The start…. A lack of confidence with more experience than I thought I had.

In 2015 I had started working contract for United Airlines and an Infrastructure Project Engineer. I spent the majority of my role designing architecture for airports, aircraft, lounges and ecommerce websites for United. This was a fun gig as I got to work with a lot of great people who cared alot about the secure design of its infrastructure. While working on an IoT project I met with Boris Previn. Boris was a Principle Security Architect for UA. Boris and I had a good relationship and after some discussions about designing some segmented networks for the IoT project, Boris said I was very knowledgable about security. He had suggested I look into getting a security certification like the CISSP. This would help me get a better understanding of security and how it has applied to all the work I have done. I didn’t have a lot of confidence in “security” even though at the time, I didn’t realize that nearly every infrastructure project I worked on was a security project. I always had best practices in mind when it came to design and security was included. I spoke with my wife about it and decided to take the plunge.

In March of 2016 I decided to start investing in my future. I bought the official study guide for the CISSP, I also looked around for some classes that I could take to augment my studies. I found a CISSP 40 hour course that was in a couple of months. The course was about $4500, it would require me to miss work for a week. At the time this was a tough call since I was a contractor. If I missed work I didn’t get paid for it. So I decided to take the course.

CISSP book and class

I hammered the CISSP official study guide. I spent two to four hours a night reading, taking notes and reviewing questions. I finished the guide a few days before my class started. The class I took was hosted at Etec by Tom Nguyen. This was a 40 hour class, with a couple of pre-tests. I was pretty apprehensive coming into the class but Tom was very clear and knowledgable about the exam. Coming out of the class I was very confident, I had about one week of study time before the exam. I ran the gambit on all of my notes and reviewed the study guide.

Exam Day…

Monday morning, Exam Day…. I was no longer all that confident. I’d spent $4500 on a class, $120 on a couple of books, $600 for an exam and missed a week and a day of work. I got up, had breakfast, drank my coffee, and cleared my mind. I drove down to the exam site which was not far from home. I was really nervous. I had no idea if I’d pass or fail. I sat down for my exam, took a deep breath and started. I finished the exam in about an hour. I was surprised at how quickly I went through the questions and scenarios. When I hit that final submit button my upper lip was sweating and I felt naucious.

I PASSSED!

I got my results and I had passed the CISSP! I was so stoked. I knew this would be a turning point in my career and life. The hard part wasn’t over yet. I still needed to get my experience vetted by another security professional. I spoke with Tom at ETC who put me in touch with David Morgan. David was already a CISSP and was a Director of Security in Austin. I filled out my vetting paperwork and sent it to David for review. David vetted my experience, and contacted me with the good news. Once the paperwork was submitted I had to wait for the final approval from ISC2. This took about 3-4 weeks.

CISSP meant drinking from a firehose

I got confirmation in June from ISC2 that I was a CISSP. My confidence level soared and I was so happy to know that with the 15 years of IT experience I was now a security professional. The moment I updated my LinkedIn profile, I was hammered by recruiters looking to fill any and every kind of security role.

I can say that I am eternally grateful for Boris, Tom, David and my wife for supporting me on my journey to become a security professional. If it wasn’t for their support I might still be working IT roles I was never satisfied with.