I Passed the CISSP Exam!

“…The people who pass are those that simply start and keep going. They have grit and determination. They show up. Then there is everyone else. They don’t.”
– Nathan House, CEO, StationX

Preface

On December 27th, 2023, I passed the Certified Information Systems Security Professional (CISSP) exam on my first attempt at question 125, roughly 2 hours and 5 minutes in. This post is to share how I managed it, what helped me, and what didn’t.

About the CISSP Exam

At the time of writing, the English-language CISSP exam is only offered in CAT (Computerized Adaptive Testing) format and is between 125 and 175 [multiple-choice] questions long.

For those who are taking the exam on or after April 15, 2024, be aware of the following changes:

  • Domain 1’s weight increases by 1%, and Domain 8’s weight decreases by 1%
  • The total number of questions will be reduced from 125-175 to 100-150
  • The time limit will be reduced from 4 hours to 3 hours

Preparation Strategy

Beginning in August, I committed to spending 5-7 hours a week on CISSP study, which included books (physical and digital), video courses, and practice questions.

Courses and videos:

  • Derek Fisher’s Ultimate Cybersecurity Course & CISSP Exam Prep (StationX, August-October 2023)
  • Thor Pedersen’s CISSP Video Bootcamp series (StationX, October-December 2023)
  • Peter Zerger’s CISSP Exam Cram (YouTube, December 2023)

Derek Fisher’s course is a good introduction to the CISSP material but doesn’t go into much detail. I object to using the word “ultimate” in the title because this implies that it’s the final word when it should be the first.

Thor Pedersen’s course goes into much more detail and includes other goodies such as external links, downloadable study notes, and practice quizzes for each domain.

Peter Zerger’s CISSP Exam Cram was the best of both worlds, concise and complete.

Books:

  • The Official (ISC)2 CISSP CBK Reference 6th Edition
  • (ISC)2 CISSP Official Study Guide (both 8th and 9th editions)
  • All-In-One CISSP Exam Guide 8th Edition
  • How to Think Like a Manager for the CISSP Exam

I didn’t read any of these books cover-to-cover. Instead, I used them as reference material and for their practice questions.

Practice Questions:

  • End-of-domain course quizzes
  • Peter Zerger’s CISSP practice test
  • CISSP Official Practice Tests
  • TotalTester CISSP practice exams (came with All-In-One CISSP Exam Guide)
  • WannaPractice CISSP practice exams
  • Boson CISSP practice exams

Altogether, I completed about 3,000 practice questions. This helped me develop my time management, question analysis, and answer evaluation skills. It also helped me to identify which areas I was weakest in so I could focus my study efforts.

In the last week leading up to my test date, I averaged 80-84% across multiple sources on my complete practice exams.

Additional Activities:

  • I actively participated in an online study group hosted on StationX. I posted a summary of my weekly progress and screenshots of quiz/test results and articulated my intentions for the following week. This helped me stay on track and accountable.
  • I explained the CISSP concepts I was learning to friends and family members. Thor Pedersen is a big advocate of this, and I can attest that if you can’t teach it, you don’t understand it.
  • I invented mnemonics to memorize concepts I struggled with but was unlikely to ever use in my day-to-day work.
  • I researched topics from sources that were not CISSP-specific/centric (e.g., cryptographic systems, networking concepts, security models, etc.). The CBK doesn’t always provide detailed information, so having additional sources of information helped me contextualize what I was learning.

Afterthoughts

In a conversation with Nathan House, CEO of StationX, shortly after passing the exam, he said to me:

“I knew you would pass. If not the first time then the next. Because I see it all the time. The people who pass are those that simply start and keep going. They have grit and determination. They show up. Then there is everyone else. They don’t.”

There’s a lot of truth to that. Passing the CISSP exam has been a professional goal of mine for years, and I wasn’t entirely sure I could do it until I did. It’s also important to understand who it’s for and what it’s supposed to represent.

This is not an entry-level certification, despite many job postings that would elude to the contrary. It’s intended for experienced professionals with 5 years of experience (or 4 years of experience and a four-year degree or one of a handful of certifications).

That’s not to say that you couldn’t study hard and pass it with little to no preparation or experience; some have, but why would you want to? What would this prove other than to suggest that you’re a good test taker? Waiting until I had the requisite experience, desire, and incentives made the process all the more worthwhile.

My best advice to anyone considering taking the CISSP is to ensure you have as much time as you need. Think of it as a marathon rather than a sprint. For me, this took about four and a half months. As you work your way through the process, test your knowledge often and focus your time on the areas you’re weakest in.

