Obtaining the Certified Information Systems Security Professional (CISSP) Credential

Researching the CISSP

In February 2019, I decided to start my journey toward obtaining the CISSP (Certified Information Systems Security Professional) credential. The CISSP is a certification covering a wide range of information security topics. It is consistently included in annual top ten lists of the best IT certifications.

At that point in my career, I had 18 years of professional experience across various aspects of IT and, during the last two years of that time, I had become more directly involved in information security. After spending time reading about the exam format, the domains covered by the exam, horror stories about its difficulty, and some healthy procrastinating, I began studying at the beginning of May 2019.

As part of my initial research, I read seemingly endless posts in which people claimed to study 8+ hours per day for months to prepare for the exam. I also found a number of posters who claimed to sit for the exam with minimal (or zero) study. How much time should you spend studying? It depends! The amount of preparation needed to pass the exam depends entirely on you — your educational background, your professional work experience, and your ability to absorb the study materials. The domains covered by the exam are broad and many people describe the exam as a mile wide and an inch deep. I assumed that I wouldn’t need much preparation given my background and experience. I was wrong.

Studying for the CISSP Exam

Between family and work commitments, I limited my study time to a few hours of reading during the early hours on weekends. I set a goal to read a chapter per week from (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. WARNING — this book is dense, dry, and repetitive. I found it to be a difficult read and I used 3 months (May through July) to finish it.

While the study guide has 20 practice questions at the end of each chapter, I didn’t attempt them until I finished reading the entire book. Thinking back, I probably should have attempted them immediately after finishing a chapter or a week later at most. The questions uncovered that I didn’t retain a lot of detail from each of the chapters over that 3 month period. I was scoring in the neighborhood of 60% in each chapter. It was an alarming realization because I thought I was retaining much more.

I knew I needed to do something more than reread the study guide so I supplemented my studies with free audio resources from Kelly Handerhan available on Cybrary. This allowed me to take advantage of my commute and add about 2 hours per day of study time in addition to any weekend reading. From August through mid-October, I probably listened to Kelly’s course 3 times completely and some individual lessons many more times.

PARENTING HACK — The audio course served a dual purpose as it is apparently boring to children (and most adults) and can put kids to sleep if played in the car for everyone to hear.

From September until a few days prior to the test, I used the Boson test simulator almost daily for practice questions. This software helped me identify weak points and also exposed me to material beyond the study guide. The software provides very detailed explanations of the answers and why one answer was more correct than the other choices. The software allows you to configure custom exams to focus on troublesome domains or on questions that are consistently answered incorrectly. The software is worth the additional cost and you can occasionally find discount codes on the CISSP Reddit group.

Up to this point, I had not scheduled the exam. I didn’t want to lock myself into a date but by mid-September I felt ready. I had been preparing for over 4 months and I didn’t want to prolong it. I scheduled the exam for mid-October. Also during this period, I significantly increased my time spent reading. I revisited the Official Study Guide and started the Eleventh Hour CISSP: Study Guide. I also branched out to YouTube videos to help me better understand concepts where I had lower practice scores. I know I went too deep into the technical aspects of networking, but at least the videos were interesting and I learned (or refreshed my memory) on many topics I had not touched in a while.

Exam Day

I was very nervous on exam day. I felt like I wasn’t ready but I had to go for it. I was tired of studying, taking practice questions, and generally worrying about the exam. All I will say about the exam itself is that it is challenging. When the first question popped up I had a moment of panic, but I took my time and tried to calm my nerves. In the end, I finished the exam in roughly 90 minutes at question 100.

After the Exam

Once I passed the exam, I received an email with instructions to complete the application for the CISSP credential. I completed the application and requested an endorsement from another active CISSP. This took about 5 days for me to complete after passing the exam. From this point, it takes another 6 to 8 weeks for (ISC)2 to review and approve the application. I received an email that my application was approved exactly 4 weeks post submission and membership fees were due. After paying the fees, I received a confirmation that I was officially a CISSP! The welcome package with printed certificate, membership card, and CISSP pin arrived about a month later.

  • CISSP Welcome Package
    CISSP Welcome Package
  • CISSP Certificate
    CISSP Certificate
  • CISSP Pin
    CISSP Pin
CISSP Welcome Package and Contents

Final Notes

To answer the question of how long does it take to prepare for the CISSP — for me it took 5 and a half months from May through mid-October with varying amounts of weekly study time.

