This book is dedicated to my family

SHARE THIS BOOK

iwww.tamboly.com

Do you have a long commute? A family? A full time job? Do you juggle any or all of these while trying to study for the CISSP® exam?

Do you wake up every day promising that you will set time aside to study for the exam? Life gets in the way, and eventually at night you lay in bed exhausted, stressed, and guilty that you are no closer to your goal of passing the CISSP® exam.

With two kids under the age of three, a sixty hour work week, and bills to pay I was still trying to study for the CISSP® exam. I knew when an opportunity for promotion opened up I would not get promoted without a CISSP®, although I was doing better job better than anyone else.

So in a way as each day went by without studying I felt like I was not getting any closer to my goal and dream of passing the CISSP® exam.

I always had a good reason for not studying, but in my heart I knew that this was a bullshit "good reason." Maybe you can relate?

I was frustrated and wanted to give up, “Maybe this was just not for me.”

Then again, giving up on a dream was also not me.

I decided to give the CISSP® exam one last shot and set a ninety day deadline and passed in the first attempt.

I will share my study plan and roadmap with you and show you how to study for and pass the CISSP® exam in ninety days. I will also answer your questions on review courses, endorsement questions and anything that is getting in your way of passing the CISSP® exam. How to respond to an endorsement audit? How to clearly reflect your security experience on your resume.

THOSE WHO DARE

iiwww.tamboly.com

No matter where you are in your journey towards taking the CISSP® exam, I have been there and know exactly how you feel.

I wrote this book because I did not find any type of roadmap or game plan to study for and pass the CISSP® exam in the market.

This book is based on my experience, grind and is a real depiction of what studying for the CISSP® Exam looks like. It is not made to scare or discourage you.

Just so you know, I am not a master CISSP instructor teaching students for the past twenty plus years.

I am a mom, a spouse, professional working for a Fortune 15 company, a volunteer Emergency Medical Technician and passed the CISSP and many other professional ex-ams.

If could do it, so can you!

I would like everyone preparing for the CISSP® exam to read this book. If you bene-fited in any way or I made your journey a little more bearable please share this book.

Niloufer Tamboly, CISSP®

iiiwww.tamboly.com

Passing the CISSP® Exam will require mad work, so ask yourself if you are ready?I wanted to pass the CISSP® exam and studied for months but only a few days at a time. Have you ever been in a situation where you wanted something badly, but not bad enough to work for it? I found myself doing exactly that.

ARE YOU READY?

1

4www.tamboly.com

Well, the CISSP® is not one of those. If you are serious about the CISSP® exam, be prepared to get your spouse / significant other / kids totally on board. Explain to them why it is so important for you to pass the CISSP® exam, and pass it fast and on the first try.

You will have to take a break from all you after work activities. Make a list of all things that you will need help with, and ask people around you to complete them for you while you study for the exam.

You will also have to practice getting up early, stopping all your hobbies, limiting the hours you spend watching TV, checking Facebook, LinkedIn or other social networks and news websites.

If you are going to be miserable studying, then you want that time to be as brief as pos-sible and you want to pass the first time.

5www.tamboly.com

Am I eligible to take the CISSP® exam?

“I have been working in the IT field how do I know if I have the experience required to qualify for the CISSP® exam?”

“I do not have the experience required for the getting the CISSP® exam what do I do?”

THE CISSP EXAM

2

6www.tamboly.com

“Should I wait to get the necessary experience before I start to study for the CISSP® exam?”

“Will getting work experience up front help with passing the exam?”

“I can dedicate the next three months towards passing the CISSP® exam, is it possi-ble?”

The short answer is that you can study and pass the exam with no experience, some ex-perience or lots of experience.

There was once a requirement that one had to have direct full time work experience in two or more of the security domains, but now one can take and pass the exam and be-come an Associate of the (ISC)² while they complete the work experience require-ments to become a CISSP®.

