people to doing is if you go out into the reddit forums the are the subs or

whatever they're called or anywhere you'll you'll see people just posting past him 100 100 questions in 65 minutes passed at 120 questions didn't pass at 150 don't get tied up in reading all that you everybody gets the same you passed or you fail you you don't need to know if somebody passed it 100 and think that that means they're more valuable than somebody had passed at 110 who cares so don't perpetuate that how many minutes you took well you had three hours you know if you took it in 65 minutes okay somebody else took it in 90 minutes they'd like to read more somebody might have been sick that day who cares about the minutes so that's

why I'm not sharing with you I mean I solidly passed but I'm not gonna say I did it in X and X it's just it doesn't help anybody so um I talked about the adaptive format and when the test ends so if you don't like that if you want the six-hour test you want it to be 250 questions you can look at the non-english offerings because they are still offered that way and that's where I would hope that the room would giggle but you know okay so I took it with that test okay the electronic test was not available when I took it and I will tell you guys it was painful you know what I mean cuz

you're sitting there that long and it's and it's the old school you know style I mean when I took it bubble boxes like you took you know and again I don't know how old everybody is so that's when I was growing up and he took the SAT and every other test it was all bubble boxes you know what I mean everything was you name it everything was bubble boxes and and yeah it was a long test yeah so now the worst thing about the test for me was there you don't over all we need yeah when I was gonna say when you take that test and the old one you do not find out immediately I don't know if

they do now but in the old days you know what I mean you found out weeks later where at least where the electronic test you know at the end of the test failed back then you did not so there is there is a delay there and I will talk about that you hit a certain number of questions in the tool says okay I'm good and then you have to raise your hand you're in that you know the proctor room and they walk over and that you know you're a strain of copán and you showed them the screen it says hey I'm done and they say okay thank you and they they do their checks on the system to make sure

that you're not you know being nefarious there and then you walk out and you're stand there and then they they check you out and you have to sign something saying you didn't you have to do a palm scan and there's like this delay and then a printer across the room prints out a sheet of paper and you know what's on it but you're not allowed to run over there yet because they're still doing their due diligence of making sure you haven't done anything bad so during that delay period you're like what what what's going on what's going on what's going on but eventually you get the sheet of paper I see somebody's asking on discord about how proctoring is

working during kovat I've seen a lot of people talking about that on different forums of how various tests are being proctored now I don't know what cissp is doing right now I know that some people just couldn't take a test for a while and then the test dates were hard to come by so if you're looking for it go into the site try to schedule a test and see what it offers you it may be offering something that is months away or some people said that wow it opened up something tomorrow I think I'm gonna go take it tomorrow and like that may not be the best choice but if you feel you're ready it might be so just to tell

you what what I did as I was going through this and what I wish people would have shared with me he has I developed a next generation solution I used some artificial intelligence some deep learning a little bit of blockchain I put it all in one pane of glass and that's what I have for you today no I'm not just kidding but I wanted to cover all the buzzwords that you're supposed to say at a conference so here's how you prepare for the test first of all you have to know the code and that is to code of ethics don't steal training materials you know we're all in this industry where we know how to get two things or we can find

ways to share things and don't do that there's there's plenty of cheap sources there's plenty of people putting out free sources I'm going to tell you who some of those people are and you don't need to go after something that somebody intended to charge for and unless you're willing to pay for it so now free trials take advantage of free trials so and I'm looking at the discord it looks like proctoring stuff okay so the code of ethics you'll need to know this in order the the canons you see there there's four of them protect society act honorably provide competent service to your principles and advance the profession those are in order so if you were to come across a question that

asks you you know do you do this or do you do that and you know all this looks like an ethics question then you have to remember what order because you might be required to protect society before you are providing competent service to your principles at least for the test now if you're you know military or law enforcement you might have other rules but for this test you've got to go with these canons in this order those are also available at the is c-squared website so here's the sources that I used to get a well ran up test preparation and the idea is I don't want you going all and thinking you need to buy everything

a lot of people will tell you go buy all these books go to all these boot camps and you could spend all over your time you could spend all of your money and are you really effectively using your time and money so I'm gonna tell you some videos some books some test simulators and then after you do that you'll need to learn how to you'll learn your weak spots so you need to learn how to go after those weak spots and then the immersion part that's that's putting it all together I believe that's one of the most important parts about this test is that it doesn't ask you things all from one domain at the same time

