Certification background
Let me first share the reason why I personally choose to take the security certification. I have been paying attention to security certification for several years, but I have been unable to take time for work reasons (to find a perfect excuse for myself). For various reasons, leaving the original work unit, for the needs of individuals and new units, the issue of obtaining an authoritative safety certification has been put on the agenda. The main reasons are as follows:
1. Give me a few years of work experience and make use of this certification to package me with a better profile
2. I hope that with the process of preparing for the exam, I will improve my own knowledge system and make a bit cheesy. I will invest in myself and let myself overview the problem in a more broad and deep way
3.Expand with my own personal relationship by making more friends
4.Raise my wealth
Certification choice
At this stage, the main types of mainstream security certification are mainly divided into three types:
1.Vendor Security Certification: Major IT vendors (such as Cisco, Huawei, and H3C) trend to have specific technical details
2.International safety certification: At present, CISSP is the mainstream choice to cultivate CSO and CISO as the main objectives. Of course, there are many subdivisions, such as CISA, 27001LA, COBIT, ITIL, etc.
3.Domestic safety certification: Domestic safety certification is the first domestic safety certificate CISP
Then the problem comes, according to the individual's work content to choose, the first rule out the manufacturer's certification and then choose between CISP and CISSP, I believe that many friends will also difficult to make choices and I am now sharing my The psychological course of choice, when doing the test certificate selection, is mainly compared to the following aspects:
1.The gold content of the certificate: the overall word of mouth of the certificate. As a whole, both certificates have a good reputation. CISP has almost become the basic certification of domestic security practitioners
2.The scope of certification of the certificate: CISSP international scope is valid, CISP is effective domestically; industry recognition scope: ZF class unit recognizes CISP; external, financial, higher security requirements class recognizes CISSP
3.The difficulty in obtaining the certificate: CISP is about 10 days (depending on different training institutions, the training duration is different, the official data is 8 days, the new CISP has shortened the training time to 5 days), basically after the training is completed smoothly. Passing the exam; CISSP is relatively difficult, the training duration is generally 5 days and then the 3-4 months of preparation time
4.The content of the preparation for the actual help of the work: as long as you study quietly, not only for the purpose of the certificate, the two certificates are similar in content, can bring help, of course, the specific level of help depends on the subdivision work that you are engaged in
5. Certificate cost: CISP: RMB 12800 (including training, exam fees, three-year certificate maintenance gold. Note: mandatory participation in training), there is a certain price space, specifically with the training institutions you come to fight with me; CISSP exam fee 699 US dollars, the cost of training varies from institution to institution. Of course, the services provided are not the same. Each one needs it. Of course, you can take the test without preparing for it
6.Training location: CISSP only has training points in Beijing, Shanghai, Guangzhou, and Shenzhen. CISP has training points in most cities across the country. By the way, since I am in the 3D magic city, it also makes me difficult on this issue because it will involve a large amount of flight ticket and accommodation fee
Training institution selection
1. Institutional strength: The training institution mainly chooses between certain security and a certain philosopher. Both institutions have experienced training experience and experienced lecturers, which are comparable
2.Capital expenditure: Please refer to the fifth point of the previous section. One of the philosophies and certain security has a base price. The price between 6-7K and some of the institution also provides a support class at a price of 10K+ but exam fee included.
Preparation process
Overall aspect:
1.Preparation time: I spent 5 months (July-December)
2.Preparation materials: ALL IN ONE 6th Edition + Official Prep Guide 7th Edition (a unique essay, security no copyright)
The following is my footage
July-August: Read the sixth edition of ALL IN ONE. It is highly recommended to read this book carefully. The author is very meticulous and humorous. (It’s a pity that the author has passed away.) The book is available in English and Chinese. Content I am reading and understanding the two versions. Of course, if your English level is very good, it is strongly recommended to read the original English directly. ALL IN ONE has corresponding exercises for each chapter to review the knowledge points, which can strengthen your understanding of the knowledge points. ALL IN ONE also comes with a set of CD tutorials, but because of my limited English level, it sounds too If you are struggling, you will give up decisively.
August-September: Read the official guide, about 70% of which is consistent with the ALL IN ONE knowledge point, and another 30% is the knowledge point that is not in ALL IN ONE, but has to vomit, the description of its knowledge points And the completeness is complete without ALL IN ONE (a philosophical don't get me, then the benefits of this book), this book has a summary review after each chapter, personally like this summary review, he is completely Raising a height to review, you can learn from a step-by-step summary that takes you away from specific details.