Work experience requirements from www.isc2.org for the CISSP® Exam are as below:A minimum of five years of direct full-time security work experience in two or more of these 8 domains of the (ISC)² CISSP CBK:

• Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)

• Asset Security (Protecting Security of Assets) • Security Engineering (Engineering and Management of Security)• Communication and Network Security (Designing and Protecting Network Security)• Identity and Access Management (Controlling Access and Managing Identity)• Security Assessment and Testing (Designing, Performing, and Analyzing Security

Testing)• Security Operations (Foundational Concepts, Investigations, Incident Management,

and Disaster Recovery)• Software Development Security (Understanding, Applying, and Enforcing Software

Security)

Candidates are eligible to waive one year of professional experience:

7www.tamboly.com

One year waiver of the professional experience requirement based on a candidate’s education

Candidates can substitute a maximum of one year of direct full-time security profes-sional work experience described above if they have a four-year college degree, or re-gional equivalent OR an advanced degree in information security from the U.S. Na-tional Center of Academic Excellence in Information Assurance Education (CAE/IAE).

OROne-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list

Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or an instructor, that requires Informa-tion Security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual full time Information Security work.

Information Security responsibilities for a five year period, this requirement is cumula-tive, however, and may have been accrued over a much longer period of time.

How long is the CISSP® exam? The exam is six hours long and it is the longest exam that I have taken. It is a test not only of your knowledge of the content but also of your ability to stay calm and com-plete the 250 questions on the exam.

What is the CISSP® exam format?The CISSP® exam consists of 250 multiple choice and advanced innovative questions. About 25 of those questions are sample questions and will not count towards your score.How much do I need to pass?To pass the CISSP® exam you will need 700 out of 1000 points.

What are the languages in which the CISSP® exam offered?Besides English you can take the CISSP® exam in French, German, Portuguese, Span-ish, Japanese, Simplified Chinese and Korean.

8www.tamboly.com

Where can I take the CISSP®?You can schedule the CISSP® exam at a Pearson VUE testing center close to you.

How much does the CISSP® Exam cost?The exam costs US $599.00 however I would add to this the time it takes for you to prepare for the exam, study materials, quizzes as hard costs. Also the money you spend to get help so that you can devote your time to studying e.g. babysitter for the kids or for someone to drive the kids to and fro , etc.So on the whole the CISSP® exam is costly but it is totally worth it for value and op-portunities it offers in your career.

9www.tamboly.com

Question asked most frequently by CISSP® candidates is, which is the best review course, bootcamp , etc.

Well, it is a wrong question.

You may want the best CISSP® Review Course; however what you need is the CISSP® training material that will work for you.

BEST REVIEW COURSE

3

10www.tamboly.com

Why is it that after paying for a $2500, five day “bootcamp” I still get questions from candidates asking me that they are not prepared and need to reschedule their exam?

Set a budget Amount that you are going to spend on your CISSP® prep. This should cover all ex-penses like books, test questions, review course, exam fees. Take a long hard look at what it will cost you to pass this exam the first time. If you try to bootstrap and waste time on blogs looking for free resources take that time into account as well. Find your most cost effective alternative and stay with it.

Understand your learning style Before you chose which review course you need to buy. If you are good at studying on your own, chose an online course with a self-study option. If you learn best by interact-ing with people join a review course held in person.

Try before your buy Before you buy a review course and spend an amount equal to a mortgage payment, check it out. Insist on reviewing demos or samples. Kick some tires. If you cannot at least try out a sample class, or talk to someone that took the class avoid it.

Refund Policy: Ask if you will get a refund if you do not like the course are not satisfied with it. After all this purchase is no different from a purchase at your local Best Buy. Would you buy a $3000 widget if you are told that there will be no refund?

I am surprised that even the scammiest Internet marketing course today comes with a 30 days money back guarantee.

If you can’t stand the voice of the instructor it is going to be tough listening to them for 20 plus hours.

Course Access: Another thing to watch out for is if the course has any type to time limit (validity). You do not want to end up buying an expensive online review course and find out that it ex-

11www.tamboly.com

pires in six months. If you need an extension of time you should not have to shell out extra $$$.

IP Restrictions: I travelled extensively and so another thing I wanted to know was if there were any re-strictions on the IP addresses that I could connect from.

