Does your role require an understanding of all aspects of the cybersecurity landscape? Hear from Lumify Work Cybersecurity Lead Jeremy Daly and Lumify Work Technical Instructor Louis Cremen discuss one of the most popular certification from ISC2, the Certified Information System Security Professional (CISSP).
CISSP training ensures that a certified professional understands all aspects of information security and, most critically, how the aspects of the information security environment they themselves work on will interact with the overall organisational ecosystem.
What's covered in the 5 days CISSP training?
According to Louis, it has moments of deep diving but the course primarily focuses on the different domains that a security expert needs to know so they can help manage the information security of an organisation. These include asset security, access management, software development security and more.
Given these, the course is best for senior security experts with at least 5 years' experience in cyber security and who are working on a more holistic view of security and how end users and different departments play a part in managing risks.
Accessible Cybersecurity Training
We aim to make it easy for you and your teams to access the best learning solutions. Enquire about our flexible delivery modalities via Lumify Anywhere. We offer cyber security training across our campuses in Australia in Sydney, Perth, Canberra, Adelaide, Brisbane, Melbourne, in BGC in the Philippines and in Christchurch, Auckland and Wellington in New Zealand.
You can get information on the cybersecurity training that we deliver - including CISSP - in partnership with the EC-Council, ISACA and CompTIA when you access our brochure. You can also reach out to our team to discuss your cybersecurity training requirements.
Video Transcipt on CISSP Training Fireside Chat
If you found the discussion between Jeremy and Louis interesting, you can use the transcript below as a reference.
Jeremy: Welcome to another fireside chat where I invite our cyber security technical instructors to join me about individual cyber security courses we offer through Lumify Work. Today we're going to be discussing ISC2 Certified Information Systems Security Professional or CISSP. And joining me today to discuss this once again is Louis Cremen. Louis, thanks for taking the time.
Louis: Good to be here!
Jeremy: So the the CISSP or CIS as we like to refer to it, it's a five day long exam
review course that you deliver for us. What's covered off over those five days? You know what are students in for?
Louis: They're in for a lot of information. So the five day class, this is what I like to sort of define as a course that is "a mile long and an inch deep," which is not great for our metric system but I think you get the idea. We cover a lot of different topics. So the different domains, they look at things like asset security, look at identity access management, look at software development security, look at security operations, assessment testing for security and also security architecture and engineering. As well as network security as well and communication security. So we go through a lot of different topics across the five-day course and it's, it has moments of deep dive but it's certainly looking at all the different types of domains that a security expert is expected to have some knowledge in, in order to help run and manage information security for an organisation.
Jeremy: Okay so you mentioned security expert and managing security for an
organisation. So this course then is pitched at that senior level, in terms of knowledge and expertise and I guess for those coming into it they're going to need that you know that high level of understanding and a technical background as well.
Louis: Yeah, so this course is really sort of targeted to people who have had at least five years experience inside of mesh security and are looking at, you're not just sort of, you know, focusing into a single sort of area of security like in networking or in something else. They're sort of you're looking at people who are trying to understand security holistically and how to you know utilise governance, look at how contracts integrate with you know HR. Yeah and also the controls that we use to manage risks uh in our organisation. You know the you know things around all the topics around risk management, integrating with risk management, framework -- stuff like that. This is a course that really takes everything and packages it into a five-day - the exact word you used was "exam review." It's really to help people prepare for that CISSP exam which everyone knows is quite notoriously uh difficult and challenging.
Jeremy: True. So the professionals that are sitting on this course. Sort of, who are you seeing or what kind of roles are you seeing?
Louis: Yeah one of the one of the good things I really like about running this class is that I'm getting experts from all different areas.
And people who want to go to that next step into, you know either they are currently running their information security program and they are looking for ways to formalise their knowledge get feedback from other people in the industry. And then this is the Australian market. And sort of understanding what everyone else is doing and also understanding what you know that ISC2 considers to be best practice in this area. So they can take that, take those lessons, take that knowledge and then apply that to their organisations. So that's one group - the group that are already experienced already in the field already doing what they want to do.
And then you've got the people who want to get into it. You know, that are you know looking to take some of their technical knowledge and then apply some of that management sort of viewpoint and sort of, they want to.
If people come to my class you know they are usually skilled in two three four maybe more domains But there's always some sort of domain that there's always like "Oh, I don't know much in that area." You know, "I don't know much about software development security, I don't know much about network security." You know, I get people on both sides. I get people that have, don't know the OSI model. I've got some people that say "I have never looked at asset management properly. So there's a whole bunch of different things and different people that come through. Both from the next perspective and people that are trying to become that expert perspective for their organisation, for themselves as well.
Jeremy: And so once someone sat this and passed the exam, looking at some of the other courses that we offer as well, what would be a good next step or a next course to to do after sitting the CISSP?
Louis: One of the things that I really like (I run a number of the subsequent classes here), I find that CISSP and CISM really go well together in terms of the courses that sort of complement each other because they both come at the same problem but from slightly different angles. So CISSP comes at the problem of implementing security and risk management across an organisation and it comes with it from a slightly more
technical, from a more sort of controlled perspective you know how it'd be more of a control expert as well as a risk advisor. Whereas CISM comes from a risk management perspective.
And we've got an entire video talking about you know the advantages of CISM in terms of some of the other classes. I know a lot of the students who just sit CISSP like to go do the cloud version. So the CCSP is the certified cloud course that comes from ISC2. So those are the two main ones. I think there's another one, Jeremy, that we do.
Jeremy: There is the new CISA course, Information Systems Auditor, yes, which probably =
complement some of the learnings from CISSP.
Jeremy: Excellent, Louis! That's all we've got time for. Thank you once again for
coming on and aiving us some pearls of wisdom about the CISSP. I always enjoy catching up with you and I look forward to talking again soon.
Louis: Thanks for having me.