1:10

Good news . Infosec and Cyberwork Hacks are

1:12

here to help you pass the CISSP

1:14

exam . This is part one of a two-part

1:16

Cyberwork Hack in which Infosec's CISSP

1:19

bootcamp instructor , steve Spearman

1:22

, gives you his top tips and

1:24

tricks for taking the CISSP exam

1:26

. In part one here we'll be talking about what makes

1:28

the CISSP such a difficult exam , common

1:31

mistakes people make while taking the exam and

1:33

what to do if , heaven forbid , you don't pass

1:35

on the first try . You don't need to do this alone

1:37

, but you do need to listen to Steve's amazing

1:39

suggestions in this part one of this week's

1:42

Cyberwork Hack . Hello

1:48

and welcome to a new episode of Cyberwork Hacks

1:50

. Purpose of this spin-off of our popular

1:52

Cyberwork podcast is to take a single

1:55

fundamental question and give you a quick

1:57

, clear and actionable solution or

1:59

a new insight in how to use Infosec

2:01

products and training to achieve your work and

2:03

career goals . So my guest today , steve

2:05

Spearman , is an Infosec instructor

2:07

and , among his many areas of expertise , he

2:09

is our bootcamp instructor for one

2:12

of the most requested and most desired certs

2:14

in the industry , that's ISC2's Certified

2:16

Information Systems Security Professional

2:18

, or the CISSP certification

2:20

as we all know it . So for

2:22

today's Cyberwork Hack , steve has some tips

2:25

and tricks to help you pace

2:27

yourself and strategize taking your

2:29

test day with the CISSP . So thanks for joining

2:32

me today , steve . It's

2:34

a pleasure , chris . So

2:36

, steve , we know that the CISSP

2:38

is pretty officially known

2:41

as one of the most challenging exams in cybersecurity

2:44

and among even the most talented security professionals

2:46

. We know I know , more than a few

2:48

of them have failed the exam once or more , and there's

2:50

no shame in that . This is a biggie . So

2:52

, to start off , I want to ask you what it is

2:54

that makes the CISSP such a challenging

2:57

exam to take and such a challenging

2:59

certification to get .

3:02

It is a very difficult exam

3:04

. There's no question

3:06

In class I say this for

3:08

many of you will be the most difficult exam

3:10

you will ever take in your life . It's very

3:12

difficult . The reason is

3:14

kind of interesting , so it covers a

3:16

lot of topics . There are hundreds

3:19

and hundreds and hundreds of specific

3:21

topics . There are some people that have indexed that

3:23

and I don't know the exact number , but maybe

3:25

it's even thousand . It

3:27

depends on how you define a topic , but it's like

3:30

it is . A

3:32

lot of people say it's a mile wide and

3:34

an inch deep . It doesn't go deeply

3:37

into any topics , but it covers

3:39

a huge volume of topics

3:41

. So , you have to be familiar with a

3:43

lot of different , a

3:48

lot of content , and one of the most common questions

3:50

I get asked during a boot camp is

3:52

we'll be covering some topic

3:55

in the slide deck and they'll

3:57

say could this be on

3:59

the exam ? And my answer is if

4:01

you're looking at it on the screen . I don't say

4:03

it snarkily , but it's like

4:05

it could be on the exam

4:07

. If it's in this PowerPoint deck , it's

4:09

definitely in the Everything's

4:11

in play . And the company

4:14

knowledge and , yes , it could be on the

4:16

exam . So

4:18

, yeah , so it's just a lot

4:21

of material . The other thing I would say is

4:23

tricky . It

4:25

is the questions

4:27

are kind of tricky , like you have

4:30

to really dig

4:32

into , kind of understanding , what

4:34

they're trying to get from you as the

4:36

test taker . With exams , and

4:38

I

4:41

think most certs are known to have what are called

4:43

distractors . These are questions

4:45

, these are answers to questions that look

4:47

good like oh wow , but

4:50

they're actually not , they're wrong

4:52

, and I think the CISSP

4:54

is possibly the trickiest

4:57

exam out there . I

5:02

don't mean that in any way to imply

5:04

kind of any sort of ethical

5:06

failure . It's like it's just , the

5:08

questions are

5:11

very particular and

5:14

even occasionally peculiar

5:16

. So yeah , it's

5:18

, and so you have to understand how to break

5:20

down . Questions is what it is , the

5:22

one of the critical skills .