Exam Changes: What if (ISC)2 changes the exam format or content? Will you be covered? For how long? Will you need to pay extra for the updates?

Do your due diligence:You know how long and hard you work to earn $3000 (or so) you will spend for the re-view course.Do you really need to buy an online or in person review course?You can continue to use the material you currently have, or consider supplementing with an another book for the domains you need extra help.

12www.tamboly.com

Is the CISSP® exam difficult?Yes.

So it should take a long time to pass?No. To pass the CISSP® exam you will need to change the way you work. You will work every day and follow a focused study plan. Working consistently will make the difference.

HOW TO STUDY

4

13www.tamboly.com

Why should I study for the CISSP® Exam in 90 days (insert any number of days you want)? When you start studying for the CISSP® Exam without a specific end date, you will drag it out by putting off studying or studying as "time permits."

Top performers in all fields repeat their practice to an extent where they can do it in their sleep. In the CISSP® context how long do you think you can continue to “study” if it is not focused over a shorter time?

You will need to practice the multiple choice questions because this will provide you with crucial feedback needed to get you over the 700 needed to pass the CISSP® exam.

Studying for the CISSP® exam is mentally challenging. As you practice questions and read and reread your weaker areas trying make them better will strain your mental abilities and no one will like to go thru for a longer period.

CISSP® is a difficult exam and all of us like to do things that we are good at.

However, while preparing for the CISSP® exam you will need to find your weakest ar-eas of the exam and then keep on practicing until you understand the underlying ideas or technology and can explain it to your 10 year old son.

How do I study for the CISSP® Exam?

Take a 50 question quiz. Taking the 50 question quiz before starting your CISSP® test prep helps in identifying your weak areas that need work. With 5 years of security work experience there will be many areas in which you will do well. By knowing your weak areas you can focus on flexing your muscles in your weakest areas first.

Every day take a 30 question quiz. You are a top performer and need to answer as many questions correctly as you can so that you come to a point in your preparation that you are waiting to take the CISSP® exam.

14www.tamboly.com

Know the material cold.Make notes of things you find difficult as you study. Next day revise your notes, write them out from memory. If you do not understand something go back to your books and read it, now try to explain it to your 10 year old son, your Mom, anyone that is will-ing to listen. If all of them understand you know you material cold.

Carry your study material everywhere until you pass. As you prepare for the CISSP® exam always be prepared to take advantage of any spare time you get during the day for studying for the CISSP® exam. Carry your notes on your phone, tablet or paper whatever that works for you. Whenever you get a few minutes instead of checking the score or news, review your notes.

As you study if you find a topic challengingThe first step is to choose the concept you want to understand. Take a blank piece of paper and write the name of that concept at the top of the page.Pretend that you are explaining the topic to your 10 year oldThe second step is to write out an explanation, as if you were teaching it to someone who didn’t understand the subject. This is crucial because in explaining to yourself the ideas you already understand, as well as the ones you don’t, you gain a better under-standing and pinpoint exactly the details you don’t understand.

Whenever You Get Stuck, Go Back to the BookWhenever you get stuck, go back to your book or notes until you do get it enough that you can explain it on the paper. Simplify and Create AnalogiesWherever you create a wordy or confusing explanation, try to either simplify the lan-guage, or create an analogy to understand it better.While you study for the CISSP® exam • Dramatically cut back on the number of side projects you are working on. • Ruthlessly remove time wasting habits from your daily schedule. • Take the risk of displeasing some people in exchange for large gains in time. • Stop postponing your studies for a better time or place, do it now. • Disable Your Wireless Adapter When Studying • Create a Morning Routine

15www.tamboly.com

• Take a ten minute break for every hour

Imagine if Steve Jobs had maintained a blog, wrote a book, and tried to master playing the piano while he was developing the iPhone? We would all be still living in the age of the Blackberry.

Your 90 day study planThe secret to passing the CISSP® exam in 90 days is to study consistently every day. Make studying a part of your daily routine so that you don’t have to “find time” to do it.

