CISSP Certification — 57-Day Accelerated Plan

Project Summary

57-day accelerated CISSP preparation leveraging 12+ years of network engineering and security experience. The student holds CCNP Security, CompTIA Security+, and operates production Cisco ISE (26K+ endpoints), HashiCorp Vault PKI, VyOS HA firewalls, Wazuh SIEM, and 802.1X EAP-TLS — direct experience mapping to 6 of 8 CISSP domains.

Deadline: June 1, 2026 — Required for CHLA performance review. NOT optional.

Study Schedule (57 Days)

Week	Domains	Exam Weight	Dates	Strategy
1-2	Domain 1: Security & Risk Management + Domain 2: Asset Security	25%	Apr 5-18	Hardest first. Risk frameworks, legal/regulatory (HIPAA directly applies). New territory: BCP/DRP formal models.
3-4	Domain 3: Security Architecture + Domain 4: Network Security	26%	Apr 19-May 2	Domain 4 is your strength (CCNP, VyOS, ISE). Accelerate through. Domain 3: crypto models, security models (Bell-LaPadula, Biba, Clark-Wilson).
5-6	Domain 5: IAM + Domain 6: Security Assessment	25%	May 3-16	Domain 5 is your strength (ISE, AD, FreeIPA, Keycloak, Vault). Domain 6: formal testing, audit, pen test methodology.
7	Domain 7: Security Operations + Domain 8: Software Development Security	24%	May 17-23	Domain 7 maps to your SIEM/incident experience. Domain 8 is your weakest — SDLC, OWASP, code review.
8	Integration + Practice Exams + Exam	100%	May 24-June 1	Cross-domain practice. Boson exams. Target 80%+ consistently. Schedule exam for May 30-31.

Domain Status

#	Domain	Weight	Status	Notes
1	Security & Risk Management	15%	❌ Not started	Risk frameworks, legal, BCP/DRP, ethics
2	Asset Security	10%	❌ Not started	Data classification, retention, privacy
3	Security Architecture & Engineering	13%	❌ Not started	Crypto, security models, site planning
4	Communication & Network Security	13%	❌ Not started	STRENGTH — CCNP, ISE, VyOS, 802.1X
5	Identity & Access Management	13%	❌ Not started	STRENGTH — ISE, AD, FreeIPA, Keycloak, Vault
6	Security Assessment & Testing	12%	❌ Not started	Audit, pen test, vulnerability scanning
7	Security Operations	13%	❌ Not started	Incident response, SIEM, forensics, DR
8	Software Development Security	11%	❌ Not started	WEAKEST — SDLC, OWASP, secure coding

Assessment

The CISSP Mindset Shift

CISSP is NOT a technical certification. It tests managerial thinking.

When answering questions, think like a CISO, not an engineer:

Safety of human life comes FIRST
Risk management over technical solutions
Due diligence and due care
Business continuity over perfection
Compliance and governance frameworks
When in doubt, choose the MOST COMPLETE answer

Experience Mapping (12+ Years → CISSP Domains)

Domain	Your Real Experience	CISSP Mapping
1: Security & Risk	CHLA security operations, HIPAA environment, change management (domus CRs)	Risk assessment, BCP/DRP, legal/regulatory, security governance
2: Asset Security	gopass/age/Vault secrets, data classification in ISE policies	Data classification, retention, privacy, asset lifecycle
3: Architecture	Vault PKI (Root + Issuing CA), VyOS HA (VRRP), k3s with Cilium	Crypto models, security models, HA design, defense in depth
4: Network Security	CCNP Enterprise + Security, VyOS firewall, ISE 802.1X, VLAN segmentation, BGP	OSI model, network attacks, secure protocols, network devices — your strongest domain
5: IAM	ISE (26K endpoints), AD, FreeIPA, Keycloak OIDC/SAML, Vault SSH CA, dACL	Access control models, identity federation, SSO, MFA — your strongest domain
6: Assessment	Wazuh SIEM, vulnerability scanning, audit logs, penetration test coordination	Audit types, pen test methodology, vulnerability assessment, code review
7: Operations	CHLA SOC operations, Wazuh alerts, incident response, Borg backups, DR planning	Incident response phases, forensics, SIEM, patch management, DR/BCP
8: Software Dev	Python CLI tools (netapi, dsec), basic SDLC exposure, domus-digitalis	WEAKEST — SDLC models, OWASP Top 10, secure coding, testing types

