Inspiring Leadership, Excellence & Innovation in Security
I have written and compiled 200 CPP exam practice questions which you can access via https://www.udemy.com/course/cpp-exam-practice-questions/?couponCode=SECURITY40
This is a story about my journey to obtain the Certified Information Systems Security Professional (CISSP) certification in 2019.
Disclaimer: Following my methods do not guarantee you passing your exam, though these principles have been used by me to pass my other certification exams too. I believe it will be of useful reference for anyone preparing to take the CISSP exam.
Why I took the CISSP certification?
CISSP is one of the most widely recognized information systems security certification in the world. Though I have a bachelor degree in Computer Science and a professional certification in Certified Protection Professional (board certified by ASIS International), I was keen to upgrade and deepen my information security knowledge. After putting off the decision to take the exam for many years, I finally decided to get the certification in 2018.
The most important factor in passing the CISSP exam is the motivation behind the pursue of this certification. Why do you want the certification and how desperate are you to pass the exam?
For me, it is not only to build upon my credentials, it is a constant drive to continuously learn and be equipped with the current knowledge and skills to perform my role better. Now that I am an entrepreneur, its for me to serve my clients better.
Once I paid the expensive exam fees, my stake was high. Failing was not an option as I would have to pay the expensive exam fees again. This prompted me to study hard and aimed towards passing the exam on the first attempt.
These factors have driven my performance in all my other certification attempts. I passed all the exams in the first attempt !
How to prepare for the exam?
I signed up for a 5-days CISSP course which included a voucher to attempt the official CISSP exam within one year from the date of the course. Attending the course helps in the preparation of the exam. A good trainer makes a difference in your learning experience. Find out the reviews about the training centres and the trainers before registering for the course.
Here’s one thing I did which you should avoid the same mistake. After completing the course, I procrastinated the exam preparation for almost 8 months before I registered for the exam. Don’t procrastinate. Maintain your momentum to study after completing the course. It was only after I registered the exam that I seriously started studying for the exam.
Register for the exam early and commit yourself to the preparation of the exam. I took about 3 months to prepare for the exam. I focused my study in 2 key areas.
Read the official study materials
Practice exam questions
On the exam day
I recommend taking the exam in the afternoon to avoid any potential morning rush hours that may delay your arrival at the test centre.
You will never be fully prepared. So relax on the day of the exam and stop studying a few hours before the exam starts.
Close your eyes and take deep breaths to relax and keep calm.
Bring your sweater and clear your bladder before entering the exam room. You don’t want to be caught in a shivering state which will affect your thinking and performance. Going out to the restroom in the midst of the exam is a waste of precious time.
This was my first time taking a Computerised Adaptive Testing https://www.isc2.org/certifications/CISSP/CISSP-CAT exam. I had to answer a minimum of 100 questions, up to a maximum of 150 questions, depending on the actual scoring at the time I answered the questions! The exam does not allow you to return to the previous question once you answered it. Hence make your choice wisely. Here’s also a few tips when answering the questions:
I answered 100 questions in about 1hour 45minutes when the screen ended my exam. I was anxious as I walked to the counter to receive my result. When I opened the result slip, It was a “Pass” !
What’s next?
To be certified as a CISSP, you still have to be endorsed by your supervisors/colleagues on your work experience. After submitting the required information, ISC2 will route the email to them for verification. It will take a few weeks for the processing.
Finally when you are endorsed, ISC2 will send you an email to make a payment of USD125 for the annual maintenance fee. Once payment is done, you complete the process to be a CISSP !
Its been a while since I last blogged here as I was bogged down by other priorities.
I was looking through my past few posts and saw one written on 20 Jan 2019 where I wrote about me rejoining Toastmaster after about a decade.
After missing Toastmasters meeting in the past few months due to my work commitment, I finally managed to attend the Grassroots Toastmaster Club meeting on 7 Dec 2019 and presented my Innovative Planning project on “Researching and Presenting”. It took me a few days to prepare my presentation on “How to avoid becoming the next SCAM victim”. I was glad the audience like the presentation and I was voted the “Best Speaker” for the day. It was a morale boost for me as I am now motivated to plan for the next few speeches : )
In life, we need motivations to travel further and progress towards excellence. Get motivated today and excel !
*If you are keen to find out more about Toastmaster or public speaking, send me a message.
I missed the Toastmasters magazine. After almost a decade, I received my first copy of the magazine when I recently rejoined Toastmasters. It contains lots of useful and interesting articles, stories and tips on leadership and communications. I simply enjoy reading it. You can get a copy of it too when you join the Toastmasters.