Above all, try to learn, retain, and apply something new every day.

If at First Your Don’t Succeed, CLI, CLI Again!

I recently encountered the following error when attempting to update the default antispam policy GUI (https://security.microsoft.com/antispam) for a new client’s Exchange 365 tenant:

“…The command you tried to run isn’t currently allowed in your organization. To run this command, you first need to run the command Enable-OrganizationCustomization.”

So, I fired up an instance of Exchange Online PowerShell and tried to run the Enable-OrganizationCustomization cmdlet…

Connect-ExchangeOnline
Enable-OrganizationCustomization

…but I was told it was already enabled!

“This operation is not required. Organization is already enabled for customization.”

If the CLI was insisting that Organization Customization was already enabled, who was I to argue? So, I switched gears and attempted to implement the change through PowerShell instead:

Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList [IP Address]

Not only did this work, but the change was also reflected in the GUI! Subsequent changes through the GUI were also successful (i.e., no more prompts to enable Organization Customization).

Targeted Email Removal with Exchange Online Powershell

In the course of administering an Exchange Online instance I’m occasionally asked to locate and remove an email (or set of emails) from the entire tenant. The quickest way to do this is via PowerShell:

Connect to the Exchange Online instance, enter your credentials when prompted:

Connect-ExchangeOnline

Next, Connect to the Security and Compliance Center PowerShell, entering your credentials again when prompted:

Connect-IPPSSession

Now that you’re connected, you can create a new compliance search to locate the email(s) you wish to remove:

New-ComplianceSearch [SearchName] -ExchangeLocation 'All' -ContentMatchQuery 'from: "*@something.com"'

In the example above, I’m searching for all content across all mailboxes from a specific domain (e.g. @something.com), but you can modify the scope of the search by adjusting the location and content match query (i.e. searching by subject or just looking at specific mailboxes/folders etc.).

Once the search is created, you will need to start it:

Start-ComplianceSearch [SearchName]

While the search is ongoing, you can check on its status:

Get-ComplianceSearch [SearchName]

NOTE: You can use the |fl parameter to obtain additional information on the compliance search status.

Once completed, you can use the purge the emails located by the search:

New-ComplianceSearchAction -SearchName [SearchName] -Purge -PurgeType SoftDelete

 

Parameter Hunting: Part II

In my last post on the subject, I discussed the concept of using Process Explorer to discover switches you can use for unattended installs/uninstalls used in enterprise software deployment.

Like before, I have a pesky setup.exe package that wants to guide me through an installation GUI, and would not respond to the usual setup.exe /s /q etc. and so forth…

This particular installer was for a very obscure serial hub manufacturer so there was Googling my way out of this; instead I needed to figure out what was used to build the installer, then work backward from there.

Once against, I launched my trusty Process Explorer (as Administrator) and inspected the setup.exe’s process…to my delight, scrolling down the “Strings” tab I came across this:

Note the string, “This installation was built with Inno Setup.” With that in mind, I was able to look up the documentation associated with the package builder to discover the built-in parameters I needed for silent installation.

While this specific technique might not work for every situation, it never hurts to have another tool in your toolbox!

Email Hide and Go Seek: How to locate a specific email (down to the folder) in Office 365 using PowerShell

In many organizations, end users receive too much email to manage effectively. Many utilize rules to filter emails into specific buckets to make them easier to find. Over time, these rules compound, and could eventually lead to unintended consequences (i.e. receiving an email but being unable to find it).

When this happens, I’d typically run a quick message trace to establish whether the email was actually delivered or not. Many admins will stop there, advising the end-user to check their rule settings, but using PowerShell, we can find the email(s) for them!

First, let’s get logged into the Office 365 tenant:

$Credential = Get-Credential
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $ExchangeSession

Next, we can determine how many emails match the criteria in case there are more than one (Optional):

search-mailbox -EstimateResultOnly -identity [target user] -searchquery 'from:"[sender emai]" AND subject:"subject"'

Now for the coup de grâce, to reconstruct precisely which folder and sub-folder(s) of where the email(s) that match that criteria are in the user’s inbox:

search-mailbox -identity [recipient] -searchquery 'from:"[sender]" AND subject:"[subject] "' -targetmailbox "[your email] " -targetfolder "SearchResults"

In your inbox, you’ll see a folder called ‘SearchResults’. Using this, you can guide the end-user through the folder structure on their own Inbox that they’ll need to traverse to get to the desired email(s).