Excuses that you have I have already used them believe me.

I passed my exam in 90 days with a full time job, a two-hour commute and all the lov-ing distractions of a family.

Any situation you are in today; I probably can relate to it. I spent over 6 months “study-ing” for the CISSP® Exam off and on. On weekends and holidays. It did not work. I will show you how to create the time needed for your CISSP® studies. Once you pass the CISSP® exam feel free to use this time as you please with my com-plements.

Study Every Day I had to find a way to study every day, so I decided to study during my lunch break at work. What could go wrong?

One meeting ran into another and I barely had time to buy lunch bring it to my desk before the next fire that I needed to fight. Before I knew the day was over and it was time to go home. The next day the same story.

I came home tired after spending at least an hour in traffic, sometimes more.One day as I was coming back I realized that if I could somehow find a way to study during my commute, it would be perfect.

How? I had never tried to study with audio as I liked reading and making notes.

16www.tamboly.com

I decided to read out and record my notes. As I studied on the weekend, I wrote down everything that I needed to know cold and was afraid that I would forget. I recorded them and saved them by domain. The next week as I drove to work instead of listening to music and news, I was listening to my notes.

Now when I came home even if I was stuck in traffic for over an hour I felt great as I had completed my studying for the CISSP® exam for the day. Once I got into the groove of studying, I came home and before going to sleep I started to practice at least 30 multiple choice questions.

I had just discovered a way to add two hours to my CISSP® exam study time per day.

I could so easily blend my studies in my daily schedule that I felt for once that I was closer to preparing for my CISSP® exam.

I hated to listen to my voice every day and so I knew that I had to put in as much time as I could studying so that I could go back to listening to music and news that I liked so much.

Every day as you go to work, either driving or by public transport, make studying for the CISSP® exam into your daily schedule.

Daily tasksGet up early and study for at least an hour before you leave for work. Give up TV for a few months’ study for the CISSP®, believe me it is a great reward.Whenever you get distracted ask yourself does this take me closer to getting my CISSP®, if not stop and get back to your studying.Saturday and Sunday – get up super early and study for five hours so you will be done before anyone in your family wakes up.Take a ten-minute break after every one hour of studying.What if I missed a day of study? Jump in the very next day because a day will very soon become weeks. Keep a calendar and strike off each day you stick to your study plan.Your Game Plan is as important as what you studyThe week of your exam take mini tests 30 questions a day and score 90% and above consistently.

17www.tamboly.com

When Should I schedule the exam?When I started preparing for the CISSP® exam I started with a plan that once I fin-ished studying and felt "prepared" and "confident" I would schedule my CISSP® exam. After all it cost so much and so I could not afford to fail.

Every day I came back from work tired I felt the day went by and I did not study.   This went on for quite a few weeks, the only days I could get studying was on Friday's and weekends. My progress was slow and I hated it so much.

Use the power of deadline in your favor.

While there is no perfect time when you will feel totally prepared for the exam. The best time to schedule your exam is halfway through your preparation cycle. At this point scheduling your exam will help you with maintaining the momentum and keep the pressure needed to close well.

Exam DaySchedule your exam on a Monday 11.00AM so that you get to study Saturday and Sun-day.You followed your plan and today is the day to get the fruits of your hard work.Find out where you are going to take the exam. Plan out your route, where you will park, how long is it going to take for you to reach your destination. Carry something to eat during the exam like a power bar or Red Bull, don’t try anything for the first time during the exam.Try to complete the questions that you know first mark the ones that you are doubtful for later. Pace yourself so that by end of the first 2 hours you should be have com-pleted at least a 100 questions. At that point if you marked more than 10 questions go back and review them. If you are still confused mark them and move on to the other questions.Take a break 5 minute break if you want at this point and stretch your legs.Once you finish answering the questions that you are sure of, start reviewing the ones you have marked.

Remember that out of the 250 questions only 225 are scored there are 25 questions for testing purpose and will not be scored.