Join me at the upcoming Toastmasters meeting at Toa Payoh Central on 23 May 2019 to learn more about it
https://www.linkedin.com/feed/update/urn:li:activity:6528800089606057984
With the transformation of the modern technology, the wide applications of the UAV have caught the eyes of its beholders. Till the end of 2017, Shenzen has approximately 350 UAVs related companies, and is considered an “UAV City”. Through this training course, you will explore the future of the UAV. You will also learn about its technological development and its use in terrorism.
Download the brochure for more information.
Security 4.0 Pte Ltd is the exclusive marketing agent for the Singapore market. Please contact me at dexyuan@security40.com for enquiry.
After almost a decade, I finally attended a toastmasters meeting at Grassroots Toastmasters Club (Singapore) on 19 Jan 2019.
I last joined Toastmasters in 2009 and stopped due to my other priorities. Having procrastinated for the past few years, I finally contacted the club officers to attend the meeting as a guest. Toastmasters is a great platform to learn communications & public speaking skills. I have benefited greatly from it.
I am glad to be back and pleasantly surprised to be voted the best table topics speaker for the day.
Check out www.toastmasters.org for more details if you are keen to hone your communications skills. I will be signing up the membership.
“The sky has turned brighter. There is a glorious rainbow that beckons those with a spirit of adventure. And there are rich findings at the end of the rainbow. To the young and the not too old, I say, look at the horizon, follow that rainbow, go ride it!” – Lee Kuan Yew
Sun Tzu, the famous ancient chinese warrior/philosopher wrote the “The Art of War” about 2,500 years ago and his work has been greatly admired by many politicians, businessmen, military etc in modern days. His original masterpiece outlined the warfare strategies that is applicable not only for military, it can be used in business and security. One of his famous quotes is “Know yourself, know your enemy. A hundred battles a hundred victories.”. It means that generals who know themselves and their adversaries will triumph in all its battles. A general who knows only themselves or the adversaries, will face failures (Scott A Watson, 2007).
When applied to modern security environment, institutions must know its security measures well, including both its strengths and weaknesses. On top of that, institutions should also understand about its adversaries. They should identify them and know their motives and possible modus operandi.
There are many different ways to “know yourself and your enemy”. Some of these methods include security risk assessment, security audits, training, exercises, tests, intelligence gathering etc.
One effective way to know about oneself and the enemy is to think like an enemy. By using this critical thinking approach, one can “wear the hat” of the enemy and look at the institution from an outsider perspective. This may require detachment of emotions and associations with the institution and may be better achieved by an external party of the institution. The thinking process is then translated into action plan. This method is known is “Red Teaming” (Zenko, 2015).
What is Red Teaming?
In layman term, red team can sometimes be referred to as devil advocate. When someone says he plays devil advocate during a discussion, he acts the role of the “bad guy” or sceptic who takes on the opposing view with the rest. He challenges assumptions and throw “spanners”. Such actions will stir up the emotions, thinking and assumptions of the team and seek to gain different perspectives from the norm, with the aim of making better informed decision.
Red Teaming was popularized by the US military around 1950s during the Cold War (Zenko, 2015). It is now adopted by military, commercial and industrial entities around the world.
The Federal Aviation Authority (FAA) is one prominent organisation that leverages on the red teaming program to enhance airport security. FAA was directed by a 1990 Presidential Commission to develop “measures to improve testing of security systems” after the bombing of the Pan Am 103 in 1988. This led to the implementation of Red Teaming by FAA.
In Singapore, the use and application of Red Teaming was gradually implemented at various government entities after the 911 terror attack. Other non-government organisations with critical functions or facing high terrorist threats also follow suit to implement red teaming.
In 2018, the application of red teaming gained further traction when the Singapore Police Force (SPF) included red teaming as a criterion in the annual grading of all security agencies in Singapore. TODAY reported that “Operational procedures will be validated through red-teaming exercises, which use different scenarios to assess the effectiveness of security measures” (Ng, 2018). This strategic move by the SPF would lead to more institutions benefiting from the Red Teaming program.
PS: This is an extract of my upcoming new book “Red Teaming 101”. Look out for more posts and articles on the red teaming concepts, applications and stories.
References
Ng, K. (2018, February 13). Grading for security agencies tightened to improve industry standards. Retrieved from Today: https://www.todayonline.com/singapore/grading-security-agencies-tightened-improve-industry-standards
Scott A Watson. (2007). The Art of War for Security Managers. Elsevier.
Zenko, M. (2015). Red Team – How to succeed by thinking like an enemy.
