Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
1:10
Good news . Infosec and Cyberwork Hacks are
1:12
here to help you pass the CISSP
1:14
exam . This is part one of a two-part
1:16
Cyberwork Hack in which Infosec's CISSP
1:19
bootcamp instructor , steve Spearman
1:22
, gives you his top tips and
1:24
tricks for taking the CISSP exam
1:26
. In part one here we'll be talking about what makes
1:28
the CISSP such a difficult exam , common
1:31
mistakes people make while taking the exam and
1:33
what to do if , heaven forbid , you don't pass
1:35
on the first try . You don't need to do this alone
1:37
, but you do need to listen to Steve's amazing
1:39
suggestions in this part one of this week's
1:42
Cyberwork Hack . Hello
1:48
and welcome to a new episode of Cyberwork Hacks
1:50
. Purpose of this spin-off of our popular
1:52
Cyberwork podcast is to take a single
1:55
fundamental question and give you a quick
1:57
, clear and actionable solution or
1:59
a new insight in how to use Infosec
2:01
products and training to achieve your work and
2:03
career goals . So my guest today , steve
2:05
Spearman , is an Infosec instructor
2:07
and , among his many areas of expertise , he
2:09
is our bootcamp instructor for one
2:12
of the most requested and most desired certs
2:14
in the industry , that's ISC2's Certified
2:16
Information Systems Security Professional
2:18
, or the CISSP certification
2:20
as we all know it . So for
2:22
today's Cyberwork Hack , steve has some tips
2:25
and tricks to help you pace
2:27
yourself and strategize taking your
2:29
test day with the CISSP . So thanks for joining
2:32
me today , steve . It's
2:34
a pleasure , chris . So
2:36
, steve , we know that the CISSP
2:38
is pretty officially known
2:41
as one of the most challenging exams in cybersecurity
2:44
and among even the most talented security professionals
2:46
. We know I know , more than a few
2:48
of them have failed the exam once or more , and there's
2:50
no shame in that . This is a biggie . So
2:52
, to start off , I want to ask you what it is
2:54
that makes the CISSP such a challenging
2:57
exam to take and such a challenging
2:59
certification to get .
3:02
It is a very difficult exam
3:04
. There's no question
3:06
In class I say this for
3:08
many of you will be the most difficult exam
3:10
you will ever take in your life . It's very
3:12
difficult . The reason is
3:14
kind of interesting , so it covers a
3:16
lot of topics . There are hundreds
3:19
and hundreds and hundreds of specific
3:21
topics . There are some people that have indexed that
3:23
and I don't know the exact number , but maybe
3:25
it's even thousand . It
3:27
depends on how you define a topic , but it's like
3:30
it is . A
3:32
lot of people say it's a mile wide and
3:34
an inch deep . It doesn't go deeply
3:37
into any topics , but it covers
3:39
a huge volume of topics
3:41
. So , you have to be familiar with a
3:43
lot of different , a
3:48
lot of content , and one of the most common questions
3:50
I get asked during a boot camp is
3:52
we'll be covering some topic
3:55
in the slide deck and they'll
3:57
say could this be on
3:59
the exam ? And my answer is if
4:01
you're looking at it on the screen . I don't say
4:03
it snarkily , but it's like
4:05
it could be on the exam
4:07
. If it's in this PowerPoint deck , it's
4:09
definitely in the Everything's
4:11
in play . And the company
4:14
knowledge and , yes , it could be on the
4:16
exam . So
4:18
, yeah , so it's just a lot
4:21
of material . The other thing I would say is
4:23
tricky . It
4:25
is the questions
4:27
are kind of tricky , like you have
4:30
to really dig
4:32
into , kind of understanding , what
4:34
they're trying to get from you as the
4:36
test taker . With exams , and
4:38
I
4:41
think most certs are known to have what are called
4:43
distractors . These are questions
4:45
, these are answers to questions that look
4:47
good like oh wow , but
4:50
they're actually not , they're wrong
4:52
, and I think the CISSP
4:54
is possibly the trickiest
4:57
exam out there . I
5:02
don't mean that in any way to imply
5:04
kind of any sort of ethical
5:06
failure . It's like it's just , the
5:08
questions are
5:11
very particular and
5:14
even occasionally peculiar
5:16
. So yeah , it's
5:18
, and so you have to understand how to break
5:20
down . Questions is what it is , the
5:22
one of the critical skills .