5:24

Yeah , and in their defense , I mean

5:27

, this is the certification that

5:29

basically says to the industry like I

5:31

am , I am at least somewhat knowledgeable

5:33

in every conceivable thing that you

5:36

could possibly need before in the realm of cybersecurity

5:38

, whether it's cryptography or physical

5:40

building security or anything

5:43

. So you know , you almost have to be

5:45

kind of a very sort of like a

5:47

Wikipedia of cybersecurity or a reference library

5:49

of cybersecurity .

5:51

Like , if I can't have every man , I can get

5:53

it .

5:53

Yeah , exactly yeah . If

5:56

I don't have it in my brain this I have all the prompts

5:58

. I need to sort of get to all the things so

6:00

. So , based on feedback you've received

6:03

from people who have taken your

6:05

boot camps , what are some of the most common mistakes

6:07

people make with the CISSP

6:09

, either leading up to the exam or on

6:11

the day of the exam ?

6:14

Well , leading up to the exam , it's just not preparing

6:16

, not not being prepared . You

6:18

know not , you know so . So that's

6:21

you know . Hopefully , if they're my boot

6:23

camp , that problem hopefully is going to

6:25

go away , especially if they're taking my advice

6:27

during the boot camp . But on the day of

6:29

, I think , first of all , just not

6:31

being rested is a common , you

6:33

know , and it makes a huge difference . This

6:36

is a taxing test by

6:38

about question 90 , you're like , you're

6:42

so spent , like you know

6:44

, and 90 out of what

6:46

150 or something , is it ? or so

6:49

the minimum it's right now , until

6:51

April 15th , it's 125

6:53

minimum , 175 maximum , wow

6:56

, so , and you

6:58

know , so it's like you know , you have to really

7:00

double down , get rest , you

7:02

know , you know , be well rested and

7:06

, and you know , be hydrated

7:08

, all that sort of stuff like , so that you can , you

7:11

know , perform at your maximum , you

7:14

know , and also , the day I just don't be stressed get

7:16

there early , all that sort of stuff . So the

7:20

thing is , in actually taking

7:22

the exam , the , I think the

7:24

, the , the , the number

7:27

one piece of advice and possibly the

7:29

number one failure that people

7:31

Will have is not taking

7:33

their time . You have

7:35

plenty of

7:38

Time . Oh , so , if

7:40

you , if you have , if you , if you

7:42

, if you finish at 125 questions

7:44

, which is sort of like acing the exam , you

7:48

know you've got on one minute and

7:50

15 seconds per question , and if you

7:52

go all the way to 175

7:55

Questions and

7:58

then you've got about 85 seconds

8:00

per question , you have time . And

8:02

people Like me I'm actually

8:05

quite an impatient test taker and

8:07

you know I think you're

8:10

time , you have time

8:12

. I have been doing this . I've had hundreds

8:15

and hundreds and hundreds of students . I guess it's

8:17

probably well over a thousand

8:19

students now and go through my CIS

8:21

is P bootcamp and I've

8:24

never had a student run out of time

8:26

that that has told me they ran out of time . Right

8:29

, I've . You know , you , you

8:31

have to get to 125 , but if you get

8:33

to 125 you're gonna have a scored

8:35

exam and and and

8:39

you know it's never happened , it's

8:42

so you've got Tom . That's really my

8:44

main kind of point of emphasis

8:46

is take your time . Yeah , if

8:49

you being being rushed or

8:51

in a hurry or impatient , it's gonna hurt

8:53

you .

8:54

Yeah , it's a marathon , not a sprint . You really have to you

8:56

. You got to resist that temptation to go Blasting

8:59

out of the front gate and and say , oh

9:01

, I'm doing great , or whatever , because then you're just gonna burn

9:03

yourself out .

9:04

Yes , it's a marathon exactly , absolutely

9:07

so .

9:07

Can you walk us through

9:09

some of your personal tips and tricks for taking the CIS

9:12

P ? I know that you mentioned some

9:14

mnemonics before and things like that , but what are some things they

9:16

should be watching out for on the exam ? Or If

9:19

you can give any advice regarding pacing or prioritizing

9:21

certain problems when taking the test , that would be great .

