Showing posts with label FAQ. Show all posts
Showing posts with label FAQ. Show all posts

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.

Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:

  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security

Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:

  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance

Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 29 October 2014

Ask an Instructor


Do you have an IT or project management issue you just can’t fix? Google can’t answer everything, and you can never be sure of the expertise of respondents from IT forums.

At times like this you need a professional you can trust, who really knows their stuff. This is the core principle behind Firebrand's new Beta, the "Ask an Instructor" project

Ask the professionals 

Today we have added the Ask an Instructor section to the Learn platform and throughout November you can pose your questions to Firebrand instructors. In return you’ll get in-depth responses and opinions from professionals that understand their subject inside-out. 

Learn from professional consultants with decades of experience / Stuart Miles

Our Firebrand instructors are cross-certified professionals with years of experience. They range from renowned authors to senior information technology consultants, with extensive real-world knowledge.  

How will the Beta work?

To ask a question, here is what you need to do:

  • See if your certification is included in the Beta by checking the list below. Check back during November as the list could change
  • If your certification is included, send your questions to:
  • Your question will be answered within the time-frame specified in the list below. Questions will not be answered before or after this date
  • Answers will be emailed to you and will also be published on the website. We will maintain your anonymity should your Q&A be published.
  • Instructors WILL NOT answer actual exam questions.

Upcoming Schedule

  • 03/11/2014 to 08/11/2014 - Microsoft MCSE: Messaging (Exchange 2013)
  • 05/11/2014 to 07/11/2014 - APMG PRINCE2® Foundation & Practitioner
  • 10/11/2014 to 13/11/2014 - PMI PMP® Certification
  • 10/11/2014 to 15/11/2014 - Cisco CCNA (Routing & Switching)
  • 10/11/2014 to 18/11/2014 - Microsoft MCSD: Web Applications
  • 15/11/2014 to 23/11/2014 - Microsoft MCSA: Windows Server 2012 R2
  • 15/11/2014 to 23/11/2014 - Microsoft MCSA: SQL Server
  • 24/11/2014 to 26/11/2014 - ISACA CISA (Certified Information Systems Auditor)
  • 24/11/2014 to 29/11/2014 - Microsoft MCSE: SharePoint 2013

About the Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the industry for almost 3 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.

Friday, 8 August 2014

See what happened when we asked our Project Management instructor your burning PMP questions


We sat down with Pash Lal, resident Project Management expert and Firebrand instructor, to answer your burning PMP questions. Pash is a qualified trainer in PRINCE2, PMP and Polychor Integrated Change.

Q. As a Project Manager, is PMP certification really necessary?

A. Yes. The PMP is an internationally recognised verification of your existing skills, knowledge and experience. 

Improve your project management skills and lead better projects
Image courtesy of  Renjith Krishnan / morgueFIle

The exam is based on 200 multiple choice questions, each having varying degrees of difficulty. 

Going through each question to read, digest, understand and identify what the questioner is really asking for, takes time. In order to select the correct answer, your level of analysis could vary from 30 seconds to five minutes (if you are not careful).

You are not just relying on what you may have learnt during the course and what you have picked up through reading the manual. You’ll also be relying on your own skills, experience and expertise to arrive at the correct answer.

The PMP exam assumes you understand all 42 processes, their inputs, outputs, tools and techniques. Some processes will require you to utilise up to 15 of the tools and techniques.

The employer needs a way of being able to compare between different Project Managers from other PMs and this is one way of doing so.

Q. What are the core principles of PMP?

Q. Is there any way round PMP pre-requisites?

A. No, these are the PMI rules and REPs are not allowed to bend or bypass them.

Q. What is the best book to help me prepare for PMP certification?

A. There is no one book which, on its own, will fully prepare you for the PMP exam. 

I would recommend you have the PMBOK Guide Fifth Edition as a minimum as this is what the exam is based on.  However be aware it does not contain everything required for you to be able answer each of your 200 exam questions correctly.  After all, it is only a guide to a vast Body of Knowledge. 

If you have this book, then look carefully in each section and where it mentions other areas, techniques, theories or specialisms, as you will need to research this yourself. 

