Hi Everyone, I’m proud to share that I have provisionally passed the CISSP CAT exam today! It will definitely test your fitness, but it is all worth it. Huge respect to everyone here. For those who are still traveling, keep going; it will be worthwhile, and you will reach the end. Here's my personal strategy for exam prep. Note: This is still required reading: ISC2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle (Sybex Study Guide). Wave 1—Setup 1. Join https://www.skool.com/cybersecurity-study-group (obviously, you're here already 🙂). 2. Subscribe to https://cissp.app/ 3. Buy the book: https://leanpub.com/cissplastmile#about 4. Download and print out: https://destcert.com/cissp-mindmaps/ Wave 2—Study 1. Watch: https://www.youtube.com/watch?v=5BnhDVOnzmg 2. Watch: https://www.youtube.com/watch?v=gKe88tIeVYo 3. Watch in full: https://www.youtube.com/watch?v=aLIFzIBNM_8&list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD 4. Watch in full: https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu 5. Go through the mind maps daily. 6. Read the book. 7. Use cissp.app and practice a minimum of 25 questions each day (three-month prep period). a. Check the gap analysis summary every 100 questions at the latest and go read up on your weak areas. Wave 3—Last month 1. Watch https://www.youtube.com/watch?v=5BnhDVOnzmg 2. Watch https://www.youtube.com/watch?v=gKe88tIeVYo

A vendor claims their fraud detection model is "99% accurate" based on internal testing. Your company plans to deploy it to score $2B in annual transactions. What should the security team require BEFORE signing the contract? A. A SOC 2 Type II report covering the vendor's development environment B. Independent red team testing of the model against adversarial inputs C. A performance guarantee with financial penalties for accuracy below 99% D. Source code escrow in case the vendor goes out of business Come back for the answer tomorrow, or study more now!

A developer builds an internal AI chatbot that answers employee HR questions by querying the HRIS system. The chatbot uses a single service account with full read access to all employee records, including salaries and performance reviews. What should the security team require BEFORE production launch? A. Multi-factor authentication on the chatbot's user-facing login page B. Scoped service account permissions aligned with the chatbot's actual query needs C. Encryption of the chatbot's conversation logs at rest D. A privacy notice informing employees that the chatbot uses AI Come back for the answer tomorrow, or study more now!

Your SOC receives 8,000 alerts per day, and analysts are burning out. Leadership approves an AI correlation engine to triage alerts before they reach analysts. What should the SOC manager establish FIRST? A. Thresholds for how many alerts the AI can auto-close without human review B. A tuning schedule to retrain the model quarterly on new threat data C. A validation baseline comparing AI triage decisions against analyst decisions D. Dashboards showing analyst time saved by the AI correlation engine Come back for the answer tomorrow, or study more now!

A marketing team wants to fine-tune a public LLM using five years of customer support transcripts to improve chatbot responses. The transcripts contain names, email addresses, and billing details. What should the security manager require BEFORE the fine-tuning begins? A. A signed NDA with the LLM vendor covering all training data B. Data masking or tokenization of PII within the transcripts C. Customer consent emails authorizing the use of their conversations D. A data processing agreement executed with the cloud provider Come back for the answer tomorrow, or study more now!