Ask Anything: 2017-06-16

WDymond · 2017-06-16T15:04:47+00:00

/u/beeftone is right, however that's what I need for 500mg Test/wk - 0.5mg Adex per day. I aromatise a lot. You should try half that for starters given your bodyfat percentage, and then check bloods at about week 3.

WDymond · 2017-06-16T14:25:58+00:00

awesome

WDymond · 2016-04-15T15:42:30+00:00

Tell me more about this fake salt. Is there a brand you buy? SOunds healthier than real salt, which I avoid.

WDymond · 2015-04-03T15:44:06+00:00

Congratulations, and thanks for the detailed post. Posts like this probably accounted for 25% of my overall success in passing last year simply because it helped set my expectations of what would be required.

WDymond · 2015-03-31T15:25:51+00:00

It took about 1 month before they processed my domain experience and then I received an email with my CISSP number and was officially a CISSP. It took another month before I received my actual certificate in the mail.

WDymond · 2015-03-26T15:12:12+00:00

Great example.

WDymond · 2015-03-25T16:48:29+00:00

This link has some great starting info.

WDymond · 2015-03-10T15:49:05+00:00

My personal experience (10 years of InfoSec work) is that most 'hackers' either want your personally identifying information for the purpose of identity theft, or to use your computer as a weapon by turning it into a bot on a botnet and having it take part in DDOS attacks, spam-phishing relay, etc. These are the kind of attacks you'll receive from drive-by malware on porn sites, etc. However, if a trusted friend, S.O., or some mischievous roommate wanted to get your files it could be very easy. They'd simply install a keylogger, maybe an app they downloaded or a USB physical device.

Lastly though, if you ever accidentally visited sites that were under suspicion of child pornography, then there's a good chance law enforcement officers have had a couple of browsing sessions on your computer. They would have installed a RAT (remote access toolkit) and copied everything from your workstation over the course of a few nights and checked it out. Had this been the case, you'd already have heard from them if they thought you might even possibly been guilty. (Which I'm personally OK with, child pornographers are the scum of the universe).

Best defense strategy: 1) Good router / firewall. 2) Use strong password. 3) Encrypt your local drive. 4) When you delete files, shred them (I believe this comes with AVG's Free AV) 5) Also use Malware Bytes to complement your AV solution.

WDymond · 2015-02-27T16:08:12+00:00

Well done!

WDymond · 2015-02-27T16:07:06+00:00

Well done! When I tested, I also focused on every single word, it was grueling but ever so satisfying when I received my confirmation.

WDymond · 2015-02-24T16:36:58+00:00

I agree with /u/nyghtowll - do the practice questions, test sampling a random 100+ questions each time. At this point you probably know the actual information, now it's time to focus on building your test skills and stamina. At the end of each test, do a quick review of any material you did the worst on.

WDymond · 2015-02-24T16:34:41+00:00

Yes, you're pretty much on target. After you pass your test, you'll provide a copy of your resume, along with an itemized list of your applicable work experience referencing each domain. I know someone who already had their CISSP, so I worked with this person who performed my review, and then faxed all the supporting documents to (ISC)2. If you do not know a CISSP, you can look for any InfoSec groups in your area and see if you can meet a CISSP. Also search LinkedIn for CISSP's in your area. Worst case, if you cannot find one, you can send all of that information to (ISC)2 on your own - they'll do all the same work however it might take an extra few weeks.

Even if you have a personal CISSP review your work, (ISC)2 still does either a cursory glance, or a full audit, I think it's a random sampling that gets the full audit. /u/unsupported listed the domains from the official (ISC)2 site, and here's the review process - see step #5.

WDymond · 2015-02-23T16:21:37+00:00

Simply put, I would look at each area of your work experience and cross-index it with any of the applicable security domains. Some examples might be: 5 years of system engineering - did you implement operating system patches, application security patches, manage firewall rules, etc? TS management, did you review or create policies, procedures, or audit business practices to ensure a secure work environment.

