My CISSP Exam Journey

Here is a video about my CISSP exam journey.



https://youtu.be/zGof2cB9VW8

I've just passed the Certified Information Systems Security Professional (CISSP) Exam...



Get the full 'My CISSP Exam Journey' free video here.



I've just passed the Certified Information Systems Security Professional (CISSP) Exam, which was significantly updated on 1st May 2021. In this 30-minute video I will cover:



- The official CISSP course and course guide;



- The 8 Domains of CISSP, and how to take stock of your knowledge of them;



- The official practice questions and the Study Guide;



- The CISSP Exam itself; and



- Lessons learned from my journey.



I wish you every success in your CISSP journey: it's tough, but you can do it!



To get a full course on what's new in all eight Domains of the CISSP Exam outline (for FREE!) Click Here.



Transcript: My CISSP Exam Journey



Hi, Everyone,



My name is Simon Di Nucci and I've just passed the new CISSP exam; for those of you who don't know what that is, that's the Certified Information Systems Security professional. It's new because the exams have been around a long time, but the syllabus and the exam itself have undergone a significant change as of the 1st of May this year. I’m probably one of the first people to pass the new exam, which I have to tell you was a great relief because it was really it was a tough exam and it was tough preparing for it.



It was a big mountain to climb. I am very, very relieved to have passed. Now, I hope to share some lessons with you. When I mentioned that I passed on the cybersecurity groups on Facebook and LinkedIn, I got a huge response from people who appreciated how difficult it is to do this and also lots of questions. And whilst I can't talk about the specifics of the exam, that's not allowed, I can share some really useful lessons learned from my journey.



Introduction



So I'm going to be talking about what I did:



- The Official Course, and the Student Guide;



- How I took stock at the start of the revision process;



- How I revised using the practice questions and the Study Guide;



- Something about the exam itself; and



- Lessons learned.



The Official Course



So let's get on with it.  My journey was that two, or three years ago, the firm that I worked for decided that they wanted me to take the CISSP exam in order to improve our credibility when doing cybersecurity and my credibility.



I was sent on a five-day course which was very intense and it was the official book.is the official ISC2 course. And that was several hundred slides a day for five days. It was very intense. And as you can see, the guy that you get with a pretty hefty eight hundred pages of closely packed and high-quality material. I was taught by someone who was clearly a very experienced expert in the field.



It was a good quality course. It cost about $3,700 (Australian). I think that's about $2,500 (US). In terms of the investment, I think it was worth it because it covered a lot of ground and I was very rusty on a lot of this stuff. It was it was a useful ‘crammer’ to get back into this stuff. As I said, 800 pages long. I've done a lot of revising!



Practical Things



Let's put that to one side. The course was very good, but of course, it takes some time out of your schedule to do it. You need the money and the support from your workplace to be able to do that. There are now online courses, which I haven't been on, I can't say how good they are, but they are cheaper and they're spread out. I think you do a day or two per week for a period of several weeks.



And I think that's got to be really good because you're going to have more time to consolidate this huge amount of information in your head. No disrespect to the face-to-face course. It was very good. I think the online courses could be even better and a lot more accessible.  That was the course. Now, I did that in November twenty nineteen and I intended to do some revision and then take the exam probably in early.



In March, April 2020, global events got in the way of that and all the exam centers were closed down. I couldn't do that. Basically, I sort of forgot about it for a period of months. And then at the tail end of 2020, as things began to improve here in Australia at least, we've been very lucky here, exam centers reopened and I thought, well, I really should get back and, you know, try and schedule the exam and do some revision and get on with it.



Exam Preparation



So I did. And starting in the January of this year, I got my management agreement that I would spend one day a week working from home, revising, and that's what I did. Given that I took the exam in the middle of May, that's probably 18 full days of revision going through the material and I needed it. Originally, I was going to take the exam, I think, in early April, but I realized at the end of March that I was not ready and I needed more time.



So I put the exam date back to the middle of May. And it was only after I'd done that that it was announced that the syllabus of the exam was changing quite significantly. That was a, you know, extra work then. And fortunately. They. They brought out the official guide to the new exam, and I realized that quite a lot of material to learn. I went through and for example, there are eight domains in CISSP.