9:23

Yeah . So remember , with this exam you cannot

9:26

review and answer questions later . In fact

9:28

, is it cat , a computer adaptive test ? But

9:31

how you answer the question , this

9:33

you know question , is going to determine what

9:35

question you get next . Nobody takes the

9:37

same exam . That used to be

9:39

true for the linear exam but not for the

9:41

computer adaptive test , and

9:44

you know . So again , the most

9:46

important advice I really do think is take your time

9:48

. The second thing is

9:51

that I'd say the second most important

9:53

piece of advice is Eliminating

9:56

wrong answers first . Yep

9:59

, so you're confronted with four

10:01

questions , I mean four answers

10:03

to a question and you , and

10:05

in 80% of

10:07

them you can say well , it's not a and it's

10:09

not d . It's

10:12

like so , learning to , kind of you

10:15

know , learning to

10:17

you know , and you have to . I

10:21

know , for me personally , taking this exam

10:23

and in other certifications , you have

10:25

to make your brain do it . You

10:27

know it's like I don't know what it is about

10:30

the brain , but we'd like to see this block

10:32

of four answers and we'd like to process

10:35

them together and what we're saying is

10:37

like eliminate any wrong answers

10:39

first . So

10:42

when I'm teaching a bootcamp , I say I'm

10:45

training your brain this week and

10:47

what I'm training your brain to do . I can't

10:49

give you all the content . Even with a

10:52

week of a thousand slide

10:54

, deck , powerpoint and all , I can't

10:56

give you all the content . You're going to have to dig into

10:58

that even more beyond bootcamp . What

11:01

I can teach you is how to take the exam , and

11:05

we're going to be practicing these principles

11:08

. So I tell people , even

11:10

if it seems kind of easy , just get

11:12

in the habit of eliminating wrong

11:14

answers first . So that's so

11:17

, take your time , eliminate wrong answers

11:19

first . Then there's some just general

11:22

kind of things I like

11:24

to let people be aware of

11:27

. Taking this One is that

11:29

I have this joke I tell

11:32

people you are going

11:34

to think you're failing the exam . 90%

11:37

of people are thinking I'm failing

11:39

this exam . It's just , this is an

11:41

exam , more so than I think other certification

11:43

. It gets in your head . So

11:46

I tell people during my bootcamp I say you guys

11:48

, you're going to be in question 60

11:50

, 80 , 90, . You think I'm failing this

11:53

exam . And here's what I want you to do Just

11:55

remember this face . I want you to remember

11:57

this face right here and

12:00

see how I'm smiling . See how I'm smiling

12:02

. The point is you're not failing

12:04

the exam . The exam is getting

12:06

into your head . Don't let it get into your head . It's

12:09

, you're doing fine . Almost

12:12

everybody that goes through this bootcamp passes

12:14

the exam . Don't let it get into

12:16

your head . It's

12:18

like Steve Allen , another instructor , says

12:20

it does not give you warm

12:22

and fuzzies . That's just the

12:25

way this exam is . So just remember

12:27

. You're going to say I'm failing and then you're

12:29

saying , oh wait , steve said I would say that no

12:31

, I'm not failing , I'm doing fine , and then just keep plugging

12:33

away and doing your best . So yeah , yeah

12:35

.

12:36

Again , going back to marathon things . They say that

12:38

so much of it is the mental game

12:40

, like you don't believe you can do

12:42

it and then , but your body still could do it

12:44

. It's just you shut your brain

12:46

down before you shut your legs down . So

12:48

I think that's really good advice . So

12:53

I want to talk to the 9%

12:55

, or whatever , who would rather

12:57

not think about these things right now . What

12:59

is your advice if you finish the exam and find out you didn't pass ? Like

13:02

what's your next step ? To pick yourself back

13:04

up and start climbing them out in the second time .