The Rita Mulcahy book “PMP Exam Prep Learning Exam” is well thought out and structured and a lot of people rate it highly.  However the authors have added processes which do not map out against the PMBOK Guide® processes and are potentially confusing. 

The Kim Heldman book “PMP: Project Management Professional Exam Study Guide” is also well thought out and structured, however its flow is against the 5 domains and the author has not allowed for easy mapping against the PMBOK Guide®’s knowledge areas.  Additionally the question style needs to be brought up to date and maybe this has been or will be done in the move to the 5th edition.

Q. What is the main difference between PRINCE2 and PMP?

A. PRINCE2 Foundation and Practitioner is the accreditation offered by APMG in the UK, owned by the Cabinet Office and is crown copyright. 

It has a structure of:
  • 7 Processes: that contain many activities
  • 7 Themes: alongside information, guidelines and content to be able to carry out the process activities
  • 7 Principles: bedrock principles which, if not applied, the project is not a PRINCE2 project
  • 3 Procedures
  • 2 Techniques
The techniques are both optional.  It is seen as structured and applicable (read apply-able) to all projects of any size in any industry but it does not give a focus at all to the people skills without which the project will fail. 

Just ask yourself which Project Manager would you rather work with?  Project Manager #1 is in a constant bad mood, takes no interest in his/her team, barks the orders and castigates you publicly if things don’t go according to plan.  Or Project Manager #2, who smiles when he/she walks in, greets you and asks you how you are, shows a genuine interest when they ask you about your project and individual progress, makes you feel valued, etc…

Deciding which Project Management course to study can be a difficult choice
Image courtesy of Danilo Rizzuti / morgueFIle

The PMP is an accreditation offered by the PMI (Project Management Institute) and is their copyright.  It is a structured methodology which has 5 process groups with 42 processes (47 in the 5th edition), each of which has inputs, tools and techniques and outputs. 

It includes a focus on:
  • People skills
    • Leadership
    • Motivation
    • Communication
    • Stakeholder management
    • Team building
    • Conflict resolution
  • Scheduling techniques
  • Communication and procurement

All of these focuses are covered to a level not seen in PRINCE2.

Q. How long does the PMP certification last?

A. The certification lasts for life.  You have to demonstrate your continuing professionalism and dedication to maintaining your expertise and knowledge, through recording a minimum of 20 PDUs (professional development units) each year in a 3 year cycle.

Q. Will I need to recertify when PMBoK 6 comes out?

A. You do not need to take the PMP exam again for the rest of your life.  You only have to demonstrate your continuing professionalism and dedication to maintaining your expertise and knowledge, through recording a minimum of 20 PDUs (professional development units) each year in a 3 year cycle.

Q. How do I record and prove 4500 hours for PMP pre-requisites

A. By looking carefully at the work you have done over the last 3 years either working in a project or more preferably, in managing a project.  The character limit is quite small, set at between 300 and 550 characters, so you don’t have much room to describe what you have done.

They need your submission to be short, sharp and focused, a bit like your behaviour and performance as a Project Manager in real life.

I would recommend a one liner to describe the Project Objective (that’s right, just one or you may have used your entire limit without having described what you actually did) e.g. Objectives: to design a new staffing structure and implement across the 5 functions.

Next should be the deliverables which you produced and handed over e.g. Deliverables: stakeholder analysis completed, requirements gathered, best practice research conducted, new structure designed, stakeholders consulted, board approval obtained, new structure communicated and implemented.

Just to put this in perspective, just these two lines above (Objectives and Deliverables) are 302 characters including the spaces!

Lastly I would suggest you have a finishing line to detail the outcome e.g. Outcome: New staffing structure designed, communicated and implemented successfully; customer satisfied.

The above is 406 characters and there is space for some more words but not too many as you can see.

The next bit is then adding up the hours and apportioning them across the 5 domains.  If you had worked on this project full time for 10 months, and worked an 8 hour day, then 8 hours x 306 days x (6 months x31 days and 4 months x 30 days) = 2,448 hours.  This one project is about half of your total required.  Obviously you will need another project to get to 4,500 hours or more.

For each project you will need to work out how much time you spent on each domain (Initiating, Planning, Executing, Monitoring and Control, Closing) and record them in each box provided.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.