Review: The CISSP Companion You Can’t Do Without

Title The CISSP Companion Handbook: A Collection of Tales, Experiences, and Straight Up Fabrications Fitted into the 10 CISSP Domains of Information Security
Author Javvad Malik
Publsiher Self-published e-book, available on Amazon
Price $1.29
Javvad Malik, master of all mediums?
Javvad Malik, master of all mediums?

Love it or hate it, the CISSP certification is arguably essential for anyone serious about a career in information security. Many heated debates have raged far and wide as to how good, bad or ugly it is, but the simple truth of the matter is that if your CV hits the average recruiter’s inbox without those five magic letters on it, then that's as far as it will go.

For most, the path to CISSP certification is a bootcamp-style course, a copy of the official CBK guide and/or many long nights in the company of Shon Harris, whose weighty tome is the go-to resource for anyone preparing for the marathon exam.

It's no criticism of the works of Shon Harris, Hord Tipton et al to call them weighty or dry; they have to be to convey the sheer amount of information they cover, but they are a daunting prospect for someone just getting into the world of information security. This is where Javvad Malik's new book The CISSP Companion Handbook: A Collection of Tales, Experiences and Straight Up Fabrications Fitted into the 10 CISSP Domains of Information Security comes in handy.

Malik is well known in the information security world for bringing the various concepts and issues discussed in lofty infosec circles down to earth with a bump. By combining a great sense of humor with multimedia presentations (including an excellent video blog, ably assisted by his young daughter ‘Girl Cynic’), Malik has a knack for explaining those concepts in entertaining and unexpected ways. This book is no different.

Opening with a comparison between authentication controls and nightclub bouncers, the reader is taken briskly through the basics (and some not-so-basics) of the 10 domains of the CISSP Core Body of Knowledge. Malik introduces us to the TCP/IP ‘rock band’, complete with FTP and SMTP ‘groupies’, deals with the ‘supermodel wives’ and ‘mixed up blood groups’ of the confidentiality / integrity / availability triad, and warns us of the ‘evil stepmother’ that is compliance.

Cryptography, possibly the most feared domain, is handled masterfully. Beginning with a fictitious email exchange that is both comedic and worryingly realistic, Malik illustrates the fundamental problem we have in information security: the fact that information security professionals often speak an entirely different language to the ‘normal’ people that run the businesses we work for. Without putting too many spoilers out there, it involves princes, princesses, witches and frogs in a fairytale story of asymmetric cryptography and public key infrastructure. Oh, and there's a hobbit in there somewhere too.

If, as with me, your CISSP exam is now a hazy memory, you'll find this book an easy and incredibly entertaining refresher. You'll be amazed how much you learned back then that returns to the front of your mind.

If you are teetering on the edge of whether or not you want to go down the path of studying for your CISSP, read this book before you reach for the more traditional texts. It will be the best $1.29 you've spent in a long time. You'll get a great overview of the subject matter in an easily digested format, you'll giggle at the analogies, and when you start on the big formal learning program, you'll remember them with a grin, making the whole process a lot more bearable.

This book was reviewed by Shan Lee, head of information security, Just Eat

What’s Hot on Infosecurity Magazine?