And for example, here's domain number two, asset security. In the pink, I have highlighted all the new things that are in the 1st of May Edition syllabus that were not in the 2018 syllabus.  and I went through all of these things and there are quite a few in almost every domain except the first one. There are significant changes.  I had to do a lot of extra revision because the syllabus had changed, but nevertheless, it was doable.



To get regular updates from The Safety Artisan, Click Here. For more introductory lessons Start Here.

#CISSP #CISSP2021 #CISSP2021Exam #cisspisanexampleofasecuritycertification #cisspobjectives #cissppearson #cisspqualification #cisspwhatisit #coursesafetyengineering #Cybersecurity #engineersafety #ineedsafety #knowledgeofsafety #learnsafety #needforsafety #safetyblog #safetydo #safetyengineer #safetyengineerskills #safetyengineertraining #safetyengineeringcourse #safetyprinciples #softwaresafety #theneedforsafety

Simon Di Nucci https://www.safetyartisan.com/2023/09/27/my-cissp-exam-journey/

How to Demonstrate SFARP

In this lesson, I will teach you how to demonstrate SFARP. I've been doing this on complex programs for 20+ years now, both in the UK and Australia. The concept of 'reasonably practicable' is much easier to apply than people think. I've watched a lot of programs over-complicate the process. We just don't have to do that! I have some practical tips for you, not just theory...



The proper phrase, from the Australian WHS Act, is 'how to eliminate or minimize risks so far as is reasonably practicable'. (The Act never uses the acronym SFARP or SFAIRP, but everyone else does.)



Learning Objectives | Topics | Transcript



https://youtu.be/Ud8WHAcY0L4

Demo of How to Demonstrate SFARP.



buy this lesson



This will build upon the post So Far As is Reasonably Practicable, where I shared the guidance from Safe Work Australia.



Learning Objectives: How to Demonstrate SFARP



You will be able to:



- Understand the SFARP concept;



- Understand the various SFARP techniques;



- Apply those techniques, in the correct order, in practice.



- These will allow you to perform most* SFARP demonstrations, confident that you know what you can and can’t do.



*A fully quantitative Cost-Benefit Analysis also requires you to understand and apply the concept of risk tolerability, which is another lesson.



Topics: How to Demonstrate SFARP



- Introduction – Reasonably Practicable;



- How to SFARP with:



- Codes, Standards & Regulations; and



- Controls, or groups of controls.



- Some practical hints on good practice;



- Examples; and



- Source information.



Transcript: How to Demonstrate SFARP



Welcome to the safety artisan, I’m Simon and in this session, I’m going to be talking about SFARP – so far as is reasonably practicable.



This is a very misunderstood topic, but we’re going to be explaining how to demonstrate that risks have been eliminated or minimized so far as is reasonably practicable in accordance with Australian work, health, and safety law.



Topics



 So, we’re going to be talking about how to demonstrate SFARP, in accordance with Australian WHS. The observant among you will notice that I don’t have an Aussie accent.  I wasn’t born here, but I have worked in Australia on safety According to WHS for 10 years.  So I have learned how to do it, and I think importantly, I’ve learned the differences from the way it’s done in the UK.



Because SFARP or ALARP is done in the UK.  Although the legislation is different incidentally have a look at the lesson on Australian WHS for that. But that’s for another session.



Learning Objectives



So our learning objectives for this session at the end of this session, you should understand the SFARP concept and what it’s all about. You should understand the various techniques that are available to you and most importantly of all, you will be able to apply these techniques in the correct order because that’s important in the real world in practice. So those are the three general learning objectives.



Having learned these things, you will be able to perform most SFARP demonstrations confident that you know what you can do and what you can’t do. Perhaps more importantly, also what you should and shouldn’t do.



I say most SFARP demonstrations because to do a fully quantitative cost-benefit analysis, you will also need to understand the concept of risk tolerability and that’s another lesson.  I will go through that in a practical example, but I’m not going to explain risk tolerability today.



Australian WHS



I’m going to go through what 'reasonably practicable' means in Australian WHS because that’s the key to the whole thing.  Then we’re going to look at our various options for determining whether the risk is SFARP or not.



