O'Reilly logo
live online training icon Live Online training

CISSP Exam Preparation: Deploying a Security Engineering Practice for the 8 Domains

Dean Bushmiller

CISSP is the gold standard of vendor neutral cybersecurity certification. Every job that touches a computer has a cybersecurity component. Every business owner must make informed decisions and choices in cybersecurity computing. If your organization is subject to PCI, GDPR, HIPAA, SOX, ISO 27001, or others, you need the CISSP to understand cybersecurity from a management viewpoint.

Many people think the CISSP exam is about technology and security; it is not. It is about managing the people with technology and security functions. It is about thinking the CISSP way; a unique skill.

Each one of the 8 CISSP domains represent an entire life’s work. You must build a system to prepare for the exam. Everyone tries to brute-force the exam, but most fail because it requires finesse, a CISSP management way of thinking, and a clear study plan. This course starts with one view across all domains and one practice.

This course is the third in a series of four courses on CISSP exam preparation. Each of the four courses explores the exam through a different lens, cultivating a skill that will improve your overall performance on the exam. Taking all four courses will cover 80% of the exam topics, and will enable you to complete the exam in only 100 questions.

  1. CISSP Exam Preparation: Building a Practice of Mapping Threats to Controls
  2. CISSP Exam Preparation: Practicing the CISO Skill Set Using Case-based Learning
  3. CISSP Exam Preparation: Deploying a Security Engineering Practice for the 8 Domains
  4. CISSP Exam Preparation: Applying Cybersecurity Best Practices in Every Domain

As a CISSP you must design solutions that include every step in the business process; this skill is systems security engineering.

Systems security engineering is a multidisciplinary approach in the engineering of trustworthy security systems. We will learn to find the business security flaws and failures of our organization's system development life cycle and project management.

What you'll learn-and how you can apply it

By the end of this live, hands-on, online course, you’ll understand:

  • Engineer and plan solutions to CISSP problems
  • Be able to process 15-20% of all cybersecurity business questions
  • Recognize what a CISSP exam question is asking
  • How to be a true security professional
  • How to manage your organization’s cybersecurity

And you’ll be able to:

  • Avoid cybersecurity technical brute-force traps
  • Build a plan for growing your managerial decision making process
  • Engineer trustworthy secure systems

This training course is for you because...

  • You need the CISSP
  • You need a plan to prepare for CISSP certification
  • You are moving from a security support role to a management position
  • You are a security designer, administrator, or engineer
  • You are maintaining your CPE/CEU’s for your profession


  • An understanding of (ISC)2‘s CISSP requirements of certification
  • As per CISSP exam requirements:
  • 4-6 years experience in information system security
  • 1-2 years experience in each domain of the CISSP

Recommended follow-up

Common misunderstandings

  • Anecdotal experience of 2-3 exam takers leads exam candidates down the wrong path
  • Many students with 10-20 years of cybersecurity experience fail the exam because they rely on experience.
  • Many people fail the exam and think that past experience with the exam will help them pass the next time.

About your instructor

  • Dean Bushmiller has been teaching the CISSP for 15 years. Dean Bushmiller knows the easiest ways for you to keep the CISSP way of thinking in your head. His life-time instructor approval rating is over 90%. He is a leader of cybersecurity subject matter experts. He has been teaching cybersecurity continuously online since 2007. He has over 1000 hours of recorded cybersecurity training.

    Dean has built CISSP mindmap workbooks since 2010 and hosts a free weekly discussion on cybersecurity topics PDIH Preventing-Deer-In-Headlights which can be found at ExpandingSecurity.com

    He has held the following certifications: CISSP, CFR, CVLP, CEH, ISSMP, CRISC, ISSAP, CCSK, CCSP, Exin Cloud, CHFI, CASP, GSEC, CCNA, MCSE 2K Charter, MCDBA, MCSA, MCP, MCT, CISM, PLCOP, PLA, PLCT, AWR-138-W, Cloud+, CEI, LPIC-1, Security+

    Outlets for his training include: SANS, FED-VTE, Software Engineering Institute - Carnegie Mellon University, (ISC)2, and Expanding Security.

    Though Dean is non-military, he has had the honor to train the U.S. military since 1999. In recognition for outstanding service in the Information Assurance field, he has received 8 mission coins.


The timeframes are only estimates and may vary according to how the class is progressing

Session 1 (240 minutes)

  • Presentation: Why you should listen to me (5m)
  • Exercise: Quick navigation of shared content on safari (5m)
  • Presentation: Systems Security Engineering life cycle process (10m)
  • This is a skill you must grow
  • Sit inside the project
  • Rules of participation
  • Roles of participation
  • Question & Answer (5m)
  • Pomodoro-break & prepare for next section (5m)
  • Presentation: Layers of traditional SDLC (10m)
  • Presentation: Layers of Security Engineering (15m)
  • Pomodoro-break & prepare for next section (5m)
  • Presentation: Organizational Project-Enabling Processes(OPEP) (30m)
  • Activites(15m)
  • Given a project - identify the OPEP
  • Pomodoro-break & prepare for next section (5m)
  • Presentation: Technical Management Processes (TMP) (35m)
  • Activites(15m)
  • Given a project - identify the TMP
  • Pomodoro-break & prepare for next section (5m)
  • Presentation: Technical Processes (TP) (30m)
  • Pomodoro-break & prepare for next section (5m)
  • Preparation for Next session (10m)
  • List of domains and subtopics
  • Q&A (5m)

Session 2 (240 minutes)

  • We execute some or all of the activities detailed in section labeled “Activities # 1” below a total of 8 times. Each time we are choosing a different domain or subtopic from the list determined by the students in the polling from Session 1.
  • Presentation: Review of first session (5m)
  • Presentation: Focus on TMP & TM (10m)
  • Activites(25m) 1 of 6
  • Given an organization and project
  • What layer(s) and processes(s)
  • What must change
  • How do we fix it?
  • Pomodoro-break & prepare for next section (5m)
  • Activites(25m) #2
  • Pomodoro-break & prepare for next section (5m)
  • Activites(25m) #3
  • Pomodoro-break & prepare for next section (5m)
  • Activites(25m) #4
  • Pomodoro-break & prepare for next section (10m)
  • Activites(25m) #5
  • Pomodoro-break & prepare for next section (5m)
  • Activites(25m) #6
  • Pomodoro-break & prepare for next section (5m)
  • Presentation (25m)
  • The Phoenix project - solution
  • Pomodoro-break & prepare for next section (5m)
  • Q&A (?m)