Giovanni F. Mazzeo De Santolo

Today I passed the Certified Information Systems Security Professional (CISSP) ISC2 exam after 2 weeks of studying. One of my priority goals during this funemployment period was to become certified to help further cement my expertise in cybersecurity and I will share all of the resources I used in this post to help me get there this fast.

Preamble: I have 5 years professional experience working in Cybersecurity from Google, where I originally started as an IT Support lead before moving internally to become a Security Engineer.

Time commitment: I spent between 8 to 12 hours a day studying for this test over a period of 2 weeks (July 1 to July 14). I took 2 days off in between for a break on weekend days.

• Every day I completed between 50-110 questions, either via chapter domain quizzes or by using the free DestCert App on the iOS store.

Important items to consider

• Actual work experience in the field I felt to be invaluable for this exam. Many questions were related to items I had come across before in my Cybersecurity role.
• The breadth of the CISSP exam is huge and the official study guide I used to study is ~1900 pages long.
• CISSP exam is not only a technical domain test but heavily focuses on scenario based “think like a manager” style questions. Keywords like “BEST”, “LEAST”, “MOST” and “GOAL” often are indicators that your multi choice options are all likely valid answers but paying extra attention to what the question is really asking is critical for success.

My study resources and my personal rating on them:

• BOOK (9/10): ISC2 CISSP Certified Information Systems Security Professional Official Study Guide (Sybex Study Guide) 10th Edition
  • 1900 pages long, pretty dense.
  • My focus was reading each chapter summaries, at the end of each chapter there are between 100 to 150 questions specific to the security domain/chapter covered.
  • Each quiz I took I tracked on a spreadsheet with the answer I selected after skimming through chapters or watching video training content.
    • Any quiz question that I failed or got wrong, I took time to understand why I chose the wrong option on my first attempt and then I focused on understanding the correct answer from the answer key at the end of the book.
• FREE Youtube (10/10): Peter Zerger 8 hour CRAM of all CISSP domains and topics.
  • My first day studying I chose to watch close to 12 hours of video training to “set the stage” before taking the quiz questions from the study guide.
  • He focuses on the vast majority of things you need to know, but because of how condensed each domain is, some minor concepts and things I felt were missing from this… lucky for me another training course I took filled in some gaps (more below).
• FREE Youtube (10/10): 50 CISSP Practice Questions. Master the CISSP Mindset.
  • Watch this video the day before the exam to make sure your headspace on how to evaluate questions is in the right place. Remember, think like a manager based on how the question is propositioned.
• LinkedIn Learning video training and practice exams:
  • Mike Chapple (same guy who authored the study guide!) https://www.linkedin.com/learning/topics/certified-information-systems-security-professional-cissp
  • He covers some stuff I felt was missing from the CRAM videos; Chapple speaks slowly so I often played his videos at 1.25x or 1.50x speeds.
• FREE Crytography DestCert mini masterclass
  • This video does a great job at explaining crypto for the exam.
• FREE Youtube (10/10): Peter Zerger Cyber Attacks & countermeasures
  • Perfect dedicated video that covers all of the common attacks and the available countermeasures.
• (5/10) Cybrary CISSP Training by Kelly Handerhan 2024
  • I tried to use Cybrary as a complement resource prior to finding out my library gave me free access to LinkedIn learning courses, I did the first 2 domains videos and wasn’t personally impressed.

How I hacked my study plan?

1. I used AI / ChatGPT / Perplexity to help me understand certain topics or when I needed concepts explained to me in a different way or tone than the book or videos.
2. I practiced every day. Domain quizzes using DestCert app while on the treadmill or when sitting down at the computer I would do more questions from the study guide book which are different questions than the DestCert app btw.
3. I put a deadline to it and chose to go all-in (vs. studying for months). Pay the extra $200 to get “peace of mind” protection in case you may fail your first attempt, I passed on my first try but this exam is tough and things could have easily gone the other way had I not been studying this much.
4. The most important thing during the test: TAKE YOUR TIME, READ THE QUESTION AND ITS OPTIONS MULTIPLE TIMES before committing to any answer.

Good luck!

As I write this I realize the last post I made here was on April 30, 2023 which is over 2 years ago and being honest with myself I haven’t been the most active at keeping this site updated due to being busy with career/life and posting content elsewhere like Github.

As of July 2025 I now have some time to work on hobby things like this blog and self-improvement goals like obtaining the CISSP certification (Certified Information Systems Security Professional). Taking a break after 10 years at Google and looking forward to see what’s next on my career journey.

The following aggregators are useful at finding the current best deals for new domain registrations and transfers:

• https://www.domnest.com/
• https://www.domcomp.com/
• https://tld-list.com/

Resources to find cheap storage servers

• https://www.serverhunter.com/
• https://oneprovider.com/promotion

FriendlyElec has poor instructions in their wiki and after much trial and error I finally was able to recover and reset the onboard eMMC storage on my Nanopi R2C Plus.

Backstory: I used FriendlyElec eFlasher tool to flash a raw .img file to the onboard eMMC 8GB storage of my NanoPi. This led to an onbootable system. I had to use UART serial to view the errors and debug.

You will need a UART serial connection and putty installed. This quick how-to guide is intended to be ‘cliff notes’ on what I did to get my device back in working order; you will have to teach yourself or search how to use some of these processes.

Steps

1. Connect UART debug serial to the board.
2. Use putty or terminal to verify that device is unable to boot due to onboard eMMC image.
3. Prepare a microSD card for recovery (it will wipe all your data). Download rk3328-sd-friendlywrt-5.15-20220125.img and use balenaEtcher to prep the MicroSD.
4. Make sure the board is disconnected from power but you have the UART connected and putty running. Now short the “MASK” positive and negative connectors in the board with some cables; I used the GPIO connector nearby as short-circuit source since simply joining both MASK connectors together wasn’t doing anything.
5. While you are shorting the MASK and the board is powered off, then turn on board. It should short-circuit at boot and skip using eMMC for boot and use the SD card instead.
6. Once the image is booted, use SSH to connect to the OS and wipe out the

/dev/mmcblk2

There are a few tutorials out there for setting this up and while some worked, I found this one deep in a chinese github and its my preference for this kind of setup:

curl -fsSL git.io/wireguard-go.sh | sudo bash

To remove and re-add devices in a zpool, you will need to offline the disk, detach the disk, wipe the gpt partition then re-add it to pool as a new disk. This will re-silver the pool.

sgdisk -Z /dev/disk/by-id/ata-WDC_WD100EMAZ-

Steps.

1. zpool offline gdata wwn-0x5000cca273cf31b3
2. zpool detach …
3. sgdisk -Z …
4. zpool attach gdata (disk-still-in-mirror-here) (new-disk /dev/disk/by-id/ata-WDC_WD100EMAZ)

Tiny bootable .iso that downloads liveCD images for multiple OS like Debian.

Came across Revo Uninstaller which seems to be very useful tool to make sure that all files and registry keys are actually removed from windows when you uninstall a program.

https://www.revouninstaller.com/revo-uninstaller-free-download/