First, we’re going to look at codes of practice, standards, and regulations. In the second part, we’re going to look at how we assess controls or groups of controls to see whether we’ve done enough.



 All the way through, I’m going to be giving you some practical hints and tips on good practice to use and bad practice to avoid – as part of that will cover some examples.  I’ve got one particular example at the end, which you’ll see.  Finally, some brief notes on source information and where you can get more information.



 So that’s what we’re going to cover.



Introduction



Australian WHS legislation requires us, as I think I’ve said before, to eliminate or minimize risks so far as is reasonably practicable.  That’s the origin of the acronym SFARP (you might see it written as SFAIRP), and the core concept of that is reasonably practicable.  And this concept is in the WHS Act, it’s in the Regulations and it’s in the Codes of Practice.



buy this lesson



My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!



How to Demonstrate SFARP: Any Questions?

#alarp #alarpvssfairp #demonstrateSFARP #howtoSFARP #learnSFARP #learnSFARPanalysis #reasonablypracticable #reasonablypracticablecaselaw #reasonablypracticabledefinition #reasonablypracticableexample #reasonablypracticablehealthandsafety #reasonablypracticablelegaldefinition #reasonablypracticablemeaning #reasonablypracticablewhs #sfairp #sfairphealthandsafety #sfairpvsalarp #SFARP #SFARPanalysistechnique #SFARPanalysistraining #SFARPanalysistutorial #sfarpsafety #SFARPtechnique #SFARPtraining #SFARPtutorial #SFARPvideo #showSFARP #whatdoesreasonablypracticablemean

Simon Di Nucci https://www.safetyartisan.com/2023/09/13/how-to-show-that-risks-are-sfarp/

CISSP 2021: What's New?

In this course, 'CISSP 2021: What's New?', I look at the significant changes made to the CISSP Official Exam Outline (the course syllabus). You can now get this entire course for free here.



What You Can Learn



- What's new in the CISSP Curriculum, from May 1st, 2021 (next update in 2024)



- There are still Eight Domains – D1, D3 & D7 are still broader in content than others.



- Very small changes (+/-1%) to the weighting of two domains.



- Notable changes to all domains, except D1.



- As of late 2019, some of the changes were Already in Official Course (AOC), i.e. the Student (course) Guide; Study Guide; and Official Practice Tests.



- D2: Resource types and data activities listed (AOC);



- D3: Fourteen designs/solutions listed (50% AOC); and thirteen cryptanalytic attacks listed (some AOC);



- D4: Lists several new network architectures;



- D5: Additions to all existing sub-domains & new 5.6 on authentications systems;



- D6: More detail on security test output and reporting;



- D7: Minor changes to 6/15 sub-domains; and



- D8: More detail added to all sub-domains.



https://youtu.be/-_hDlgfdbc8

This is the Introduction & Foreword to the full three-hour course.



Get the free course



Who is this Course for?



Students wishing to become Certified Information Systems Security Professionals.



Are there any Prerequisites?



I designed this course to help students prepare for the current (2021-2024) version of the CISSP Exam. It does not replace the official ISC2 course materials, but it will help you get the most out of them.



CISSP 2021: What's New?



I've just passed the new version of the CISSP Exam, and I created this Course to help you pass as well!



This course describes the changes to the Certified Information Systems Security Professional Exam Outline. Now, CISSP has been around for quite some time and the previous version of the course syllabus was established in April 2018.  In 2021, ISC2 updated the Exam Outline significantly.  In this course, I'm going to go through all of that material for you and show you what has changed, in detail, to help you with your revision.



Here, I give you an overview of what's changed and how this material has been developed for you.



In the course, we're going to cover all eight domains from 'Security and Risk Management' all the way through to 'Software Development Security.  The CISSP is a very broad course and it covers all sorts of things like physical security and fire prevention right through to some more detailed technical stuff on the workings of the Internet, software development, and security testing as well.



There have been significant changes to all of those domains except one. (There's a small change to number one, as we will see, but it's not huge.) However, Domains 2 to 8 have all gone undergone significant changes.  (Some of those changes were already in the official course material, in the study guide and some were already in the official practice tests; we will cover that too.)



