After being in class for approximately 72 hrs in 6 days, I am a little burned out. The class was excellent. It really gave me an appreciation for security management. The CISSP certification is certainly designed for managers although industry and HR personnel don't seem to realize this. The more interesting parts were dealing with policy and cryptography. I really didn't know too much about cryptography before taking the class, but after a full day of it, I can say I have a good grasp on the subject. As for policy, I used to seriously dislike anything related to policy, especially, meetings that dealt with the semantics of policy. Looking at it from a managerial standpoint, it is crucial to the inner workings, efficiency and effectiveness of an IT organization. I look forward to actively participating in policy committees in the future.
I was able to attend several technical sessions during lunch and after class in the evenings. The majority of them were top-notch. I really enjoyed Joe Stewart's presentation on his tool TRUMAN for creating sandnets to accomplish behavioral malware analysis. Great presentation and I look forward to implementing this in the lab for our own testing. I also made contacts with numerous vendors regarding current work projects.
Overall, it was a fantastic, but exhausting experience. If Dr. Eric Cole had not been the instructor, I'm not sure I could have made it through. He is one of the best instructors I have had. Now, I need to continue studying and pass the CISSP exam in April.