it'll ask you a question that actually interacts with four different domains and lets you make a risk decision so that's where the immersion comes in as is making a risk decision and then time wasters I'm going to tell you some places where I wasted time I thought they were gonna be good sources they seemed like they were gonna be good sources and now that I've taken the test I realized that they were leading me astray so three free video series and these were free back in February March but they still might so we'll just go through the list sigh Prairie Kelley Hanrahan's series this is multiple hours of her explaining everything you need to know for the test this is a great series

you need to sign up for a cyber e free account but about a month ago I heard they pulled her videos off of the free site are off of the free offerings but cyber area is always shifting stuff around so she might come back onto the free she might have fallen off the free because my account got to be six months old a year old so she wasn't free to me anymore look for her videos also on cyber re there's always once you sign up for a free account you can look up in the corner of the page and they're always saying hey sell ins today everything's 50% off sale ends tomorrow everything 70% off there's always an unaware e so

if you need to get a month and just see her videos that's worth it the next set of videos is fr secure and those are always free that is a I believe they're in Minnesota it's a security firm and they're just offering a CISSP Mentor Program you go up onto their page I believe it's under the events tab they've done it for several years they're like a thousand people taking it this year you're a little late to sign up to take it synchronously with them they're there wrapping up their program right now but they post everything to YouTube so I didn't take it synchronously when I did it I used their 2019 videos and they were on

YouTube and I watched all of their videos and those helped me so that was my second exposure to all of the material then later on I found out about CBT Nuggets they had a one-week trial where you get to listen to the guy it's a guy's training site I mean he probably speaks it besides as well you go in his sight he all for seven days and it's a free trial he chose to put on a free trial I used about five days got through those videos and I'll say you know maybe I'll go back one day and actually need something and get a paid site we get a paid membership to his site so I am

gonna say that I did use his seven day free trial there so those are videos that is you can speed them up you can go to one point two five one point five speed but they are gonna expose you and that's multiple people so you get different exposures and even on the fr secure it's gonna be a different flavor in 2018 2019 2020 videos so you can get a lot of free content there and not and that's basically the boot camps that's what I envision a boot camp would have given me so next books I did go buy some books these are the two sets of books I bought I just went on Amazon spend about $50 on the sea is the

official cissp book from is C squared and the practice test so that came in a big stack of two books and then later on about the eleventh hour see Isis people there are other books and there are other good books these are the two I bought the good thing about the CISSP books from is C squared is they're considered the official study guide and they have practice tests in them so that's that's great and they even have an online test simulator the bad thing about that is a lot of people say they they read those books front to back cover to cover multiple times I couldn't do that it's awful sorry I just can't sit there and read those I would read

the intro to each chapter or each domain and look at the tests and then for weak spot concentration I'd go back into the book and find exactly what I wanted to look for then the next book I got was the eleventh hour that one that one's short I could actually read it and I did read it cover to cover and I did it later in my study process so then next okay here's the test simulator this comes with the book there's instructions inside the book that tell you and then you go to there it says go to this website and then you go to the Wiley website and it says look at page you know 47 third paragraph of the book and

you just you're proving you have the book that's what they wanted so that they could give you a 12-month account at Wally so you prove you have a book and then you get to get their test simulator their test simulator was good it was the only one I used and you can see here it has the chapters so you can do a practice test based on each chapter you can do a full exam and it'll it'll time you and it you know you can tell it don't give me the until I'm done and that's whether you do it in practice mode or an exam mode somebody's asking about the all-in-one books I don't know I didn't use those

books um and that was one of my things is I didn't want to go out and buy everything so I'm what I'm trying to tell you here is if you do these things you will get adequate exposure and you don't have to worry should I have done that should I have done this this will be adequate exposure to if you do these things so the kana had about this the Wiley Cybex test simulator is the explanations of the right answer are just not enough and here's an example this is not a real test question but let's let's we're just going to go through this so let's assume they give you a question of your company has sent