13:07

So the thing is it

13:11

does happen . It's not

13:13

common , fortunately for me

13:15

as instructor and for InfoSec as a company

13:18

, but

13:20

it does happen . So

13:24

I've had people . The good news with what I do is the

13:26

vast majority of messages I get from clients

13:28

, from students , are yeah

13:30

, I passed the exam , and so that makes my job really

13:33

satisfying . But occasionally it happens . I

13:35

even say this during the boot camp I said your

13:37

value as a professional , as a person , is

13:39

not tied to how you doing this exam . It's

13:41

like and just remind yourself of that

13:44

right , it's like you know you

13:46

have , you are you're , you know you're

13:48

a capable person . There may be a

13:50

lot of reasons you know , some of

13:52

which might be out of your control . I just

13:55

you just got to let it go . And I actually think

13:57

it's important for even first time test takers

14:00

to kind of have a little bit of mentalities

14:02

like I've done my preparation , I'm doing the best , I'm

14:04

going to do the best I can and that's all you

14:06

can do , right . So then

14:08

I tell people is like if you , if it's an important

14:11

goal for you to pass this exam , go

14:14

ahead and schedule it 30 to 40 days

14:16

out from now . Take

14:19

the results from your sorry

14:22

you didn't pass sheets that you got at . It

14:24

was given to the proctor at Pearson

14:26

View . Focus on the

14:28

domains you're weakest at . And

14:31

then and again I have a way

14:33

that I have a recommendation that

14:36

I call the readiness assessment that I

14:38

use to help people know and it's like

14:40

really gauge yourself from that . That

14:43

readiness assessment , which is I

14:47

want students to get 75%

14:50

or higher on ISC2

14:53

slash Wiley questions

14:55

. So these are the questions in the official practice

14:57

test , I mean in the official study guide in the official

14:59

practice test 75%

15:01

or higher , and it needs to be questions

15:04

you've never seen before . So you need access

15:06

to a fresh bank of questions . If

15:09

you see , if you miss a question today and

15:11

you ask the same , you're gonna get it tomorrow

15:13

. It's not a good assessment , in other

15:15

words . And then use that to guide

15:17

your readiness . Go ahead and

15:19

schedule your exam , don't

15:22

? You don't wanna pass it a second time . You don't

15:24

wanna fail it a second time . You can't take it for

15:26

90 days if you do that . And

15:28

then use that to kind of guide your preparation

15:30

and then just

15:32

believe you're gonna do , you're gonna do

15:34

better next time and that I've

15:36

had many people come through my

15:38

boot camp , that for sitting

15:41

in my boot camp . They had failed it before

15:43

, in some cases more than once , who went

15:45

on to pass it as a result , and

15:47

I think it's taking the combination of advice

15:50

and other things that really make

15:52

a difference .

15:53

So All right . Well so for those who did pass

15:55

their exams , congratulations . We're

15:57

imagining the best possible scenario

15:59

right now . Do you have any advice for sort of

16:01

keeping what you've learned

16:04

fresh in your head and applicable for your job ? I'm

16:06

not talking necessarily like CPEs , but just

16:08

ways to apply your newly learned skills

16:10

on your job .

16:12

I mean the thing is , I think people want

16:14

to take they're for

16:16

everybody , even for those that have 20

16:19

years experience information security . There's

16:21

always new things , ideas that

16:24

you can take away . So I would consider

16:26

it . Use it as an opportunity to understand

16:29

, like

16:31

, what direction I wanna take my career

16:33

. I've been exposed to some new ideas . Maybe I wanna

16:36

focus on something different . And

16:39

then , of course , just I

16:42

think that subscribing to

16:44

and to different information

16:47

security newsletters I'm a big

16:49

fan of Krebs on security is one

16:51

of . He's a long form journalist in

16:53

information security . Brian Krebs

16:56

is amazing In different resources

16:58

like that the CISA

17:00

. Subscribe to CISA's alerts

17:03

, different things like that . That can help

17:05

you sort of stay fresh . And then , of course

17:07

, the CPEs are important . You

17:09

need it to maintain your credentials anyway

17:11

.

17:12

So yeah , all right . Well

17:14

, I asked this in another Hacks episode , but I'm

17:16

gonna wrap up by asking it again here what's your

17:18

best piece of advice for exam

17:20

day ?

17:23

For exam day is

17:25

be rested , be rested

17:27

. So .

17:28

Yeah , yeah , and you mentioned before , you

17:30

get a whiteboard right , You're able to like

17:33

yeah , you have a , you're giving a whiteboard

17:35

.

17:35

you can take any mnemonics

17:38

that you've memorized , put them on there , get it out of your

17:40

brain and you know it helps

17:42

reduce stress and things like that . Love

17:44

that .

17:45

All right well , steve Spearman , thank you for taking

17:47

a bit of worry out of the processing of the CISSP

17:49

. I appreciate it .

17:51

Yeah , it's my pleasure , thank you .

17:53

And to all of you . Thank you for watching this episode

17:55

. If you enjoyed this video and felt it helped you , I

17:57

hope you'll please share it with colleagues , forums

18:00

or other people on your social media accounts

18:02

and definitely subscribe to our podcast feed

18:04

and YouTube page . You can just type in CyberWork

18:06

InfoSec on YouTube or just

18:09

type it into your podcast catcher of choice . Guarantee

18:12

, we'll be there . So there's plenty more to come , and

18:14

if you have any other topics you want us to cover , just

18:16

drop them in the comments below . We do read them and

18:19

we do appreciate them . So until next time

18:21

, have a great day and happy learning

18:23

.