Course Creation



Also, I wanted to let you know what I've done to create this course.



I went on the official five-day course, which cost about $2,500 (US), where we went through hundreds of slides per day.  You get a course guide with it, which is 800-pages long.  There is a lot of good material in there, an awful lot to learn.  In addition, I've also been through the official study guide, which is 1,000 pages and contains quite a lot of material that wasn't in the official course. 



Then there is the CISSP glossary, which is about 50 pages and that's got over 400 definitions in.  (The glossary is not so much use. It seems to be quite out of date to me. There are a lot of definitions that you don't need and quite a few that you do need that are missing.) 



The bibliography lists 50+ references for you to read.  You shouldn't have to read 50+ books and standards!



Just the first two are 1,800 pages long.  So it's an enormous hill to climb without some guidance to help you where to look.  I've included page numbers for the Official Study Guide - where it covers the material we're going to talk about.  However, even the Study Guide doesn't cover everything - as you will see.  So, I've been online and looked up the information to get you started.



Links to CISSP 2021: What's New?



Get the free course



(Learn about my CISSP 2021 Exam Journey here. That course is also FREE.)

#CISSP #cissp10domainslist #CISSP2021 #CISSP2021Exam #cisspbook #cisspbootcamp #cisspcertification #cisspcertificationrequirements #cisspcourse #cisspdomain4notes #cisspdomains #cisspexam #cisspmeaning #cissprequirements #cisspstudyguide #cissptraining #cisspwhatis #cybersecurityframeworkaustralia #cybersecurityqualificationsaustralia #cybersecurityqualificationsonline #Cybersecurity #iscisspexamhard #iscisspmultiplechoice #iscybersecurityindemandinaustralia #whatdoescisspcover #whoiscybersecurityengineer #whycybersecuritycourse

Simon Di Nucci https://www.safetyartisan.com/2023/08/09/cissp-2021-whats-new/

Introduction to Human Factors

In this 40-minute video, 'Introduction to Human Factors', I am very pleased to welcome Peter Benda to The Safety Artisan.



Peter is a colleague and Human Factors specialist, who has 23 years' experience in applying Human Factors to large projects in all kinds of domains. In this session we look at some fundamentals: what does Human Factors engineering aim to achieve? Why do it? And what sort of tools and techniques are useful?



This is The Safety Artisan, so we also discuss some real-world examples of how erroneous human actions can contribute to accidents. (See this post for a fuller example of that.) And, of course, how Human Factors discipline can help to prevent them.



https://youtu.be/FnL4XuLlvoQ

In 'Introduction to Human Factors', Peter explains these vital terms to us!



Topics



- Introducing Peter;



- The Joint Optimization Of Human-Machine Systems;



- So why do it (HF)?



- Introduction to Human Factors;



- Definitions of Human Factors;



- The Long Arm of Human Factors;



- What is Human Factors Integration? and



- More HF sessions to come...



Introduction to Human Factors: Transcript



Introduction



Simon:  Hello, everyone, and welcome to the Safety Artisan: Home of Safety Engineering Training. I'm Simon and I'm your host, as always. But today we are going to be joined by a guest, a Human Factors specialist, a colleague, and a friend of mine called Peter Benda. Now, Peter started as one of us, an ordinary engineer, but unusually, perhaps for an engineer, he decided he didn't like engineering without people in it. He liked the social aspects and the human aspects and so he began to specialize in that area. And today, after twenty-three years in the business, and first degree and a master's degree in engineering with a Human Factors speciality. He's going to join us and share his expertise with us.



So that's how you got into it then, Peter. For those of us who aren't really familiar with Human Factors, how would you describe it to a beginner?



Peter:   Well, I would say it's The Joint Optimization Of Human-Machine Systems. So it's really focusing on designing systems, perhaps help holistically would be a term that could be used, where we're looking at optimizing the human element as well as the machine element. And the interaction between the two. So that's really the key to Human Factors. And, of course, there are many dimensions from there; environmental, organizational, job factors, human and individual characteristics. All of these influence behaviour at work and health and safety. Another way to think about it is the application of scientific information concerning humans to the design of systems. Systems are for human use, which I think most systems are.



