WyzGuys Tech Talk

By Madura Malwatte

Posted on Linked in and Reddit

“Think like a manager” – a phrase synonymous with the CISSP

For those who come from a technical background, cultivating the appropriate mindset is crucial when tackling the CISSP. Answering the exam questions solely from a technical standpoint, delving too deeply into problem-solving specifics, may lead to an unsuccessful outcome.

I’ve curated a list of ESSENTIAL TIPS to consider from valuable content accessible on YouTube and other sources.

1. Human safety comes first
2. Order of choice: People > Process > Technology
3. All decisions start with risk management, which begins with evaluating assets
4. There is no security department without the business
5. Pick the most broad/high-level answer
6. Which choice would senior management/CISO choose?
7. Isolate from the answers, the:
– manager answer
– technical answer
8. You are an advisor, not a technician. Don’t fix problems.
9. Don’t spend $10 to save $5. Look for the cost-justified / cost-benefit answer (is it value for money?).
10. Security should meet business goals which means “just enough” security
11. Does one choice do some or all of the other choices?
12. If you pick one choice, you can’t do the other choices
13. The better answer is:
– more general
– more attuned to risk
– has better cost-impact/cost-benefit
14. From the CIA – Availability (criticality) is a better choice
15. If it is a “goal” then eliminate the activities
16. “Prevent” means stop something from even getting a chance to happen
17. Incorporate security into the design – early in the SDLC, not an add-on for later
18. Think high-level and end-game – risk, policy, governance, the business, etc
19. Justify your answer
20. Don’t add more info to the question

I had this note posted on the wall between my desk and surfboard for a constant reminder (includes a special unicorn smiley my daughter made to go with it).

Luke Ahmed, Andrew Ramdayal, Kelly Handerhan, Guenevere (Gwen) Bettwy, Larry Greenblatt, Prabh Nair