September-October: Read ALL IN ONE again, personal preference, I really prefer to read this book, of course, it may be due to the fact that I have to pay for it separately, the paper is better, and the reason for looking more comfortable (this reason seems to be Published on the public platform), the speed of reading every two times is significantly faster than the first time, because many knowledge points have spent more time before the parties to query and understand.
November-December: I started to do exercises, and I went back to the book to find answers to the knowledge points that I didn't understand. Of course, the two books are just a lot of knowledge points, such as SAML XAML SPML SOC HTML5, etc. Thank you for your understanding of the relevant knowledge points and the patient answers of many friends and training instructors.
Sprint stage: In the last 20 days of sprinting, read two more books, establish your own knowledge structure system, and review the wrong questions of practice questions.
In terms of time allocation, my cycle is longer. The normal situation is that I have to prepare for three months. I am taking a long-flowing method. I spend about 4 hours on average every day (late 3 + early 1) (counting on holidays and daytime work. Time to query knowledge points)
Examination review
The total length of the exam is 360 minutes. The total number of questions is 250. The average question is almost 90 seconds. When the rest is in the middle, the time will not be suspended. It seems that the time will be very tight, but you don't have to worry about the problem of not enough time. You can have full confidence. It is said that some candidates can finish it in 180 minutes. I spent 240 minutes overall and then used nearly 60 minutes to review the questions that need to be checked. Due to the habit of taking a nap, I worry about the afternoon mental state. Ok, I chose to start the exam at 9 am. According to personal habits, many candidates choose to start the exam at 1 pm.
According to the advice of the friends who passed the test before, after completing 100 questions, rest for 10 minutes, then finish the 150 times and rest for another 10 minutes, then return to the examination room to check the markup questions until the submission, and recommend Red Bull and Snickers. Maybe due to a good rest (I am in the Guangzhou examination room, there is a Hanting hotel nearby, in an alley, very quiet, suitable for pre-test sleep, there are ads suspected), originally planned to finish 100 questions Resting, I found that the state was wonderful, and I planned to take a break when I made the 150th question. At this time, my life was a little bit ambiguous, and my head was a little dizzy (at this time, I had almost three hours of continuous exams), but I think this The state of the time is still very good, the concentration of thinking is high, I worry that after the break, there will be difficulties in thinking again, because I choose to continue answering questions, until the 200th question, I feel really unable to hold back, decisively raise my hand. Invigilator, I have to rest! I want to go to the bathroom! (The status of the 185-200 questions is not very good, the concentration is not very concentrated, and the questions are not read in 2-3 times. What is the content of the question? The error rate of this part should be higher, so it is recommended that you do the most. When I got to the 150th question, I still had a good rest and solved my personal problems. I took a few hot glasses of water during the break (I prepared the Snickers and the hot water. Going back to the seat, completing the selection of the last 50 questions and the secondary selection of the title (I changed 5 questions), the state entered quite quickly, and it is still very effective to take a break. Maybe I have obsessive-compulsive disorder, I am worried that the answer is not the one I chose, and then it took about half an hour to confirm all the answers to all the questions.
Precautions:
1. Arrive at least half an hour in advance to the test center, the invigilator will do the pre-test rules reading and identity confirmation, the process is quite long
2. Need to prepare dual documents, generally, choose identity Z (51 shields) + signed credit card
3. Before entering the examination venue, all the teachers will assign a key to you to lock in the small cabinet. The jacket must be taken off and hung outside. It is recommended to choose the clothes inside to keep warm according to the temperature of each place (I only have one left after I take off my jacket). A very thin shirt, just happened to meet the cooling in Guangzhou, although there is indoor air conditioning, still feel cool, poor comfort)
4. The rest was decisively rested, and after the break, the state recovery was not as slow as expected
Summary: The content of the exam is very small for the need to memorize the hard content. The vast majority of the survey content is based on the concept, the deep understanding of the process, combined with the actual application scenarios, there are many options that are entangled in the options.
Last words
Although CISSP is an international information security expert certification, I have positioned it as an information security personnel practitioner certification. Passing the CISSP exam is only a new beginning.