My reading list for 2017

I have tried my best to read as much as possible according to my study plan since my last post. Am I successful? I would say far from it. I’m still at Chapter 1, though I’m already at page 130. However, the start of Chapter 2 is at page 189. So another 50 pages more to go. Another reason I’m far from completing my reading is because I read other books in between too. My reading list is rather lengthy by now because I’m too greedy. I wish I have all the time to do just reading.

Let’s look at my current reading list for this year:

CISSP All-in-One Exam Guide, Seventh Edition – my aim is to read, practice the exam questions and take the certification exam this year. Of course, I read too in preparation for teaching most of the InfoSec courses in my campus.

CompTIA Security+ Study Guide: SY0-401, 6th Edition – the undergraduate programme under my care is going to incorporate this certification as part of the syllabus so I’m reading it to see its coverage and to reinforce my InfoSec knowledge. This book is an easy ready so far. I have completed Chapter 1.

Secrets and Lies: Digital Security in a Networked World – being an InfoSec enthusiast, Bruce Schneier is a big name in the field. I love his books. I’m so happy to find this book in my campus library. I read it for leisure at home and already halfway through. I wish my campus library has more of his books.

Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door – started reading this out of my interest in cybercrime. It’s really an interesting story and I’m really impressed with Brian Krebs’ journalism dedication in revealing the dark side of the cyber world. 

Impossible to Ignore: Creating Memorable Content to Influence Decisions – I got this book quite long ago with the intention to learn the best technique to captivate my students with my lectures. I was hoping with some good techniques, my students would not tell me that they have forgotten whatever I said in lecture. 

The Dance of the Possible – I have been following Scott Berkun for years and I’m quite in love with his books. Being his fans, we got to download his latest book for reading and review (for a very limited time). I have finished the first few chapters and they are really interesting on how we think about creativity.

Sapiens: A Brief History of Humankind – I read recently that this book is so good so being the greedy me, I went to search for it and found a copy. I have read the first few pages and they are really interesting. I wish I can write like Yuval Noah Harari. Another great author to admire.

See, I’m not kidding that I’m greedy when come to books. I wish I have all the time to just read these books. No doubt, I have been doing a lot of readings since I joined academia. Reading students’ assignments, reports, and the like. Haha!


Study plan for #CISSP

Just like any studying in whatever level, you need to have a plan. Of course, a lot of efforts are required to follow up with the plan and most importantly to make things work. In my opinion, studying for professional certification should not be harder than getting a PhD but it still requires a lot of effort in studying. Although not as tedious and long process as getting a PhD, CISSP is considered one of the toughest examination (where its coverage being infamously quoted as “an inch deep and a mile wide”) that requires serious studying to pass the certification.

Due to its enormous coverage, studying all the materials takes a very long time. For a start, choosing which study guide to start with has already taken me months. Many who have passed the certification have recommended a long list of books and study materials to improve the chance of success. However, none of these books they recommended are less than 1000 pages and many actually recommended a read from cover to cover for at least one of the study guides, not once but twice. Taking their advice, my first step is to decide which study guide to invest in and I chose this All in One CISSP Exam Guide by Shon Harris.


I found this boxed set in one of my local bookstore which I’m thankful for because sadly most of the good books are generally not available in my country, so when I found this I was elated and bought it right away. After reading on and off about CISSP for a few months, I actually fell in love with Shon Harris books. She was a great author with her well explanation in everything. Her book is the most comprehensive, therefore some may feel it is simply too much information to study. I decided on this because this book can serve as my dedicated reference guide even after the exam, so it is a good investment. Furthermore, this boxed set comes with Practice Exams which is valuable. One cannot just study without some practice for the exam.


See, I’m not joking about the thickness of this book. A total of 8 domains with 8 chapters and I’m supposed to study them cover to cover so I need a good plan to infuse studying of CISSP into my daily routine. It is not going to be easy with my heavy teaching hours during the semester but I believe it is doable with proper planning. I must learn to work with smaller chunks of free time in between teaching and admin workloads.

So before I can begin with the plan, I must first set a realistic timeline, i.e. when will I be ready to sit for the exam? I estimate to study 2 domains in one month so I need at least 4 months to complete everything so I set July to be the month to take the exam. Sound realistic enough? Should be for now.

Here is my study plan for the next 4 months:

studyplanOverall Tasks:

  • Read and make notes especially all the important concepts and terminologies
  • Complete practice exams at the end of each domain
  • Revisit areas of wrong answers
  • Cross reference with at least one other official study guide


CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide

This study guide has 21 chapters and it is more than 1000 pages long. What I value most of different study guides is the practice exams at the end of each chapter where I can try different type of questions and see how ready will I be.

Now that my plan is set, next should be to make sure I follow the plan. Wish me luck!


CISSP: The first impression

It’s finally Friday, which I’m always looking forward to, not because it’s the start of weekend but it’s the least teaching hour for me this semester on Fridays. So it means I have more time sitting in my office to do other work. As promised in my last post, I would like to write more about this Certified Information Systems Security Professional (CISSP) as I’m revising on the syllabus. Just like any other course, I thought it’s good to give an overview of this certification and my thoughts about it.

Here’s my summary about the 8 domains of information security topics that are the major focus in this CISSP syllabus:

On my first day of the training that I attended, the instructor was so kind to give us this overview plus the number of questions that are going to come up in the certification examination. He emphasized that the more questions there are in the domain, it means that domain is more important. The total number of questions in this exam is 250 multiple choices questions where 25 questions of the total are not rated questions. It means that these 25 questions do not carry any point for the overall total marks and these questions are the new untested questions. The instructor said we would never know which one would be these untested questions, no matter how much we do the exam practice. Scary at first but as with any other test, as long as we study and understand, no test is too difficult.

I’m not sure if I’m considered lucky or not. By the time I enrolled to the training, the CISSP syllabus has just been changed. Originally, it had 10 domains instead of 8. Good thing is I get to study lesser domains but not necessary lesser contents (if you get what I mean). Bad thing is most of the reference books or the best audio lectures out there are all referring to the old syllabus. Although the content does not vary that much, it’s hard to match with the new domains at first. So I went to search for any source that help in matching these domains and I finally made a summary of this:

Now this makes more sense to me and I can read the old syllabus in relevance to the new domains. Some domains do not change much and some just consolidate better in the new domains. I will start revising on Domain 1 which should be my stronger domain of all. I have also started trying out Microsoft OneNote to build my notes. Let’s see how it goes.

Hopefully, for anyone who is interesting to take CISSP, this post will be a good first impression and an overview. For those not interested in information security, sorry I bore you. Haha!