you overseas to conduct a security assessment on a vendor that processes phi4 your company and and they won't write out pH I don't expect you to know what that is so you look at this setup and you say okay my company so I'm employed I've been sent overseas okay so there's some country and boundary things but I don't know where I got sent so I can't say this is European Union stuff or if this is I can't say it's got California privacy in it I don't know much there but I went overseas okay I'm conducting a security assessment that's why I'm there I'm looking at a vendor okay so now I've got the interrelationships third parties

here so and I'm looking at pH a so there's a there's a health flavor here okay so this lead-in has told me you know eight or nine things I already know I need to be thinking about different risks and variables are starting to float in my head and then the question comes up what is the first thing you should do upon arrival to the hotel and if y'all post in discord and see what you think the answer is here and I wrote this question way before the the coded thing but you should you immediately begin to hack the vendor since your IP address will be local should you wash your hands should you take a nap

or should you text your next of kin to advised of safe arrival so I'm seeing some people say I say B D C B and definitely B now and B okay like I said I wrote this before Kovac and this is the idea of this is to show you the type of explanations that the wildly Cybex text test generator is going to give you um the answer the first thing you should do upon arrival to the hotel is wash your hands now yeah that happened I left it there with the kovat thing going around but to me I don't see that as being an explanation so I want to know well why did they think that because yeah I can look at a

and think yeah I'm not supposed to just go hack the bender that that's something I need rules of engagement and nobody has told me I had that and that's not all a security assessment is so I can I can pretty much write that one else it's probably illegal I could wash my hands I could take a nap I could text somebody well those are all three I don't know health security relevant they are and so you're kind of looking at these I don't know how to choose among those three you know my wife is gonna tell me to text her but that's not something the book told me see some of these questions she'll be looking at confused as to why

and the test generator is not going to tell you so that is something that's a little bothersome about that test generator and like set us a fake question there's no right answer there's no wrong answer but well I would say hacking them without you know proper authority to do that is probably the wrong answer but nobody said do a so there we go good job the next thing so that's the reason I'm gonna tell you that there are some other test simulators that you might want to look at but they're gonna cost more so after you've done the videos after you've done the test simulators then you're going to find out your weak spots and that's

whenever I think you should go and read read the book in depth and that's when you pull out YouTube I don't recommend you go into YouTube and just not typing CISSP training you will get you'll get a lot of results some of it is more stuff to put you asleep some of it might be good a lot of it was just wrong after I've taken the test I've realized that a lot of these daily questions that people put out or we're not the kind of stuffs on the test there's I don't want to particularly call out any youtubers that are doing this but just just be careful out there because they're not putting out the

right material they're asking very technical questions they're asking about you know this particular server manufacturer and that's that's just not the way the test works so and you mean every type of algorithm or software version is probably going to have a time when it becomes deprecated I mean it's going to become something that you don't want to use anymore so they don't want to have questions that are gonna age like that so a lot of the questions are not going to you know because they don't want to have something that's a question in here that you know last month news came out and said never do this again but two months ago it was the best thing

to do well then their questions gonna be bad so their questions are trying to be somewhat timeless so a lot of the questions I saw on the YouTube different channels were um people who had too much specificity and their question and it would have mislead people um yeah somebody's mentioning Sean Harris I didn't use her series but everybody told me it was great so if that I needed one more thing I would have used that okay so after you've done you've found your weak spots then you can go out I do recommend YouTube for you know memorizing some you know I recommend you spend extra time to memorize some ports look at some encryption algorithm stats maybe you

need YouTube to get a few more people to explain the OSI OSI model to you you just you just didn't quite get it you want a refresher you want to hear somebody else explain it or um you know what does a router what does a switch you may realize that I'm from these things to spend extra time on my history not my experience was not networking so that was one of the places I had to build up my knowledge but go to YouTube for those specific questions where you know you need help alright the immersion this is where you get to put things together you get to learn how you know sisters really look at risks and that's one of the things

that's very important to the questions on the test so join the is c-squared chapters aisaka issa go to b-sides see what people were actually talking about and you know don't exact don't get sucked into all the the pen testing that's you know not going to be how to pin tests that's not what this test is listen to podcasts some of the ones I like are unsecured a smashing security and security now sometimes security now gets you know awful threads that aren't relevant to the test but it's it's good to see how people bring various different aspects of the test together and make those domains mingle so and then news and blogs are like Krebs schneier and naked security they give