5:24
Yeah , and in their defense , I mean
5:27
, this is the certification that
5:29
basically says to the industry like I
5:31
am , I am at least somewhat knowledgeable
5:33
in every conceivable thing that you
5:36
could possibly need before in the realm of cybersecurity
5:38
, whether it's cryptography or physical
5:40
building security or anything
5:43
. So you know , you almost have to be
5:45
kind of a very sort of like a
5:47
Wikipedia of cybersecurity or a reference library
5:49
of cybersecurity .
5:51
Like , if I can't have every man , I can get
5:53
it .
5:53
Yeah , exactly yeah . If
5:56
I don't have it in my brain this I have all the prompts
5:58
. I need to sort of get to all the things so
6:00
. So , based on feedback you've received
6:03
from people who have taken your
6:05
boot camps , what are some of the most common mistakes
6:07
people make with the CISSP
6:09
, either leading up to the exam or on
6:11
the day of the exam ?
6:14
Well , leading up to the exam , it's just not preparing
6:16
, not not being prepared . You
6:18
know not , you know so . So that's
6:21
you know . Hopefully , if they're my boot
6:23
camp , that problem hopefully is going to
6:25
go away , especially if they're taking my advice
6:27
during the boot camp . But on the day of
6:29
, I think , first of all , just not
6:31
being rested is a common , you
6:33
know , and it makes a huge difference . This
6:36
is a taxing test by
6:38
about question 90 , you're like , you're
6:42
so spent , like you know
6:44
, and 90 out of what
6:46
150 or something , is it ? or so
6:49
the minimum it's right now , until
6:51
April 15th , it's 125
6:53
minimum , 175 maximum , wow
6:56
, so , and you
6:58
know , so it's like you know , you have to really
7:00
double down , get rest , you
7:02
know , you know , be well rested and
7:06
, and you know , be hydrated
7:08
, all that sort of stuff like , so that you can , you
7:11
know , perform at your maximum , you
7:14
know , and also , the day I just don't be stressed get
7:16
there early , all that sort of stuff . So the
7:20
thing is , in actually taking
7:22
the exam , the , I think the
7:24
, the , the , the number
7:27
one piece of advice and possibly the
7:29
number one failure that people
7:31
Will have is not taking
7:33
their time . You have
7:35
plenty of
7:38
Time . Oh , so , if
7:40
you , if you have , if you , if you
7:42
, if you finish at 125 questions
7:44
, which is sort of like acing the exam , you
7:48
know you've got on one minute and
7:50
15 seconds per question , and if you
7:52
go all the way to 175
7:55
Questions and
7:58
then you've got about 85 seconds
8:00
per question , you have time . And
8:02
people Like me I'm actually
8:05
quite an impatient test taker and
8:07
you know I think you're
8:10
time , you have time
8:12
. I have been doing this . I've had hundreds
8:15
and hundreds and hundreds of students . I guess it's
8:17
probably well over a thousand
8:19
students now and go through my CIS
8:21
is P bootcamp and I've
8:24
never had a student run out of time
8:26
that that has told me they ran out of time . Right
8:29
, I've . You know , you , you
8:31
have to get to 125 , but if you get
8:33
to 125 you're gonna have a scored
8:35
exam and and and
8:39
you know it's never happened , it's
8:42
so you've got Tom . That's really my
8:44
main kind of point of emphasis
8:46
is take your time . Yeah , if
8:49
you being being rushed or
8:51
in a hurry or impatient , it's gonna hurt
8:53
you .
8:54
Yeah , it's a marathon , not a sprint . You really have to you
8:56
. You got to resist that temptation to go Blasting
8:59
out of the front gate and and say , oh
9:01
, I'm doing great , or whatever , because then you're just gonna burn
9:03
yourself out .
9:04
Yes , it's a marathon exactly , absolutely
9:07
so .
9:07
Can you walk us through
9:09
some of your personal tips and tricks for taking the CIS
9:12
P ? I know that you mentioned some
9:14
mnemonics before and things like that , but what are some things they
9:16
should be watching out for on the exam ? Or If
9:19
you can give any advice regarding pacing or prioritizing
9:21
certain problems when taking the test , that would be great .