Months 0-35 hours per week reading
Month 4• 5 hours per week reading
• 10 hours per week listening to Cybrary audio
• 1 hour per week on practice questions
Months 5-5.5• 20 hours per week reading
• 10 hours per week listening to Cybrary audio
• 5 hour per week on practice questions

One other point to note is the cost to obtain the CISSP (all amounts here are in USD and as of 2019). It’s not inexpensive. The exam itself is $699 and the annual membership fees are $125. I also purchased two books totaling $55 and the Boson software for $85 (after discount). My total cost was $964. Keep in mind that the exam fee is required each time you take the exam. I was very hesitant to schedule the exam too early because I didn’t want to risk not passing and paying another $699.

Resources

(ISC)2 CISSP

CISSP – Certified Information System Security Professional Subreddit

CISSP 16-week Study Guide, Resources, and Links to Source Documents

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

Eleventh Hour CISSP: Study Guide (Syngress Eleventh Hour)

Cybrary – CISSP Training with Kelly Handerhan

Boson ExSim-Max for CISSP

Kelly Handerhan – Why you will pass the CISSP

Larry Greenblatt – Pass the 2018 CISSP with Kirk & Spock

Parse Cell Value in Excel Using Regular Expressions

Using Excel formulas to parse a substring from a cell value is usually difficult especially if the cell value or pattern is not easily defined. I have found that it requires various combinations of SEARCH, FIND, LEFT, RIGHT, MID, etc. The resulting formula is both unreadable and it does not successfully handle all cell values thus resulting in manual clean up. It would be nice if the SEARCH or FIND functions were able to use regular expressions by default.

The following VBA function allows you to parse a cell value based on a regular expression. To use this function, you must enable Microsoft VBScript Regular Expressions 5.5.

  1. On the Developer ribbon, click Visual Basic
  2. Once the Visual Basic window opens, go to Tools -> References…
  3. From the References dialog box, check/enable Microsoft Regular Expressions 5.5
  4. Click the OK button

Now that the regular expression reference is activated, insert a new module into the workbook if one doesn’t already exist. The code will not work if added directly to a worksheet object.

Add the below code to the module. You can then use it as part of formulas in the workbook, e.g. =RegExParse(A1,”ID[0-9]+”). This would parse the value in cell A1 returning the substring matching the pattern ID[0-9]+, e.g. ID0, ID123, ID183274917234.

Option Explicit

Public Function RegExParse(val As String, SearchPattern As String) As String
  On Error GoTo errorHandler
  
  Dim regEx As New RegExp
  
  With regEx
    .Global = True
    .MultiLine = True
    .IgnoreCase = True
    .pattern = SearchPattern
  End With
  
  If regEx.Test(val) Then
    RegExParse = regEx.Execute(val)(0)
  Else
    RegExParse = ""
  End If
  
errorHandler:
  If Err.Number <> 0 Then
    RegExParse = ""
  End If
End Function

Dialogue from The Legend of Zelda: Breath of the Wild

The Legend of Zelda series has always been a favorite of mine. The original game eluded me until it was released as a retro game on the Wii’s Virtual Console. I played a rental copy from the local video store in the dark ages, but I was never able to get a copy of my own and the two day rental was not enough time to complete it. Thankfully, Santa brought me the gold cartridge of Zelda II: The Adventure of Link in 1988 and I was hooked. Since then, The Legend of Zelda: A Link to the Past and Ocarina of Time have become two of my favorite games of all time. While I love the stories, the puzzles, the dungeons, and the timeline that sort of makes sense if you don’t think too hard – it’s the dialogue between Link and the non-playable characters or the surrounding environment that really sets it apart from other favorites. I think the dialogue in earlier games was unintentionally humorous because of translations or poor writing, but the later games must know they’re funny.

I’m still very early into Breath of the Wild so I’m sure I’ll encounter more funny dialogue during the journey, but here are a few captures so far. Breath of the Wild is continuing the tradition and it’s an amazing game.

The Legend of Zelda: Breath of the Wild - Journal of Various Worries
The Legend of Zelda: Breath of the Wild – Journal of Various Worries
The Legend of Zelda: Breath of the Wild - Shouldn't You Be Dead?
The Legend of Zelda: Breath of the Wild – Shouldn’t You Be Dead?
The Legend of Zelda: Breath of the Wild - SHA-DING
The Legend of Zelda: Breath of the Wild – SHA-DING
The Legend of Zelda: Breath of the Wild - Rumored Birthday
The Legend of Zelda: Breath of the Wild – Rumored Birthday