18www.tamboly.com

5 Ways to Add Points to Your Score without Studying

#5 – Get Proper Sleep:You will be able to recall facts and concentrate the two traits required for the CISSP® exam when you have a good sleep the night before.

#4 – Prepare Early:To perform well on the CISSP® exam prepare early instead of trying to cram informa-tion at the last minute. You will feel well prepared and will be in a better frame of mind much needed for the exam.

#3 – Pace Yourself:The CISSP® exam is a six hour exam with 250 questions. At the end of the first hour based on the number of questions you have completed adjust your pace. You may need to speed up or slow down. Doing this early on with assure you that you will com-plete the exam on time without rushing.

#2 – Take a Break:The clock for the exam will continue and there is no break. However, you need to schedule at least one 5 minute break to energize your brain and use the rest room. Have a little snack. This will help you focus better on the task ahead instead of continu-ing nonstop for six hours.

#1 – Change Your Answers:If you are changing your answer because you can’t make up your mind, don’t do it. If after reflecting on the original answer you decide to change it, go ahead.

A study by Ludy T. Benjamin, et. al., 1984 shows that about 57% to 96% of students change their answers with the following results:Changing from a wrong answer to a right one – 57.8%Changing from a right answer to a wrong one – 20.2%Changing from a wrong answer to a wrong answer – 22.8%

19www.tamboly.com

Celebrating A Pass And Next StepsAll your hard work, persistence, and sacrifice by your family has borne rich fruits. First thank your spouse / kids / girlfriend (if you happen to have all three, WOW). Passing the CISSP® is a team effort especially if you are married or in a relationship.

Can I update my resume and call myself a CISSP®?Not until you receive your certificate from (ISC)2.

CELEBRATE YOUR PASS

5

20www.tamboly.com

First thing send an email to your CISSP® endorser and let her / him know that you have passed the CISSP® exam and that you will send the endorsement package shortly.

What is the process for CISSP® endorsement process?As soon as you start working towards the CISSP® exam, do the following:Update your resume so that you clearly reflect your security experience. You need at least five years security experience in any two of the eight domains.

If you have a four-year college degree or regional equivalent or an advanced degree in information security from the U.S. National Center of Academic Excellence in Informa-tion Assurance Education (CAE/IAE).

Or you have any of the below certificates, you will need four years of experience: ● Certified Authorization Professional (CAP) ● Certified Business Continuity Professional ● Certified Computer Examiner (CCE) ● Certified Cyber Forensic Professional (CCFP) ● Certified Ethical Hacker v8 ● Certified Forensic Computer Examiner (CFCE)  ● Certified Fraud Examiner (CFE) ● Certified Information Security Manager (CISM) ● Certified Information Systems Auditor (CISA) ● Certified Internal Auditor (CIA) ● Certified Penetration Tester (GPEN) ● Certified Protection Professional (CPP) from ASIS ● Certified Secure Software Lifecycle Professional (CSSLP) ● Certified Wireless Security Professional (CWSP) ● Cisco Certified Network Associate Security (CCNA Security) ● Cisco Certified Network Professional Security (CCNP Security) ● Cisco Cyber Security Specialist Program ● CIW – Security Analyst ● CIW Web Security Professional ● CIW Web Security Specialist ● CompTIA Advanced Security  Practitioner (CASP) ● CompTIA Security+ 

21www.tamboly.com

● CyberSecurity Forensic Analyst (CSFA) ● GIAC Certified Enterprise Defender (GCED) ● GIAC Certified Firewall Analyst (GCFW) ● GIAC Certified Forensic Analyst (GCFA) ● GIAC Certified Forensics Examiner (GCFE) ● GIAC Certified Incident Handler (GCIH) ● GIAC Certified Intrusion Analyst (GCIA) ● GIAC Global Industrial Cyber Security Professional (GICSP) ● GIAC Information Security Fundamentals (GISF) ● GIAC Information Security Professional (GISP) ● GIAC Mobile Device Security Analyst (GMOB) ● GIAC Penetration Tester (GPEN) ● GIAC Security Essentials Certification (GSEC) ● GIAC Security Leadership Certification (GSLC) ● GIAC Systems and Network Auditor (GSNA) ● Information Security Management Systems Lead Auditor (IRCA) ● Information Security Management Systems Principal Auditor (IRCA)  ● Master Business Continuity Professional (MBCP) ● Microsoft Certified IT Professional (MCITP) ● Microsoft Certified Solutions Associate (MCSA) ● Microsoft Certified Systems Engineer (MCSE)  ● Systems Security Certified Practitioner (SSCP) ● The International Association for Privacy Professionals (IAPP) Certification 