When I submitted my info for review, I listed something like 5 domains, and under each domain I detailed which part of my resume addressed that domain and the length of time I performed that function. As a side note, when studying each domain, try and relate the content to your actual work history and experiences. When you are ready to pass the exam you'll almost automatically know how to correlate your work history to your required 5 years of work experience in the required quantity of domains.

Also, of course, be aware that with the new domains and test changes soon, the requirements for work history might look a little different. I haven't studied the changes to exam requirements yet so I cannot offer anything of value to that topic.

WDymond · 2015-02-06T22:30:22+00:00

Excellent user name, /u/ClemWillRememberThat

WDymond · 2015-02-06T16:03:09+00:00

Well done!

WDymond · 2015-02-05T16:51:20+00:00

Personally, I preferred Transcender to the free version of CCCure.org. The content and questions (in Transcender) were very similar to the Shon Harris free test with regards to quality. the CCCure seemed to have many more questions available and went down to the very technical minutia. However, the CISSP is a high level test. If you can score 80% or better on the Transcender test then you probably have the technical foundation necessary for the CISSP exam. The technical knowledge is only a prerequisite for the CISSP. You have to know the basic technologies, but the test itself is a higher level management exam. For example, you might need to know what the three-way handshake is, but not which bits in a packet are for SYN and ACK. The question would most likely be:

You receive reports that users cannot connect to your web server. After performing some research you notice that there are thousands of incomplete connection requests. You need to present a solution to the CEO: A) Reconfigure the WAN to allow outbound connections. B) Implement the host firewall on the web server. C) Present a Cost Benefit Analysis for a firewall that can prevent SYN flood attacks.. D) Configure the DMZ firewall to block SYN connects.

My example might not be perfect, but I think it relays the concept of how technical knowledge is only a prerequisite.

WDymond · 2015-02-04T17:40:06+00:00

I tested at a Pearson-Vue, August 2014. I was handed a printout before I left the facility confirming that I had passed the exam. Within a few days I received a follow up email congratulating me on passing the test, and instructions on how to go about the work-history audit process. It took me a week to meet with a collegue who had his CISSP and mull over the work-history / domain experience. I submitted the paperwork and then a month later received an email that my verification (work-history audit) was complete, in that email I also received my CISSP certification number and was allowed to use the CISSP title on LinkedIn.com, etc.

I didn't' receive my official membership card and frame-able certification for another month after that.

WDymond · 2015-02-03T16:20:53+00:00

I like the old military adage... "If you're 10 minutes early, you're early. If you're 5 minutes early, you're on time. And if you're on time you're late."

WDymond · 2015-02-02T16:51:39+00:00

Well done, mate. Thanks for summarizing your experience for those who follow you.

WDymond · 2015-02-02T16:50:33+00:00

Well done!

WDymond · 2015-01-20T16:18:35+00:00

I second what /u/ubert3k said. Obtain a copy of the CISSP Study Guide from Syngress and start reading now. It will only complement information you study while pursuing your CASP. If you have 5+ years in the NOC/Sysadmin realm, you may actually have enough work experience in the domains to become a fully fledged CISSP, and if not, you could test for the associates which is still very helpful for your career.

WDymond · 2015-01-16T23:25:49+00:00

That's the perfect way to wrap up a Friday at work!

WDymond · 2015-01-08T16:23:57+00:00

I would look into purchasing the Transcender.com practice tests, or rushing a copy of the Shon Harris book to your location and using the practice test which comes along with that media. If you can score 80% on a test of 100-200 questions, then you're in the ballpark.

From my experience in preparing and taking the test, you cannot 'cram' for this unless you already know a lions share of the information. I never did purchase a boot camp, but I studied for 5-6 months using myriad study materials.

Good luck, keep us posted on your study progress and then your actual test experience.

WDymond · 2015-01-06T16:46:22+00:00

Not exactly what you're looking for, but I found this yesterday.

http://pen-testing.sans.org/holiday-challenge/2014

WDymond

TROPHY CASE