CISSP Certification — 57-Day Accelerated Plan
Project Summary
57-day accelerated CISSP preparation leveraging 12+ years of network engineering and security experience. The student holds CCNP Security, CompTIA Security+, and operates production Cisco ISE (26K+ endpoints), HashiCorp Vault PKI, VyOS HA firewalls, Wazuh SIEM, and 802.1X EAP-TLS — direct experience mapping to 6 of 8 CISSP domains.
|
Exam Target: July 12, 2026 — 10 weeks from May 3. Required for CHLA performance review. 2 hours/day non-negotiable. |
Study Schedule (10 Weeks — Reset May 3)
| Week | Focus | Exam Weight | Dates | Strategy |
|---|---|---|---|---|
1 |
Domain 1: Security & Risk Management |
15% |
May 3-9 |
Heaviest weight, most new material. Risk formulas (ALE = ARO × SLE), governance frameworks, BCP/DRP, legal/regulatory. HIPAA from CHLA gives you a head start. 25 practice questions/day. |
2 |
Domain 8: Software Development Security |
11% |
May 10-16 |
Your weakest domain — get it out of the way early. SDLC models (waterfall, agile, spiral), OWASP Top 10, secure coding, change management. Map to your Python/netapi experience. |
3 |
Domain 3: Security Architecture & Engineering |
13% |
May 17-23 |
Security models (Bell-LaPadula, Biba, Clark-Wilson) — rote memorization. Crypto concepts. Map to Vault PKI, VyOS HA, k3s architecture. |
4 |
Domain 2: Asset Security + Domain 6: Security Assessment |
22% |
May 24-30 |
Domain 2: data classification, retention, privacy — vocabulary-heavy. Domain 6: formal pen test methodology, audit types — you do this, learn the CISSP names. |
5 |
Domain 4: Network + Domain 5: IAM (accelerated) |
26% |
May 31-Jun 6 |
Your strengths. CCNP + ISE 26K endpoints. Skim chapters, do practice questions only. Don’t waste time studying what you already know — validate and move on. |
6 |
Domain 7: Security Operations (accelerated) |
13% |
Jun 7-10 |
You live this daily — Wazuh, incident response, Borg backups. 3 days max. Skim + practice questions. |
7-8 |
Integration — cross-domain practice |
100% |
Jun 11-24 |
Full-length Boson practice exams. Target 80%+ consistently. Review wrong answers by domain. Identify weak spots. |
9 |
Weak domain intensive |
— |
Jun 25-Jul 1 |
Revisit domains where practice exam scores are below 75%. Flash cards for formulas and models. |
10 |
Final review + Exam |
100% |
Jul 2-12 |
Light review only. No new material. Exam cram book. Rest the day before. Schedule exam for July 11-12. |
Key Formulas (Memorize)
| Formula | Meaning |
|---|---|
ALE = ARO × SLE |
Annual Loss Expectancy = Annual Rate of Occurrence × Single Loss Expectancy |
SLE = AV × EF |
Single Loss Expectancy = Asset Value × Exposure Factor |
Risk = Threat × Vulnerability × Impact |
Qualitative risk formula |
MTBF |
Mean Time Between Failures — reliability metric |
MTTR |
Mean Time To Repair — availability metric |
RPO |
Recovery Point Objective — max acceptable data loss |
RTO |
Recovery Time Objective — max acceptable downtime |
Domain Status
| Study Order | # | Domain | Weight | Status | Notes |
|---|---|---|---|---|---|
Week 1 |
1 |
Security & Risk Management |
15% |
🟡 Starting |
Risk frameworks, legal, BCP/DRP, ethics — most new material |
Week 2 |
8 |
Software Development Security |
11% |
❌ Not started |
WEAKEST — SDLC, OWASP, secure coding — attack early |
Week 3 |
3 |
Security Architecture & Engineering |
13% |
❌ Not started |
Security models, crypto — rote memorization |
Week 4 |
2 |
Asset Security |
10% |
❌ Not started |
Data classification, retention, privacy |
Week 4 |
6 |
Security Assessment & Testing |
12% |
❌ Not started |
Audit, pen test methodology — learn the CISSP vocabulary |
Week 5 |
4 |
Communication & Network Security |
13% |
❌ Not started |
STRENGTH — CCNP, ISE, VyOS. Practice questions only. |
Week 5 |
5 |
Identity & Access Management |
13% |
❌ Not started |
STRENGTH — ISE 26K endpoints, AD, Vault. Practice questions only. |
Week 6 |
7 |
Security Operations |
13% |
❌ Not started |
STRENGTH — Wazuh, incident response, Borg. 3 days max. |
Daily Study Routine
| Block | Activity |
|---|---|
Morning (30 min) |
25 practice questions (Boson or Pocket Prep) — review wrong answers |
Evening (90 min) |
Read current domain chapter + take notes. Map every concept to your real infrastructure. |