you articles of current events and seeing how things are working I believe this is immersion is the way that you're actually going to now to answer the questions so time wasters going to reddit for the substance the ISIS be that's where you'll see how fast somebody else failed or passed the test may be in there you might get a few more ideas for some sources to use I think in this presentation I've given you a lot of ideas of sources to use if you do 90% of these sources you'll be good you know read it could also lead you into reading about other people's just troubles and not passing what they studied but a lot

of it is just time wasting same thing happened with groups for cissp on facebook there is an app for your phone called pocket prep and that when it wasn't that it was bad it was just it took about it was about ten minutes it just got there all the questions and it had nothing else for me so if you want to you know put ten minutes into that but don't think it's gonna be a real good study aid and then YouTube like I said the general searches could lead you to people who aren't gonna give you great information the next thing that's time wasters is you need to create a parking lot so all the shining objects that you

come across that look really cool while you're studying you know they're there is a the book touches on lock-picking so you might need to know that lock-picking exists well you don't need to go by the practice kit and by the pics and try to lockpick every lock in your house and every padlock you can find and get online an order and there's there's a lot of interesting stuff about lock picking but it's not gonna help you on the test to know how to do it what will help you on the test is just knowing that lock picking is important to physical security Kali Linux you don't need to even know what Kali Linux is on

this test so being able to install it putting in virtual machines running this going to hack the Box Metasploit able you don't need to know any of that so don't put your time in that yeah gary mentions baking into your neighbor's house you know sometimes you might be want to be a good neighbor and they've locked themselves out and you save them locksmith bill but that's not helping you for your test and you know be careful with that and then I just got the disco ball for whatever your shiny object is put it in your parking lot write it down don't forget about it it's interesting stuff you want to keep growing but just put that for after the

test say you know after I passed this test then I'm gonna and I'm gonna buy a new laptop and put Kali on it or then I'm gonna buy my lockpick set and me my son are gonna learn lock picking together so do that after the test so one thing after I gave this presentation to some of the people they asked me about a prep plan how many weeks how much time did I spend so I didn't exactly do it this way but because I didn't figure out my sources until later and I did some bad sources and some good sources but here's the way I would do it if I was doing it again I

would decide to take the ten and then schedule it out 12 weeks the first four weeks I would view all the cyber are E and F are secure videos um and then you know keep up with those do them the right way don't try to speed them away through them do a few hours a night and this is this is planning on 10 to 12 hours per week then I would do practice exams for six weeks and this is something I did so the testing later had six weeks of practice tests and I went off and my daughter was half off at college I went in her bedroom at the back of the house with my laptop so I

could have quiet and I spent three hours there taking a test simulator and then I spent another hour reviewing the results of you know it says I was weak here well I would look at every question and try to see you know the explanations weren't that great but I would find the weak spots and then during the weeks I would do that on Saturday morning and then during that that week I would go to YouTube Wikipedia the is C squared book and I would brush up on the things I was having as weak areas something I've learned since then as there is another site because I feel that I was telling you to go to cyber re and now it's not

free so I was trying to replace that in the last week or so with another learning O'Reilly com that's great they have a 10 day trial so at some point you could use that and there they have the books seem to be available you can read the books pretty well videos are not gonna be available in your trial but the cost wasn't that bad for that if you want to get a month of that membership so I would do that for the next six weeks I was always hoping to get up to 90% on the tests but really I stayed in the high 70s I was 77 81 88 89 I kind of stayed right there in

the right there near 80% I wanted to be higher but that's where I was coming out but I'll tell you that that worked out very well on the test so I was not a barely passer so I recommend if you can be around 80% on those that Cybex wylie test generator that's probably that worked out for me so then I did spend a week and did the trial version of CBT Nuggets videos those were good that was you know another way of just getting another exposure and then I read the 11th hour book and then I took the test so with those you know and also throughout that time period throw in listening to your podcasts you know if

you ever have to drive your car again if we ever you know I used to have a about an hour commute each way and I could listen to podcast every day now I try to remember to do it but I'm working with home is giving me some other freedoms you can read the news read the news sites and attend your local inter set groups like b-sides maybe your town has others I'm in about three or four of them in the Columbia area but those also just give you a chance to mix these ideas and overlap these domains

