How getting a CISSP can change the course of a career

Technical certifications are increasingly in demand with 87% of IT employees possessing at least one and 40% pursuing their next, according to Questionmark. Despite cybersecurity pros being more likely to have earned vendor-specific credentials, they think job pursuers should focus more on getting vendor-neutral ones.

In this interview with Help Net Security, May (Maytal) Brooks-Kempler, CEO at Helena, talks about her CISSP journey. Seven years ago she passed the CISSP exam, and today she teaches a CISSP course based on materials she co-authored.

What first motivated you to become a CISSP?

I decided to tackle the CISSP exam after about 10 years in the industry. At the time I was working as a senior consultant and wanted to push myself to the next level.

Having been in the industry for a long time, most of my professional knowledge came from on job training, and I felt the CISSP will give me the opportunity to really examine and widen my knowledge.

How long did it take you to get certified? How did you organize the study process?

I started thinking about the CISSP two years before actually taking the exam. Although I usually prefer self-study, both my BA and MBA are from the open university, with the CISSP I felt that I needed an official course. I started and official course in June and passed the exam in August. In total it took me about 2.5 months of intense studying to take and pass the exam.

The course I took was built as an in-class program running twice a week. Before each session I reviewed the content using two leading books – the (ISC)² official study guide, and the CISSP all-in-one guide by the late Shon Harris.

Reviewing the content before class allowed me to make the most out of each session. Since I knew I was going on vacation in August, I had a firm date in which I had to take the exam, so that gave me the structure I needed.

In the two weeks leading to the exam, I reviewed as many sample questions as possible, using different resources such as (ISC)² official questions, Shon Harris, Eric Conrad’s 500 questions etc. each resource gave me a different angle and approach, and in total I must have reviewed over 1,500 questions.

For each question I reviewed I asked myself whether I had a luck guess or know the material. As days went by, and I revisited domains I felt I needed extra work on, my knowledge and confidence grew, until I took (and passed) the exam on August 2014.

Many wonder about the benefits of getting a CISSP, how did it help your career?

For me the CISSP was a turning point, giving me a needed boost of professional confidence as well as many incredible opportunities: from teaching the CISSP and other courses to job opportunities, speaking engagements, and of course co-authoring the HCISPP study guide in 2019 and the CISSP study guide in 2021.

Since taking the CISSP my professional life has changed, I founded my own company, went on stage as a TEDx speaker, formed the (ISC)² chapter in Israel, published a book, founded the Think Safe Cyber community on Facebook (over 13,000 members) and more.

Of course not everything is directly related to taking the CISSP, however, as a woman in a very masculine world, it was an official recognition in my professional knowledge, and for me, it made a huge difference and that was the trigger for everything that followed.

Seven years after becoming a CISSP you are the co-author of CISSP materials and a teacher. What are some of the major challenges you overcame in the process?

As someone who’s been teaching this content for seven years, being asked to co-author the CISSP was an amazing opportunity. When you have a few writers, it’s always challenging to try and use the same voice and Mike Willis the lead author did an amazing job at that.

For me the biggest challenge was to try and simplify the content so that it is approachable and easy to understand, without losing the deeper topics. The entire re-write team has vast experience in training and we restructured the content so it is easier to deliver, and hopefully students will feel the same.

How would you like to see CISSP certification evolve in the near future?

One of the challenges for anyone taking the CISSP is the amount of content, and the 2021 version is no different. However, I see great benefit in the “mile-wide, inch-deep” CISSP approach, that differentiate the exam from other certificates in the field.

I think that as professional leaders we are expected to have wide knowledge, and I would love to see additional real-life issues introduced to the CBK in the future, such as: real-life incident response, the human factor, upcoming technologies and managerial dilemmas.