Weekend (3 hrs) |
Full practice exam section. Review weak areas. Flash cards. |
Resources
| Resource | Purpose | Cost |
|---|---|---|
(ISC)² Official Study Guide (Sybex) |
Primary textbook — read cover to cover |
~$50 |
Boson Practice Exams |
Closest to real exam — 750 questions |
~$99 |
Destination Certification MindMap (YouTube) |
Free video series — Rob Witcher walks each domain visually |
Free |
ThorTeaches.com |
Concise domain summaries |
Free |
CISSP Exam Cram (Michael Gregg) |
Rapid review — last 2 weeks |
~$35 |
Pocket Prep CISSP (mobile app) |
Practice questions on the go — morning routine |
~$30 |
Assessment
The CISSP Mindset Shift
|
CISSP is NOT a technical certification. It tests managerial thinking. When answering questions, think like a CISO, not an engineer:
|
Experience Mapping (12+ Years → CISSP Domains)
| Domain | Your Real Experience | CISSP Mapping |
|---|---|---|
1: Security & Risk |
CHLA security operations, HIPAA environment, change management (domus CRs) |
Risk assessment, BCP/DRP, legal/regulatory, security governance |
2: Asset Security |
gopass/age/Vault secrets, data classification in ISE policies |
Data classification, retention, privacy, asset lifecycle |
3: Architecture |
Vault PKI (Root + Issuing CA), VyOS HA (VRRP), k3s with Cilium |
Crypto models, security models, HA design, defense in depth |
4: Network Security |
CCNP Enterprise + Security, VyOS firewall, ISE 802.1X, VLAN segmentation, BGP |
OSI model, network attacks, secure protocols, network devices — your strongest domain |
5: IAM |
ISE (26K endpoints), AD, FreeIPA, Keycloak OIDC/SAML, Vault SSH CA, dACL |
Access control models, identity federation, SSO, MFA — your strongest domain |
6: Assessment |
Wazuh SIEM, vulnerability scanning, audit logs, penetration test coordination |
Audit types, pen test methodology, vulnerability assessment, code review |
7: Operations |
CHLA SOC operations, Wazuh alerts, incident response, Borg backups, DR planning |
Incident response phases, forensics, SIEM, patch management, DR/BCP |
8: Software Dev |
Python CLI tools (netapi, dsec), basic SDLC exposure, domus-digitalis |
WEAKEST — SDLC models, OWASP Top 10, secure coding, testing types |
Risk Areas
-
Domain 1 (Risk Management) — You know security operations but formal risk frameworks (quantitative risk analysis formulas, governance frameworks) need study. This is 15% of the exam.
-
Domain 8 (Software Development) — Weakest domain. SDLC waterfall/agile models, OWASP Top 10, code review, change management in development. Only 11% but can’t ignore it.
-
Managerial mindset — Every technical instinct must be filtered through "what would a CISO recommend?" This is the #1 reason engineers fail CISSP.
-
Legal/Regulatory — GDPR, SOX, PCI-DSS, HIPAA (you know HIPAA from CHLA), computer crime laws, privacy regulations.
Study Strategy
| Principle | Implementation |
|---|---|
Map, don’t memorize |
Every concept maps to your real infrastructure. Vault = PKI hierarchy. ISE = access control models. VyOS = network security. |
2 hours/day minimum |
Non-negotiable. Morning or evening block, no exceptions for 57 days. |
Practice questions daily |
Start practice questions from Day 1, not just at the end. 25 questions per day minimum. |
Think managerial |
Before answering, ask: "What would a CISO do?" not "What would I configure?" |
Teach it |
Explain concepts to Claude Code. If you can teach it, you know it. |
Project Metadata
| Field | Value |
|---|---|
PRJ ID |
EDU-2026-04-cissp |
Author |
Evan Rosado |
Created |
2026-04-05 |
Updated |
2026-05-04 |
Status |
Active — Week 1 of 10 (Domain 1: Risk Management) |
Category |
Education / Certification |
Priority |
P0 — CRITICAL (performance review deadline) |
Exam |
CISSP (Certified Information Systems Security Professional) |
Exam Code |
ISC2 CISSP |
Exam Format |
CAT: 125-175 adaptive questions, 4 hours |
Passing Score |
700/1000 |
Cost |
~$749 exam + materials |
Deadline |
July 12, 2026 (10-week plan started May 3) |
Prerequisite |
5 years in 2+ domains (student has 12+ years across 6 domains) |
Primary Resource |
(ISC)2 Official Study Guide 9th Edition |
Supplementary |
Boson Practice Exams, Destination Certification MindMaps (YouTube) |
Related |