9:23
Yeah . So remember , with this exam you cannot
9:26
review and answer questions later . In fact
9:28
, is it cat , a computer adaptive test ? But
9:31
how you answer the question , this
9:33
you know question , is going to determine what
9:35
question you get next . Nobody takes the
9:37
same exam . That used to be
9:39
true for the linear exam but not for the
9:41
computer adaptive test , and
9:44
you know . So again , the most
9:46
important advice I really do think is take your time
9:48
. The second thing is
9:51
that I'd say the second most important
9:53
piece of advice is Eliminating
9:56
wrong answers first . Yep
9:59
, so you're confronted with four
10:01
questions , I mean four answers
10:03
to a question and you , and
10:05
in 80% of
10:07
them you can say well , it's not a and it's
10:09
not d . It's
10:12
like so , learning to , kind of you
10:15
know , learning to
10:17
you know , and you have to . I
10:21
know , for me personally , taking this exam
10:23
and in other certifications , you have
10:25
to make your brain do it . You
10:27
know it's like I don't know what it is about
10:30
the brain , but we'd like to see this block
10:32
of four answers and we'd like to process
10:35
them together and what we're saying is
10:37
like eliminate any wrong answers
10:39
first . So
10:42
when I'm teaching a bootcamp , I say I'm
10:45
training your brain this week and
10:47
what I'm training your brain to do . I can't
10:49
give you all the content . Even with a
10:52
week of a thousand slide
10:54
, deck , powerpoint and all , I can't
10:56
give you all the content . You're going to have to dig into
10:58
that even more beyond bootcamp . What
11:01
I can teach you is how to take the exam , and
11:05
we're going to be practicing these principles
11:08
. So I tell people , even
11:10
if it seems kind of easy , just get
11:12
in the habit of eliminating wrong
11:14
answers first . So that's so
11:17
, take your time , eliminate wrong answers
11:19
first . Then there's some just general
11:22
kind of things I like
11:24
to let people be aware of
11:27
. Taking this One is that
11:29
I have this joke I tell
11:32
people you are going
11:34
to think you're failing the exam . 90%
11:37
of people are thinking I'm failing
11:39
this exam . It's just , this is an
11:41
exam , more so than I think other certification
11:43
. It gets in your head . So
11:46
I tell people during my bootcamp I say you guys
11:48
, you're going to be in question 60
11:50
, 80 , 90, . You think I'm failing this
11:53
exam . And here's what I want you to do Just
11:55
remember this face . I want you to remember
11:57
this face right here and
12:00
see how I'm smiling . See how I'm smiling
12:02
. The point is you're not failing
12:04
the exam . The exam is getting
12:06
into your head . Don't let it get into your head . It's
12:09
, you're doing fine . Almost
12:12
everybody that goes through this bootcamp passes
12:14
the exam . Don't let it get into
12:16
your head . It's
12:18
like Steve Allen , another instructor , says
12:20
it does not give you warm
12:22
and fuzzies . That's just the
12:25
way this exam is . So just remember
12:27
. You're going to say I'm failing and then you're
12:29
saying , oh wait , steve said I would say that no
12:31
, I'm not failing , I'm doing fine , and then just keep plugging
12:33
away and doing your best . So yeah , yeah
12:35
.
12:36
Again , going back to marathon things . They say that
12:38
so much of it is the mental game
12:40
, like you don't believe you can do
12:42
it and then , but your body still could do it
12:44
. It's just you shut your brain
12:46
down before you shut your legs down . So
12:48
I think that's really good advice . So
12:53
I want to talk to the 9%
12:55
, or whatever , who would rather
12:57
not think about these things right now . What
12:59
is your advice if you finish the exam and find out you didn't pass ? Like
13:02
what's your next step ? To pick yourself back
13:04
up and start climbing them out in the second time .
