cybernous logo
Common mistakes to avoid during CISSP preparation CISSP-training-in-bangalore

Common mistakes to avoid during CISSP preparation

Manoj Sharma
Manoj SharmaCISSP | CCSP | CISM | CRISC | CPISI | CPEGP | ISMS

Let’s first start with the basics. Certified Information Systems Security Professional (CISSP) certification is considered as a gold standard in cybersecurity. As an aspiring or seasoned cybersecurity professional, CISSP can be a defining achievement in your career.

What is Certified Information Systems Security Professional (CISSP) certification?

Security professionals who desire a thorough understanding of the most recent cybersecurity and information system security services should pursue the Certified Information Systems Security Professional (CISSP) certification. Achieving your CISSP certification is a stamp of assurance to your employers that you can take effective cybersecurity decisions based on the risk-based approach. Most of the firms look out for CISSP certified professionals to be their Directors, Senior Directors and even CISO.

The CISSP Certification is developed and managed by the Non-profitable Systems Security Certification Consortium (ISC2). The certification tests you on the following domains.

CISSP Knowledge Domains

CISSP domains refer to the eight broad areas of knowledge that are covered in the CISSP Common Body of Knowledge (CBK). CISSP is a globally recognized certification for information security professionals, and the CBK is a framework that outlines the topics and skills required to demonstrate competence in the field of information security.

The 8 Domains are as follows :

Security and Risk Management: This domain focuses on establishing and maintaining a robust security program through effective governance and Risk Management. It involves understanding organizational security goals, risk management practices, and legal/regulatory requirements. Security policies, procedures, and personnel security are also covered.

Asset Security: Asset security involves identifying, classifying, and protecting information assets throughout their lifecycle. It encompasses data privacy, data retention, and secure data handling practices.

Security Architecture and Engineering: This domain deals with building and maintaining secure systems and environments. It covers secure design principles, security models, system components, and security capabilities of information systems.

Communication and Network Security: Communication and network security concentrates on protecting data during transmission. It encompasses network components, protocols, secure network architecture, and secure communication channels.

Identity and Access Management (IAM): IAM is about securely managing user access to resources. This domain includes topics like user authentication, access control models, and multi-factor authentication.

Security Assessment and Testing: This domain focuses on evaluating the effectiveness of security measures. It covers topics such as vulnerability assessments, penetration testing, security control testing, and the importance of security audits.

Security Operations: Security operations involve managing day-to-day security activities and responding to incidents. It covers areas like incident response, disaster recovery planning, and security monitoring.

Software Development Security: This domain emphasizes integrating security into the software development process. It includes secure coding practices, software testing, and software security controls.

Each domain plays a crucial role in ensuring a comprehensive approach to information security. CISSP candidates need to understand and demonstrate proficiency in all domains to earn the certification. The exam tests candidates on their knowledge, practical application, and decision-making skills in real-world security scenarios.

Understanding the eligibility criteria for CISSP Certification

You are eligible for a CISSP Certification if :

You have been employed full-time as a paid security professional for the previous five years and you are able to showcase your experience in any two CISSP domains as explained above. One year waiver is provided if you are an engineering graduate, or you already hold a cybersecurity certifications as indicated by (ISC)2

Can Freshers do CISSP Certification?

Even freshers can appear for the CISSP Certification, and this is treated as an amazing testimony for anyone doing this certification as a fresher. However, you will be awarded with the (ISC)2 Associate membership if you do not have 5 years of experience, and you will get 6 years to endorse your cybersecurity experience. Once the overall experience counts to 5 years, you can apply for CISSP Certification. This is a great opportunity for freshers to get into cybersecurity domain.

Is CISSP Certification Exam Challenging?

Over 19+ years, I have dedicated myself to this ever-evolving field, earning various esteemed certifications such as CISSP, CCSP, CISM, CRISC, ISMS, PCI-DSS, DSCI-DCPP, and GDPR Practitioner. Being part of thousands of CISSPs success journey, I understood that CISSP certification is a challenging exam.

Here is a critical analysis of Why people Fail CISSP Exam.

1. Lack of a clear Goal

Almost every second cybersecurity professional aspires to get CISSP Certified, however many few of them actually decide to do it. Those who decide also to do not have a clearly defined Goal. CISSP Certification requires a dedicated time and focus approach and must always be taken as a project. Have a clearly defined date by when you want to pass the certification exam.

2. Lack of a clear Plan

If you fail to Plan, you plan to fail. CISSP Journey is often tasking and requires you to extract extra hours from your ongoing work and family commitments. Once you fix your goal, as a second step, you must prepare a CISSP preparation plan. Making this fairly simple, you can download the CISSP curriculum from (ISC)2 website in excel format. Once you download, divide this into days. You can reach out to me to help out with this.

3. Reading too much of Irrelevant stuff

The Internet is full of CISSP related information and not everything is really aligned with the CISSP exam pattern. Some of the information will just put you into a long loop resulting in wastage of your precious time, leading to frustration making you divert from your goal. Stop reading multiple books and following everyone. Pick a reliable source like CISSP Success Toolkit program which provides you everything you need for your CISSP Success. This will help you keep focused on what to study Vs what to avoid before the CISSP exam.

4. Reading (ISC) Common body of knowledge

Off course in today’s web 3.0 perspective, reading is the most boring part for any working professional. All major CISSP publications are worth a minimum of 1000 pages. Comprehending a concept wrong can further depart you from your goal and as a bigger challenge, you comprehend a concept wrong for your life. Choosing the right study material is the most important aspect. If would like to endorse (ISC)2 Common Body of Knowledge as the most valuable study material if you are self-preparing for CISSP.

5. Lack of Quality Questions practice

Again, the internet is full of CISSP Dumps. Though everyone claims to be the nearest to real exam, none of them is correct. The questions you get in CISSP exam are very different from what you see on internet. To get a feel of it, you can follow this amazing webinar on think like a manager.

6. Lack of mentorship

Many people fail as they avoid choosing a mentor and find the wrong mentor who provides some value but does not have the expertise or is unable to provide you help when you really need it. It is always recommended to find a mentor for your CISSP journey. This can make your journey far simpler. This can be an important decision point and can be a make or a break. Always see the passion of the mentor alongside what the mentor can offer you as value in your journey. Go with someone who can provide you 1:1 mentorship, when you need motivation and support related to understanding the concepts. Someone who is always available for you.

7. Lack of Application to real world

It is expected that you already have some experience in security while you appear in the CISSP Exam. The CISSP Computerized Adaptive Test (CAT) tests your core understanding of CISSP Core Concepts through scenario-based questions. The academic approach of studying for CISSP is barely effective. Hence is important for the aspirants to deeply understand the Core Concepts of Cybersecurity and be able to apply them in the given scenario.

Conclusion

CISSP is a costly exam and the exam costs 749 USD, which is quite a good investment. While investing on yourself, It is highly recommended that you should take best available mentorship in the industry. In another blog, covers the best approach to pass CISSP, will help you prepare well. I recommend you reach out to Cybernous to enroll in the world first ever CISSP Success Toolkit. There are amazing features including 60+ hours of Exam practice so that you don’t feel stuck in the real exam. See you in my next blog.