additional sources if you need to you know you feel this just isn't enough you want some more things get the Sean Harris all-in-one exam guide that's available on Amazon there's lots of used copies do the CBT Nuggets maybe you want to pay for unlocking the practice tests in there that's $60 for a month and that way you get their practice tests bosun they have practice tests to a lot of people said they have the best practice tests I didn't pay for it I see somebody is asking about cissp versus CISM I did the CISM a few years before the CISSP the tests are really quite different but I think they're still looking for the same type of

person that information security manager versus information security professional and the titles aren't that different they are offer about two different organizations that was just as I was coming into this people told me that say I assume is something you would take first actually they told me security plus first so security plus then C is M then C is SP and when I went looking at what the jobs required I used that as AI these are the jobs I'm kind of wanting to look at looked at what they required and then chose to do the C Isis in CI SEM first and then a few later few years later came back and got CISSP don't know how

I'm doing on time but um we're almost done anyway then you can also like mention learning O'Reilly oh yeah the tests for CIS MSA Isis we are very different they're they're not better or worse but the test questions are very different CIS em I felt like I was sure I was right it was kind of a binary sometimes and see Isis B it was like well this is kind of a 60/40 question I hope I'm on the 60 side and not on the 40 side so the next one is so I'm gonna wrap it up I didn't tell you how to pass the test I didn't tell you what the material was on the test you're gonna

have to do the work what I am saying is you don't have to pay a bootcamp for you to do the work even if you go to boot camp you still have to do the work so why pay someone if you're gonna do the work using the sources I presented you can be confident that you'll be adequately exposed at the proper depth and if you see an odd question on the test if you're taking the test and they throw something at you you've never seen before you don't remember it revealing the book anywhere then you know tell yourself in your head that that was one of their practice questions that was one that they are reviewing to see if it's

any good and it doesn't matter what I answered maybe that's true maybe that's not but tell yourself that so you can move ahead then the last thing I have that I'll close with is the dunning-kruger effect you walk o through multiple versions of this as you are moving from you know you start on the left you have no experience and then on the right you're very experienced as you're getting prepared for this test at some point you're gonna feel really confident you're gonna think I know everything I'm good well not you don't know everything but you're gonna think you're really good at this and then the next week you might fall off of that mount stupid peak and be in the valley

of despair of thinking you don't know any just know that in doing that and going from thinking you know a lot to thinking you don't know a lot you have moved forward and overall in what you know so I also like to use this when I think about my teenagers and they're they're writing us for life as an adult so um but keep that in mind that it's okay even if you feel like you're in the valley of despair you're still moving forward closer to expert here's all of the study materials put on one slide so if you weren't taking notes then you could have them all in one place and then offer for you all to ask questions

also in watching the other people giving their presentations I noticed a lot of people asking for slides so I went and just created a github and the only thing on that github is these slides so that way y'all could go out and grab them today you just go to github and look for the repository cheap CISSP and there's the slots that's all I have on them I'm gonna look at discord or Shane if you want to tell me if any questions have come in let me check real quick got it and see me a second ago people were doing more comments there was go ahead yeah I see I see a background question and so my background is management

consulting into project management IT areas and then those IT areas suddenly are not suddenly merged and to always be in security area so I was helping different security areas get their processes better and then get their tools new tool installs so doing IT security project management and realize I liked working with those teams and be joined to those teams doing risk assessments helping companies improve their security posture so more in that working in the office of the CISO and deciding the now deciding strategy for various aspects of tools we want to improve or different risks we want to minimize over in the next few years so that's my side of it it's not technical I'm not not networking not a programmer

just more of that risk decisions so Jeff there was one a little ways back and it was a few but if you if you had these kind of certifications on your goal list and you had to pick one would you pick with the CISM or the CISSP I tell you cissp gets you more calls from recruiters so if that's what you're looking for then it's going to know it's it's more difficult I believe than getting the CISM so if you just feel like you need to get one and you want to you don't really you want to be done with it as fast as possible I'm not gonna say a CI system is easy but I

would say that one's the that was easier for me the CISSP though the recruiters do call more