Domain

Your Real Experience

CISSP Mapping

1: Security & Risk

CHLA security operations, HIPAA environment, change management (domus CRs)

Risk assessment, BCP/DRP, legal/regulatory, security governance

2: Asset Security

gopass/age/Vault secrets, data classification in ISE policies

Data classification, retention, privacy, asset lifecycle

3: Architecture

Vault PKI (Root + Issuing CA), VyOS HA (VRRP), k3s with Cilium

Crypto models, security models, HA design, defense in depth

4: Network Security

CCNP Enterprise + Security, VyOS firewall, ISE 802.1X, VLAN segmentation, BGP

OSI model, network attacks, secure protocols, network devices — your strongest domain

5: IAM

ISE (26K endpoints), AD, FreeIPA, Keycloak OIDC/SAML, Vault SSH CA, dACL

Access control models, identity federation, SSO, MFA — your strongest domain

6: Assessment

Wazuh SIEM, vulnerability scanning, audit logs, penetration test coordination

Audit types, pen test methodology, vulnerability assessment, code review

7: Operations

CHLA SOC operations, Wazuh alerts, incident response, Borg backups, DR planning

Incident response phases, forensics, SIEM, patch management, DR/BCP

8: Software Dev

Python CLI tools (netapi, dsec), basic SDLC exposure, domus-digitalis

WEAKEST — SDLC models, OWASP Top 10, secure coding, testing types

Risk Areas

Domain 1 (Risk Management) — You know security operations but formal risk frameworks (quantitative risk analysis formulas, governance frameworks) need study. This is 15% of the exam.
Domain 8 (Software Development) — Weakest domain. SDLC waterfall/agile models, OWASP Top 10, code review, change management in development. Only 11% but can’t ignore it.
Managerial mindset — Every technical instinct must be filtered through "what would a CISO recommend?" This is the #1 reason engineers fail CISSP.
Legal/Regulatory — GDPR, SOX, PCI-DSS, HIPAA (you know HIPAA from CHLA), computer crime laws, privacy regulations.

Study Strategy

Principle	Implementation
Map, don’t memorize	Every concept maps to your real infrastructure. Vault = PKI hierarchy. ISE = access control models. VyOS = network security.
2 hours/day minimum	Non-negotiable. Morning or evening block, no exceptions for 57 days.
Practice questions daily	Start practice questions from Day 1, not just at the end. 25 questions per day minimum.
Think managerial	Before answering, ask: "What would a CISO do?" not "What would I configure?"
Teach it	Explain concepts to Claude Code. If you can teach it, you know it.

Principle

Implementation

Map, don’t memorize

Every concept maps to your real infrastructure. Vault = PKI hierarchy. ISE = access control models. VyOS = network security.

2 hours/day minimum

Non-negotiable. Morning or evening block, no exceptions for 57 days.

Practice questions daily

Start practice questions from Day 1, not just at the end. 25 questions per day minimum.

Think managerial

Before answering, ask: "What would a CISO do?" not "What would I configure?"

Teach it

Explain concepts to Claude Code. If you can teach it, you know it.

Project Metadata

Field	Value
PRJ ID	EDU-2026-04-cissp
Author	Evan Rosado
Created	2026-04-05
Updated	2026-04-05
Status	Active — Phase 0 in progress
Category	Education / Certification
Priority	P0 — CRITICAL (performance review deadline)
Exam	CISSP (Certified Information Systems Security Professional)
Exam Code	ISC2 CISSP
Exam Format	CAT: 125-175 adaptive questions, 4 hours
Passing Score	700/1000
Cost	~$749 exam + materials
Deadline	June 1, 2026 (57 days from April 5)
Prerequisite	5 years in 2+ domains (student has 12+ years across 6 domains)
Primary Resource	(ISC)2 Official Study Guide 9th Edition
Supplementary	Boson Practice Exams, Destination Certification MindMaps (YouTube)
Related	CISSP Objective, 12-Week Study Plan

Field

Value

PRJ ID

EDU-2026-04-cissp

Author

Evan Rosado

Created

2026-04-05

Updated

2026-04-05

Status

Active — Phase 0 in progress