同時，我們也看到MITRE在將各種攻擊技術手法，有了子項目的細分方式。舉例來說，像是在Phishing（T1566）網釣攻擊手法之下，依據性質不同又可再區分為三種子項目，包含了Spearphishing Attachment（T1566.001）、Spearphishing Link（T1566.002），以及Spearphishing Via Service（T1566.003），而這樣具體的畫分，看起來是可以讓攻擊手法的資訊，能有更直觀的展現方式。
Today, 2020/7/16 is the day I provisionally passed the CISSP exam. I started Wentz’s CISSP Exam Prep course last June. He told me, “follow me and don’t give up! You definitely will pass the CISSP exam sooner or later.”
I followed my plan regularly, studied effectively, and used the tomato clock to control the pace of study. If I was exhausted someday, I would browse or pretend to study CISSP books for minutes to fool my brain and impress myself that I kept studying every day. We call it “taking the vitamin for the day.”
I have encountered difficulties in these two years, but Wentz has been encouraging me to keep moving towards my goal to succeed in the CISSP exam. I also met Sky, Ethen & Joy in the course. They enrich my journey in CISSP.
I followed Wentz’s QOTDs (CISSP Question Of The Day). These questions provoke thinking, and you can learn more detailed knowledge (practicing these questions is not to know the answer but to think about the intention of each option and the answer by different thinking logic).
Wentz’s book, The Effective CISSP: Security and Risk Management, is a good one to clarify concepts of risk management.
Finally, thanks to Wentz Wu for guiding me to CISSP. It is only the beginning to pass the CISSP exam and about time for me to plan for my professional career in cybersecurity.
For those who are preparing for the CISSP exam, I would say: “Failure is not terrible; the truly terrible is you stop moving.”