CISSP: Certified Information Systems Security Professional (2024)

WEBVTT (Music) to be jumping into this course with you. We're going to be having a discussion about CISSP. And this is a very big course, Robin. What are some of the things that we need to talk about before we even launch into the topics? So you need to keep in mind that the CISSP exam is geared toward a management level certification. It is not a practitioner level certification. And as such, it covers a wide range of topics. I tell people that the CISSP topics wise is about a mile long, but it only goes about an inch deep. Because you are looking at things from a management level. You're not the practitioner that has to go and do all the security controls and configure everything. You're the manager that has to make the decision of what you're going to do. And then you give the IT department folks their marching orders so they can do their jobs as well. So that's what the CISSP exam is all about-- management level cybersecurity. And this is a really great starting point to have our discussion go into a little bit more depth about the experience you may need. So what does that look like? So the experience that you're going to need when you're taking the CISSP exam is they do require that you have five years of cumulative experience in two or more than eight domains. The eight domains are your main areas of knowledge within the exam. And they want that five years. You're going to have to actually prove that you have. It's just more of a, I worked in this project and I did this. I worked for this many years managing these kind of devices. And it's in two or more of the domains, five years. However, just because you like the experience, it doesn't mean you have to totally discount this exam and say, I can't take the exam. Because what they do allow you to do is if you take and pass the exam, you can do something called becoming associate of ISC2. And what happens then is you get that associate status and you have a certain amount of time to get the required work experience to become a full fledged CISSP. So it's like a provisional certification that you get until that experience comes along. So if you're taking this course, you don't really have the experience, don't let that keep you from taking the exam. Let me tell you a little bit about the exam. Now, the exam is what's called a CAT exam. It's computerized adaptive testing. What this means is this exam has an algorithm built in it where they try to minimize the number of questions that they give you. And they start with kind of a lower level difficulty. And as you get questions right and as you progress through the exam, the questions get harder and harder. And in the background, this algorithm is learning about you and determining whether you've got the knowledge to pass this exam. You'll get three hours to take the exam. You will get between 125 and 150 questions maximum. 25 of those questions generally are not graded. You are not going to know which ones are not graded. They're not marked in any way. And the reason they do this is it gives them a chance to have like a pretest of questions. Those 25 ungraded questions don't count toward or against your score, but it allows the psychometricians in the background to determine if they're really a good question. If a question has gotten consistently wrong, it may not be a good question. But your questions start at a lower level and progress and get higher. And at some point, you'll quit getting and you'll either get your pass or your fail. The format of the questions is you will see mostly multiple-choice questions, but there are what they call advanced innovative items. These are things like matching questions where you're matching terms and definitions are matching wireless deployments and their speeds, stuff like that. There's also a listing question where you're putting things, steps in an order. You can see things like a hotspot question where you're given a graphic and you've got to click on a particular component in that graphic. And there's also, in some cases, you might have some other items that are more lab-like. The passing grade for this exam is 700 out of 1,000. And remember, with the computer adaptive testing, with that three-hour time limit, if you get up, the timer does not stop. In other words, if you need to take a break and go get a drink, whatever, you can do so, but the timer does not stop. Now, finally, I want to discuss the examination domains and the weightings they're given. As I mentioned in an earlier thing, you need to get that. You need to have experience in two of the eight domains. Well, here's the eight domains. As you can see, the eight domains have various weightings. Some of them are as high as 16%. Some of them are as low as 10%. And that just basically explains to you or shows you the weighting given to those domains. Now, something that I do suggest to folks is if they have a domain they feel pretty good about, still go through the learning material, but maybe you don't spend as much of a focus as you would on those domains that you know. If you look at this and you go, "Whoo!" You know, that software development security, I am not a developer, and I'm going to really have to do a deep dive into that. Well, spend a little bit more time on that. Give yourself a preparation plan, but when you're planning, go ahead and book your examination date, because it's so easy. If we don't set that goal of, "This is the day I want to go take it," we keep putting it off, and we keep putting it off. You can, by the way, if you set the date, you can move it as long as you move it within a certain time limit. But if you don't set the date, it's so easy to just keep pushing that certification attempt down the road. Guys, this exam is not hard, but you do have to have a certain level of knowledge. And you can do it. Go through this course. And like I said, on those topics that you don't really know, go circle back. Do a deeper dive if you need to. Look at our notes. It's not just about that personality on screen and the information they're imparting. They've also given you some notes. And there's also going to be references that you can go out to. Speaking of references, Lauren, I'm in the video world now, but prior to stepping over into the video world, I have always been a writer. For 20 years now, I've written IT certification topics as far as prep materials. Well, about a decade ago, I started writing books. And my first foray into writing books was writing a cert-- was writing a cert guide on the CISSP exam. Now, I started this a decade ago. And currently, the published edition is the fourth edition. And that, if you go to Pearson.com and you type in my name, Robin Abernathy, you'll see the fourth edition of this book available. Now, we are currently writing and revising the fifth edition. So the fifth edition is written to the latest objectives, the 2024 objectives. So it should be released soon. But right now, the fourth edition-- now, I will tell you this. There's not a huge difference between the fourth edition and the fifth edition. With the fourth edition, to go into the fifth edition, there was one domain, the communication and network security domain, domain four. It had a pretty heavy edit. But all of the other domains were just minor little tweaks they did. So the fourth edition isn't out of date. It's just going to have a few things that might be missing from there. So I'm not saying you can't get the fourth edition. But if you can delay taking that certification exam and wait for that fifth edition to come out, that's what I'd suggest. So there you have it, the CISSP exam. It's a great exam to get. The Department of Defense recognizes it as part of their 8570.1 initiative as a management level cert. So Lauren, it's a lot. It's a lot. But it's-- A mile long and inch deep. And inch deep. OK, so Robin and I will be-- some of the faces that you see, but you'll get a chance to see a lot of edutainers taking apart each of the domains and helping you learn along the way. You will see another host, like myself named Sophie, who will be your learner advocate. And remember, there are so many resources put together by the edutainers that have notes and check out Robin's book and some-- maybe some links that you can check out as well. So Robin, I'm ready to get started if you (Music)