Now you must be wondering why you need to bother with the endorsement when you have not even started to prepare for the CISSP® exam.

The answer is because after you pass the exam you have just 9 months to complete the endorsement process or else you will either have to become an Associate of (ISC)² or retake the CISSP® exam.

Once you have a clear and solid endorsement plan in place it will help you study for the CISSP® exam knowing that all that is in the way of your becoming a CISSP® is the CISSP® exam.

22www.tamboly.com

Shortlist two people you know will endorse you. Once you have shortlisted them, let the endorsers know that you are studying for the CISSP® exam and that you would like them to endorse your application. Ask them if they would like to review your re-sume before they confirm.

I know what you are thinking, WHY do I need two endorsers? This is insane! No, it is not.

Remember the saying "two is one and one is none," people move, change jobs, and for other life events be prepared and have a backup.

You need to front load the work and be prepared with your CISSP® endorsement package ready to go soon after you pass the CISSP® exam.Endorsement checklist • Download and complete – Candidate Endorsement Form. • Updated resume – clearly articulating your relevant security experience. • Email your endorser – let them know that you passed the CISSP® exam.For more details on the CISSP® endorsement visit the www.isc2.org website.

What is the time limit for endorsement? All candidates who pass an (ISC)² credential examination must complete the endorse-ment process within a period of no longer than nine (9) months.

CISSP® endorsement audit – now what? You completed your CISSP® application had it endorsed and now are waiting for your CISSP® certificate; instead you get an email informing you that your application has been selected for an endorsement audit.

You do a search on Google to figure out if this is a hoax and realize that this is real.CISSP® endorsement audit – next steps

You want to know everything about the audit and what you need to do to get your CISSP® certificate at the earliest.(ISC)² selects a random number of application that are submitted for an endorsement audit. There is nothing to be alarmed or worried about. To maintain the reputation of CISSP® as the gold standard of security certifications (ISC)² conducts these audits.

23www.tamboly.com

Send in the documents and information requested at the earliest to avoid any delays.

If for any reason you will be delayed in sending any document, reply and explain your reason and provide an estimated time when you will furnish the document.

Treat the request for documents / information as urgent because if cannot provide the necessary information you will forgo your right for endorsement and will have to re-take the exam.

Communicate any change of address proactively and make sure that your correct email is on file.

Once you get the email for audit make a list of the details that you need to provide and that you will need to get from your sponsor or employer , etc. Track this list so that eve-rything is provided timely.

Gather all the information and send it out and now wait for your CISSP® certificate.

Let me know if you have any questions related to your CISSP® endorsement audit.

What ifI do not know a CISSP®* (*a person with a CISSP® credential in good standing)?

I do not want anyone at work to know that I am studying for the CISSP® exam?

I don’t want to share my resume with the only CISSP® I know.Join your local (ISC)2 chapter.

The best way to network with other CISSP®s and expand your network of information security professionals in your local area. Get excellent security training, learn about is-sues others are facing at work and how they uniquely solve those issues. What solu-tions and products worked, what did not work and why. A chance to volunteer for chapter meetings and security conferences and for earning CPEs credits in the future.

24www.tamboly.com

Attend chapter meetings, introduce yourself to the chapter officers and others. Offer to volunteer at the next meeting or any other project that needs volunteers. Let the chapter officers know that you are preparing for your CISSP® exam.

