Julian Tang on Infosec’s CISSP Boot Camp: Compressed, Engaging & Effective

Julian: I achieved my first CISSP back in 2003, but due to career demands, I was not able to maintain the certification. I enrolled at Infosec to renew the certification and refresh my knowledge of the domains. Throughout my career at Mail2World and Tennenbaum Capital Partners, I’ve leveraged the knowledge of the CISSP to build and maintain their cybersecurity programs. As the CIO for Tennenbaum Capital Partners, it’s also my responsibility to encourage professional development of my team and increase our asset value. Certifications are just one of the many tools we use to show executive management our value.

When I first got my CISSP, the industry was still developing. Now the industry is at scale and as technology professionals, we need to be at the top of our game. Certifications are not a silver bullet, but experience plus certifications are a killer combination that is good for your career. I can always tell the difference when I’m interacting with someone who has just hands-on experience, certifications, or both. A professional who has both certifications and hands-on experience always operates at a higher level than anyone who does not.

Julian: I chose Infosec as my training partner because of its long history of training technical professionals, especially in cybersecurity. Infosec trains thousands of students every year, so I knew they’d be able to tell me what to expect on the exam and what topics to focus on most. I also spoke with previous students who gave very positive reviews of the training for the CISSP and other certifications. I also like that students have the option of in-person or online training. I prefer in-person training, but if your circumstances only allow for online, it’s still worth it.

Julian: There was a handful of different reasons, but it primarily came down to timing and efficiency. I wear 50 different hats in my role and needed a compressed, to-the-point training course that would make sure I was ready for all the exam domains at a technical level. I knew Infosec could not only help me hone in on domains covered in the exam, but also topics certified professionals are expected to understand on the job. I needed to pass my exam on the first attempt, so I decided to enroll into the boot camp.

Julian: My rep, Steven, was great. He focused on getting me the information I needed and was not pushy. Steven shared a lot of good advice about what certifications others in my role are seeking and how certification has helped them in their career paths. I also asked him for references, and he put me in touch with students who went through the program and passed their certifications. This really helped a lot because I was able to talk with others in roles similar to my own. They were very positive about their experiences and open to sharing how have they been able to leverage their own certifications since.

Julian: I went through about a third of the pre-study videos and materials in Infosec Skills before starting my CISSP boot camp. I was familiar with all eight CISSP domain concepts, but I didn’t know all the definitions or exact specifications by heart. While in class, I gave it my all. I sat through eight hours of class each day, read four chapters of the Sybex book each night and did all the practice tests recommended by our instructor, Robert. There was about four to five hours of studying per night after class. It was not easy, but I stuck with it. My approach paid off — I passed my exam at 100 questions in about two hours of the three hours allotted.

If you already work in the industry, you do not need a ton of resources or over 12 months of preparation to pass the CISSP. In addition to attending class, I used the Sybex book provided as part of my course and reviewed the supporting videos and materials. Before attending your boot camp, I recommend going through the pre-study materials in Infosec Skills and getting familiar with the material. If you have the time, also take a few of the practice tests. Reviewing material in advance means you don’t have to work as hard when you are at the boot camp.

You will put in a lot of effort and time to get your CISSP. It requires you to know a lot of technical information and how it is used with risk, governance, legal and best practices for cyber security. If you get your CISSP, you should consider getting one or more of the CISSP concentrations and the CCSP because there is domain overlap. With all the domain information in your head and a better understanding of how (ISC)2 tests, getting the other concentrations or the CCSP should come easier.

Julian: Class ran really smooth. We had really good engagement between both online and in-person students, which was pretty amazing to see — I didn’t expect to interact much with the online students. At the end of the day, we’d work through sample questions and teach each other why one answer is more right than the other. This showed we were really learning the material because we were able to teach it back to other students.

We stayed after class each night for study sessions. Our instructor, Robert, would go through the same concept sometimes five different times to make sure we understood everything on the test. To see someone who started with zero understanding actually grasp the concept on the fifth explanation was really cool. This extra time really let us take a deep dive into the CISSP domains and the different scenarios you might encounter as an IT or security manager.

Our instructor was also exceptional at maintaining an effective tempo for the class. He could read our energy levels and see if we needed a break or if it was time to mix things up with a relevant story from the field. Since he’s earned so many certifications himself, he was also great at pointing out where there was domain overlap, making it easier for other certified students to learn the material faster.

Julian: The CISSP exam isn’t about all the technical definitions you know. It proves you understand security concepts, theories and how to apply them in business scenarios to achieve a common goal. Think of it as having a technical conversation with your non-technical mom. If you need to achieve something techinical from that conversation, you are going to have to put technical knowledge in layman’s terms to achieve your objective. This is just like  communicating with a non-technical leadership team about the role of technology in business strategy.

Julian: We look for a combination of experience and certifications, and always prefer candidates with certifications. This is especially true for our systems, networking and security positions. Again, it’s a combination of both. But if all other qualifications are equal, I prefer the candidate with certifications.

Julian: In the past, it hasn’t necessarily been a need. We weren’t always looking for someone who could code their own exploit fixes or automate testing. In today’s time, however, it’s really changing. Security is a really mature market — having someone with a developer background helps you customize the tools you’ll use to defend your enterprise. I would love to see more developers getting into the security side of things. Being able to code your own remediation is a huge asset.

Julian: I would first get your feet wet with a few basic certifications like the CEH or Security+. You want to make sure you’re really interested in security — getting this early exposure will help you make that decision.

I also recommend you spend some time on LinkedIn. Look at the top 20 companies in the field you want to work for and see what they’re doing. Get an understanding for their culture and the positions available within those companies. Next, find out who works at those companies in your ideal role. Research how they got to where they are — this is your roadmap of how to get to those positions. Then, you can go on the job boards and start searching jobs at your target companies. Find out what skills they require and add those to your career roadmap.