Motivation
With all the data breach incidents in the news lately, I was worried about making a similar mistake. (Back in college, I accidentally wiped out my student club’s database…) Of course, anyone’s PC could be hacked, and I don’t think blaming the person is a good culture. But I still really don’t want my PC to be the cause of a data breach! So I decided to start building knowledge, and as a first step, I got the Registered Information Security Specialist (RISS) certification from IPA. I passed that partly by luck, so I wanted to study more. That’s when I heard about the CISSP (Certified Information Systems Security Professional) certification in the security industry, and decided to take it. (The name sounds cool too…)
Note
To receive CISSP certification, you need to both pass the exam and have 5 years of professional experience. Since I don’t have enough professional experience yet, I currently have Associate member status. So technically, I haven’t obtained CISSP – I’ve only passed the CISSP exam.
Study Period and Materials
- Study period: early June to late September 2024
- Choosing materials: Since I didn’t know anyone with the certification, I asked a security specialist at my company for advice.
Books
- Official (ISC)2 CISSP CBK Reference (Japanese Edition)
- CISSP Official Practice Tests (Japanese Edition)
- Eleventh Hour CISSP: Study Guide
- Official Practice Tests (English Edition)
- CISSP Exam Cram (English Edition)
- CISSP Study Guide (English Edition)
Articles
- CISSP Study Notes
- Other internal company articles
Videos
- Udemy courses
- [Japanese] CISSP Course for Beginners: CISSP Domain 1 Video Learning 2024
- …..
- [Japanese] CISSP Course for Beginners: CISSP Domain 7 Video Learning 2024
What I Did
- Got an overview of the material from articles.
- Went through the Udemy courses twice.
- Read the CISSP CBK Official Guide once + solved the included questions 3 times.
- Went through the CISSP Official Practice Tests 4 times.
Additional Reading
During this period, I read or re-read the following books. (Some of these were read for personal interest and aren’t directly related to the exam.)
- Hitoshi Nagashima. Security Technology Textbook, 2nd Edition. Kindle.
- Shigeo Mitsunari. Illustrated: Cryptography and Authentication Mechanisms and Theory. Gijutsu-Hyoron. Kindle.
- Andrew Stewart; Keirin Kobayashi (trans.). A Vulnerable System: The History of Information Security in the Computer Age. Hakuyosha. Kindle.
- Daniel J. Solove; Woodrow Hartzog; Taro Komukai (trans.). Breached! Why Data Security Law Fails and How to Improve It. Keiso Shobo. Kindle.
- Security Group Sprout. Dark Web (Bunshun Shinsho). Bungeishunju. Kindle.
- Masaru Kotani. Intelligence: How Nations and Organizations Should Handle Information (Chikuma Gakugei Bunko). Chikuma Shobo. Kindle.
- Asuka Nakajima. Cyber Attacks: What’s Happening Behind the Scenes of the Internet (Blue Backs). Kodansha. Kindle.
- Yasuhiko Taniwaki. Cybersecurity (Iwanami Shinsho). Iwanami Shoten. Kindle.
- Kazuki Omote; Yukihiro Nakamura. Defending Corporate Systems from Cyber Attacks: OSINT Practical Guide. Nikkei BP. Kindle.
- Teruyoshi Adachi. Introduction to Cybercrime (Gentosha Shinsho). Gentosha. Kindle. I also started listening to this audio content:
- podcast - #Security no Are
Cost
It cost more than I expected. (All self-funded.)
- CISSP CBK Official Guide: 27,500 yen
- CISSP Official Practice Tests: 3,300 yen
- Exam fee: 144,469 yen
- ISC2 registration fee: 7,420 yen Total: 182,689 yen Including cafe costs for weekend studying and related books, it exceeds 200,000 yen. (Denny’s drink bar at 308 yen was a lifesaver.)
Note
I chickened out and bought a two-attempt exam voucher using this campaign, so the exam fee is a bit higher: https://x.com/ISC2_Japan/status/1820614927884955882
I wish I could be the kind of person who goes all-in on the first attempt…
The Exam
The CISSP exam can only be taken at two locations in Japan – Tokyo and Osaka – and only on weekdays, which made scheduling difficult. In the end, I took a day off the day before a trip to Korea to take the exam.
At the testing center, there were strict security checks including vein authentication and photo registration. This is all for the certification’s credibility. I was also surprised that results were printed out the same day.
Reflections
The Good
- Gained broad knowledge
- My knowledge expanded tremendously, from communication protocols to physical security of data centers.
- Made new discoveries
- Understanding the underlying mechanisms of things I use in daily work changed my perspective. Learning about WPA, RADIUS, Kerberos authentication, and others was particularly valuable.
- Deeper understanding of company policies
The Bad
- A lot of money gone at once
- Before I knew it, I had also ordered an iPhone 16 Plus and Apple Watch 10… Starting next month, I’m definitely switching to a frugal lifestyle.
Future Goals
- Apply to my work
- I want to leverage this security knowledge in daily development and operations.
- Aim for full membership
- Build professional experience to move from “Associate” to full member. I want to take on more security-related projects and earn trust within the company!
In Closing
Thank you to anyone who stuck with this rambling post (if anyone actually did). This serves as a memorial for the exam fees and my iPhone 16 Plus and Apple Watch 10.