To get information and contact details about your local chapter see the chapter direc-tory below:

(ISC)2 Chapter Directory - https://www.isc2.org/ch-directory/default.aspx

I do not have any (ISC)2 chapter events close by?Attend OWASP meetings, or local security events (check out www.meetup.com or www.eventbrite.com), or local security vendor events. Introduce yourself to other in-formation security professionals and asked them if they are CISSP®s. Let a few CISSP®s know that you are preparing for the CISSP® exam and would like for them to endorse you.

Ask them if they would like to review your resume before they agree.

By attending these meetings you will be in the loop about new positions or opportuni-ties that might open up.

Information Security Meetups - http://information-security.meetup.com/

Computer Security Meetups - http://computer-security.meetup.com/

Insert your city and add security meetup to search for your local security meetup.

Search for CISSP®, information security or computer security keyword in meetup.com

How do I network with and get advice from Information Security Professionals?

I cannot attend meetings due to distance or time conflicts.

Use LinkedIn For Reaching Out To Information Security Professionals:

25www.tamboly.com

Go to www.linkedin.com and click on the Advanced Icon (see screen shot below).

In the Advanced People Search enter the keyword “CISSP®”, your location. Check the boxes for 1st Connections, 2nd Connections and Group Members under Relationship.

Now you have the list of all the people you would like to know in your local area, within your target job tiles or your target companies. How you contact them will depend on your relation-ship:

If they’re a 1st contact, you can email them or message them directly through Linke-dIn.

If they’re a 2nd contact, ask your mutual acquaintance for an introduction.

26www.tamboly.com

If they’re a 3rd contact, you have a few options: – Check their profiles. Some people list their public websites or blogs, and you can eas-ily find their contact information there.– Click on their profiles and see if they’re a member of any LinkedIn Groups.

If they are, join the Group and you’ll be able to message any member of that Group di-rectly.– Finally, you could always pay for a premium subscription on LinkedIn which will al-low you to message 3rd degree contacts. I don’t have a premium subscription but know a few people that do.

27www.tamboly.com

So you did not pass your CISSP® exam, it means you are not there yet...

It feels like a kick in the gut, especially if you missed by a few points.

There is nothing in the world that I or anyone can tell you, to make you feel better. It will hurt, but only and as much as you let it. It is going to be the worst time of your life but don’t for a moment doubt your abilities, or think that you are not capable enough

RECOVER FROM NOT YET

6

28www.tamboly.com

to pass. That the world is working against you, because you crossed the (ISC)2 gods the wrong way, that is just not true.

I know a few friends that felt exactly the same way, but now that they have the CISSP® behind them all of them agree on one thing that getting the CISSP® is truly worth it.

So when can I retake the CISSP® exam? You can take the CISSP® exam up to three times in a year. So after the first time you do not pass you can retest after thirty days, after the second time you need to wait for ninety days and after that 180 days at which point the wait time is again reset to thirty days.

My advice, get back in the game. Visualize yourself two years from today.Don’t let this temporary setback affect you, will this mean anything 10 months from to-day? Will it mean anything two years from today? Probably not because by than you would have passed your CISSP® exam and will be exchanging war stories with your coworkers. Looking back fondly at your time preparing for the exam.

Whatever your score believe me not passing the exam by a few points or a few hun-dred points is all the same.

I often get asked should I give up and call it a day? Heck No!You are not the first one or the last to not pass the CISSP® exam. It happens all the time. It may seem like you’re the only one with a ridiculously low score, but believe me it happens more often than you think. How do I know? I get emails from people who can discuss this with their spouse or co-workers.

Stay with it.You will pass the exam. Getting this far shows that you are smart enough to accom-plish that.

Pick yourself up, dust yourself off, end your pity party. You are tougher than you know, and what does not kill you will only make your stronger. You only fail if you

29www.tamboly.com

quit. It is so tempting at this point to just pretend none of this happened and walk away.

Work through this and pass.

If you were very close to a score of 700 does it mean that you were a couple of points away? Not true.

There is a gap in your understanding of a few core topics. You know what they are if you’re honest with yourself. They were the topics that you prayed that you did not see on your exam.

Restart your CISSP® Exam Study Prep and don’t leave anything out this time.