13:07
So the thing is it
13:11
does happen . It's not
13:13
common , fortunately for me
13:15
as instructor and for InfoSec as a company
13:18
, but
13:20
it does happen . So
13:24
I've had people . The good news with what I do is the
13:26
vast majority of messages I get from clients
13:28
, from students , are yeah
13:30
, I passed the exam , and so that makes my job really
13:33
satisfying . But occasionally it happens . I
13:35
even say this during the boot camp I said your
13:37
value as a professional , as a person , is
13:39
not tied to how you doing this exam . It's
13:41
like and just remind yourself of that
13:44
right , it's like you know you
13:46
have , you are you're , you know you're
13:48
a capable person . There may be a
13:50
lot of reasons you know , some of
13:52
which might be out of your control . I just
13:55
you just got to let it go . And I actually think
13:57
it's important for even first time test takers
14:00
to kind of have a little bit of mentalities
14:02
like I've done my preparation , I'm doing the best , I'm
14:04
going to do the best I can and that's all you
14:06
can do , right . So then
14:08
I tell people is like if you , if it's an important
14:11
goal for you to pass this exam , go
14:14
ahead and schedule it 30 to 40 days
14:16
out from now . Take
14:19
the results from your sorry
14:22
you didn't pass sheets that you got at . It
14:24
was given to the proctor at Pearson
14:26
View . Focus on the
14:28
domains you're weakest at . And
14:31
then and again I have a way
14:33
that I have a recommendation that
14:36
I call the readiness assessment that I
14:38
use to help people know and it's like
14:40
really gauge yourself from that . That
14:43
readiness assessment , which is I
14:47
want students to get 75%
14:50
or higher on ISC2
14:53
slash Wiley questions
14:55
. So these are the questions in the official practice
14:57
test , I mean in the official study guide in the official
14:59
practice test 75%
15:01
or higher , and it needs to be questions
15:04
you've never seen before . So you need access
15:06
to a fresh bank of questions . If
15:09
you see , if you miss a question today and
15:11
you ask the same , you're gonna get it tomorrow
15:13
. It's not a good assessment , in other
15:15
words . And then use that to guide
15:17
your readiness . Go ahead and
15:19
schedule your exam , don't
15:22
? You don't wanna pass it a second time . You don't
15:24
wanna fail it a second time . You can't take it for
15:26
90 days if you do that . And
15:28
then use that to kind of guide your preparation
15:30
and then just
15:32
believe you're gonna do , you're gonna do
15:34
better next time and that I've
15:36
had many people come through my
15:38
boot camp , that for sitting
15:41
in my boot camp . They had failed it before
15:43
, in some cases more than once , who went
15:45
on to pass it as a result , and
15:47
I think it's taking the combination of advice
15:50
and other things that really make
15:52
a difference .
15:53
So All right . Well so for those who did pass
15:55
their exams , congratulations . We're
15:57
imagining the best possible scenario
15:59
right now . Do you have any advice for sort of
16:01
keeping what you've learned
16:04
fresh in your head and applicable for your job ? I'm
16:06
not talking necessarily like CPEs , but just
16:08
ways to apply your newly learned skills
16:10
on your job .
16:12
I mean the thing is , I think people want
16:14
to take they're for
16:16
everybody , even for those that have 20
16:19
years experience information security . There's
16:21
always new things , ideas that
16:24
you can take away . So I would consider
16:26
it . Use it as an opportunity to understand
16:29
, like
16:31
, what direction I wanna take my career
16:33
. I've been exposed to some new ideas . Maybe I wanna
16:36
focus on something different . And
16:39
then , of course , just I
16:42
think that subscribing to
16:44
and to different information
16:47
security newsletters I'm a big
16:49
fan of Krebs on security is one
16:51
of . He's a long form journalist in
16:53
information security . Brian Krebs
16:56
is amazing In different resources
16:58
like that the CISA
17:00
. Subscribe to CISA's alerts
17:03
, different things like that . That can help
17:05
you sort of stay fresh . And then , of course
17:07
, the CPEs are important . You
17:09
need it to maintain your credentials anyway
17:11
.
17:12
So yeah , all right . Well
17:14
, I asked this in another Hacks episode , but I'm
17:16
gonna wrap up by asking it again here what's your
17:18
best piece of advice for exam
17:20
day ?
17:23
For exam day is
17:25
be rested , be rested
17:27
. So .
17:28
Yeah , yeah , and you mentioned before , you
17:30
get a whiteboard right , You're able to like
17:33
yeah , you have a , you're giving a whiteboard
17:35
.
17:35
you can take any mnemonics
17:38
that you've memorized , put them on there , get it out of your
17:40
brain and you know it helps
17:42
reduce stress and things like that . Love
17:44
that .
17:45
All right well , steve Spearman , thank you for taking
17:47
a bit of worry out of the processing of the CISSP
17:49
. I appreciate it .
17:51
Yeah , it's my pleasure , thank you .
17:53
And to all of you . Thank you for watching this episode
17:55
. If you enjoyed this video and felt it helped you , I
17:57
hope you'll please share it with colleagues , forums
18:00
or other people on your social media accounts
18:02
and definitely subscribe to our podcast feed
18:04
and YouTube page . You can just type in CyberWork
18:06
InfoSec on YouTube or just
18:09
type it into your podcast catcher of choice . Guarantee
18:12
, we'll be there . So there's plenty more to come , and
18:14
if you have any other topics you want us to cover , just
18:16
drop them in the comments below . We do read them and
18:19
we do appreciate them . So until next time
18:21
, have a great day and happy learning
18:23
.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More