Simon:  Indeed. Otherwise, why would humans build them?



Peter:   That's right. Generally speaking, sure.



Simon:  So, given that this is a thing that people do then. Perhaps we're not so good at including the human unless we think about it specifically?



Peter:   I think that's fairly accurate. I would say that if you look across industries, and industries are perhaps better at integrating Human Factors, considerations or Human Factors into the design lifecycle, that they have had to do so because of the accidents that have occurred in the past. You could probably say this about safety engineering as well, right?



Simon:  And this is true, yes.



Peter:   In a sense, you do it because you have to because the implications of not doing it are quite significant. However, I would say the upshot, if you look at some of the evidence –and you see this also across software design and non-safety critical industries or systems –that taking into account human considerations early in the design process typically ends up in better system performance. You might have more usable systems, for example. Apple would be an example of a company that puts a lot of focus into human-computer interaction and optimizing the interface between humans and their technologies and ensuring that you can walk up and use it fairly easily. Now as time goes on, one can argue how out how well Apple is doing something like that, but they were certainly very well known for taking that approach.



Simon:  And reaped the benefits accordingly and became, I think, they were the world's number one company for a while.



Peter:   That's right. That's right.



Simon:  So, thinking about the, “So why do it?” What is one of the benefits of doing Human Factors well?



Peter:   Multiple benefits, I would say. Clearly, safety and safety-critical systems, like health and safety; Performance, so system performance; Efficiency and so forth. Job satisfaction and that has repercussions that go back into, broadly speaking, that society. If you have meaningful work that has other repercussions and that's sort of the angle I originally came into all of this from. But, you know, you could be looking at just the safety and efficiency aspects.



Simon:  You mentioned meaningful work: is that what attracted you to it?



Peter:   Absolutely. Absolutely. Yes. Yes, like I said I had a keen interest in the sociology of work and looking at work organization. Then, for my master's degree, I looked at lean production, which is the Toyota approach to producing vehicles. I looked at multiskilled teams and multiskilling and job satisfaction. Then looking at stress indicators and so forth versus mass production systems. So that's really the angle I came into this. If you look at it, mass production lines where a person is doing the same job over and over, it’s quite repetitive and very narrow, versus the more Japanese style lean production. There are certainly repercussions, both socially and individually, from a psychological health perspective.



Simon:  So, you get happy workers and more contented workers -



Peter:   – And better quality, yeah.



Simon:  And again, you mentioned Toyota. Another giant company that's presumably grown partly through applying these principles.



Peter:   Well, they’re famous for quality, aren't they? Famous for reliable, high-quality cars that go on forever. I mean, when I moved from Canada to Australia, Toyota has a very, very strong history here with the Land Cruiser, and the high locks, and so forth.



Simon:  All very well-known brands here. Household names.



Peter:   Are known to be bombproof and can outlast any other vehicle. And the lean production system certainly has, I would say, quite a bit of responsibility for the production of these high-quality cars.



Simon:  So, we've spoken about how you got into it and “What is it?” and “Why do it?” I suppose, as we've said, what it is in very general terms but I suspect a lot of people listening will want to know to define what it is, what Human Factors is, based on doing it. On how you do it. It's a long, long time since I did my Human Factors training. Just one module in my masters, so could you take me through what Human Factors involves these days in broad terms.



Peter:   Sure, I actually have a few slides that might be useful –  



Simon:  – Oh terrific! –



Peter:   – maybe I should present that. So, let me see how well I can share this. And of course, sometimes the problem is I'll make sure that – maybe screen two is the best way to share it. Can you see that OK?



Simon:  Yeah, that's great...



(See the video for the full content)



Introduction to Human Factors: Leave a Comment!

#coursesafetyengineering #engineersafety #HF #humanfactors #humanmachinesystems #ineedsafety #jointoptimization #knowledgeofsafety #learnsafety #needforsafety #safetyblog #safetydo #safetyengineer #safetyengineerskills #safetyengineertraining #safetyengineeringcourse #safetyprinciples #safetytraining #softwaresafety #theneedforsafety

Simon Di Nucci https://www.safetyartisan.com/2023/08/02/introduction-to-human-factors/