30www.tamboly.com

To maintain your CISSP® certification you will need:

Continuing Professional EducationTo remain in good standing as a member of (ISC)² you must: ● Abide by the (ISC)² Code of Ethics ● Obtain and submit the required Continuing Professional Education credits (CPEs)

MAINTAIN YOUR CISSP

7

31www.tamboly.com

CISSP®s are required to earn and post a minimum of 40 CPE credits (of the 120 CPE credits required in the three-year certification cycle) during each year of the three-year certification cycle before the member’s certification or recertification annual anniver-sary date.

Pay Your Annual Maintenance FeeSubmit Annual Maintenance Fees (AMFs) upon receipt of annual invoices.

Top Security BlogsTo stay on top of your game and abreast of all the happenings in the security world, read the below blogs. Every day during lunch now that you are not studying for the CISSP® exam read one blog for half an hour.

Comment on the posts if something interests you or you want to share your experience with others. Do not spend more than 30 minutes a day. Everyone has a right to their opinions and if you do not agree with them it is OK.

These are my personal favorites share your favorites with me.

Schneier on Security: https://www.schneier.com/

Krebs on Security: http://www.krebsonsecurity.com/

Naked Security: https://nakedsecurity.sophos.com/

SANS Institute: https://www.sans.org/security-resources/blogs

TaoSecurity: http://taosecurity.blogspot.com/

Other Security CertificationsSo I passed the CISSP® Exam, got endorsed, now what? Which exam should I study for next?

Take a break, ask your family what they would like you to do, unwind and recover from the last three months of hard work.

32www.tamboly.com

Update your resume, LinkedIn Profile (if you done it, it ain't bragging) and let your su-pervisor know.

Now what? Before you decide which other security certifications to study for, take time and ask yourself what area of information security interests you.

Do you want to advance in your current position or do you plan to explore another area?

Now that you have narrowed down your path for the next few years, select the certifica-tions that will help you the most.

Drop me a line at hello@tamboly.com to discuss.

33www.tamboly.com

The success you have with passing the CISSP® exam is directly related to...1. Your ability to believe you will be successful in passing the CISSP® exam sticking

to your study plan.2. Your ability to block time every single day to work on your study plan.3. Your ability to get your family to support your efforts.

And I covered ALL of that in this book.

I showed you HOW to network with Information Security Professionals near you, or working in positions you desire. How to get in touch with them, and more.

Now it’s UP TO YOU to take action on this material.

Because all I showed you is useless without action. Go use this material now.

If you liked my book, here’s what I want you to do next:

1. Send me an email at hello@tamboly.com saying, “Hi Niloufer, your book made a dif-ference.”

2.Leave a comment on www.tamboly.com or say hello to me on Facebook. I like to put a face to a name unlike other big name CISSP® instructors.

Subscribe to my CISSP® Exam Study Blog email list (if you have not do so already) When you subscribe to CISSP® Exam Study Blog via email, you will get free access to a toolbox of exclusive subscriber-only resources.  All you have to do is enter your email address to the right to get instant access.

WRAP UP

8

34www.tamboly.com

This toolbox of resources will help you pass the CISSP® Exam fast and get on with your life – to be able to reach your CISSP® goals, have more motivation, be at your best, and live the life you’ve always dreamed of after the CISSP® exam.  

I’m always adding new resources to the toolbox as well, which you will be notified of as a subscriber.  

Here are the details of what you’ll get in the next few weeks:

My 90-Day Study Plan For The CISSP® Exam (Video, Article & Spreadsheet). This 90-day study plan will give you an incredible sense of clarity for what you really need to make passing the CISSP® Exam within 90 days a reality.

How To Prepare Your Resume For CISSP® Exam Endorsement (Video & Article).  I will show you a resume teardown with a before and after version, because the re-sume that got you a job interview may not be sufficient for a CISSP® endorsement.

The 6 Steps To A Stress Free CISSP® Exam Day (Article). This article will help you avoid any exam day stress with step by step advice on gather-ing the necessary documents and reaching your exam center on time.

35www.tamboly.com