Hello, everyone😊

2025 is here, and I hope this year brings you closer to achieving your personal and professional dreams. I’m thrilled to share some good news: I’m now officially a Certified Information Systems Security Professional (CISSP).

The CISSP journey has been one of the most challenging experiences in my career. While preparing for it, I realized it would be useful to share tips and insights to help others navigate this path. If you’re an aspiring CISSP, I hope these tips make your journey more manageable.

1. Understand why you want to become CISSP

Reflect on your reason for pursuing CISSP, and let it anchor you throughout the process. For me, the CISSP was more than just a credential—it was a commitment to deepening my expertise in information security, enhancing my career prospects, and (hopefully) contributing to a safer digital world. This "why" will help you be motivated through long study sessions, tough practice questions, and moments of self-doubt.

2. Use the right resources

It's essential to select effective and trustworthy study materials. Here's what worked for me:

a. CISSP Official Study Guide & Practice Tests by Mike Chapple et al.

This comprehensive guide helped me systematically cover the eight CISSP domains. The practice tests were instrumental in identifying my weak areas and honing my exam strategy. 

b. Pete Zerger's CISSP YouTube Videos

Pete’s concise explanations and practical examples made complex topics easier to grasp. Don't forget to also watch the 2024 addendum video.

c. Sunflower CISSP Summary

This resource was a hero for quick revisions. It distills key concepts into a compact, digestible format suitable for last-minute reviews.

d. Resources to shape the right mindset

Preparing for CISSP is not just about mastering the content—it’s about developing the mindset of a security leader. These videos helped me align my thinking with the exam’s expectations:

a. Why you will pass the CISSP by Kelly Handerhan

b. How To Think Like A Manager for the CISSP Exam - Director's Cut by Prabh Nair

c. How to "Think like a Manager" for the CISSP Exam by Pete Zerger

These resources taught me to approach scenarios with a big-picture perspective and to consider the organization’s risk appetite, compliance requirements, and operational goals.

3. Build a solid foundation with work experience

The CISSP isn’t just a theoretical exam—it’s designed for practitioners. The questions often test your ability to apply security principles in real-world scenarios. If you’re new to the field, don’t worry. You can still take the exam and earn the Associate of ISC2 designation, working toward your required experience later. But real-life exposure to security operations, risk management, and so on will give you an edge.

4. Domain by domain

The CISSP exam covers eight domains, each requiring a mix of technical knowledge and strategic thinking. My approach:

a. Domain-by-domain study: I focused on one domain at a time, using the official study guide and videos to understand key concepts deeply.

b. Conceptual clarity: Instead of memorizing materials, I aimed to understand the philosophy behind every concept.

5. Practice like it’s the real exam

Practicing exam questions is non-negotiable. Here’s how I practiced:

a. Allocating time to practice questions: I dedicated days to solving practice questions from the CISSP Official Practice Tests and other online resources (one of my favorites: www.examtopics.com).

b. Full-length simulations: Attempting mock exams under timed conditions helped me build endurance and refine my pacing strategy.

c. Focus on weak areas: Each incorrect answer was a learning opportunity. I reviewed explanations thoroughly to strengthen weak areas.

6. Develop the CISSP mindset

To pass the CISSP, one must think like a security leader. This means:

a. Always use the business perspective—therefore security efforts should align with business objectives.

b. Think security with a holistic approach

c.  Help the business manager make decisions based on the risk.

d.  Considering long-term implications over short-term fixes.

e.  Human safety is always the first priority

f.   Always consider the cost vs benefit of every effort

g.   Guide our organization to behave ethically

h.  Compliance and ethics are important

7. Time management during the exam

The CISSP exam is adaptive, with 100–150 questions to answer in 3 hours. My strategies:

a.  1 Minute per question: Stay around this limit to avoid running out of time.

b.   Stay calm: Trust your preparation and yourself.

c.  Don’t give up too early: When I reached the 100th question during my CISSP exam, I started doubting myself—thinking I might not be cut out for it since others had passed after 100 or 130 questions. But it doesn’t end until it ends so keep doing your best.

8. Take care of your well-being

CISSP preparation is a marathon, not a sprint. Here’s how I stayed balanced:

a.  Rest: Sleep is crucial, especially before the exam.

b.  Exercise: Staying active kept my stress levels in check.

c.   Breaks: I took short breaks during study sessions to maintain focus.

9. Read the CISSP’s holders’ stories

One of the most underrated preparation strategies is reading the experiences and stories of CISSP holders. Their journeys provide invaluable insights beyond study materials, offering practical tips and lessons learned from real-world attempts.

10. Pray, trust, and persevere

For me, prayer was a source of strength and calmness. Whether you pray, meditate, or practice mindfulness, find something that grounds you and keeps you focused on the journey ahead.

Final Thoughts

The CISSP journey isn’t just about passing an exam—it’s about becoming a better information security professional. While the process can be demanding, the growth you experience makes it worthwhile.

If you’re currently preparing for the CISSP or considering it, I’m rooting for you! Feel free to reach out if you have questions or need encouragement. Let’s build a more secure digital world together.

Good luck, everyone 😊

Halo, semuanya 😊

2025 telah tiba dan saya berharap tahun ini membawa banyak kebaikan untuk teman-teman semua. Oh ya, saya ingin berbagi kabar baik: Saya telah resmi meraih Certified Information Systems Security Professional (CISSP).

Perjalanan menuju CISSP adalah salah satu pengalaman paling menantang dalam karier saya. Saat mempersiapkannya, saya menyadari bahwa akan bermanfaat jika bisa berbagi tips dan insights untuk membantu orang lain yang ingin mengikuti ujian ini. Jika teman-teman ingin mengikuti ujian CISSP, saya berharap tips ini dapat membantu:

1. Pahami mengapa ingin menjadi CISSP

Renungkan alasan mengejar sertifikasi CISSP, dan jadikan itu sebagai pegangan sepanjang perjalanan ini. Bagi saya, CISSP lebih dari sekadar gelar tetapi adalah komitmen untuk memperdalam keahlian dalam keamanan informasi, meningkatkan prospek karier, dan (semoga) berkontribusi pada dunia digital yang lebih aman. Alasan yang kita miliki itu akan membantu untuk tetap termotivasi saat menghadapi sesi belajar yang panjang, soal latihan yang sulit, dan momen-momen keraguan diri.

2. Gunakan referensi belajar yang tepat

Penting untuk memilih materi belajar yang efektif dan tepercaya. Berikut adalah referensi yang saya pakai:

a. CISSP Official Study Guide & Practice Tests oleh Mike Chapple et al.

Panduan komprehensif ini membantu saya mempelajari delapan domain CISSP secara sistematis. Latihan soalnya membantu untuk mengidentifikasi area di mana saya masih lemah dan mengasah strategi dalam menghadapi ujian.

b. Video CISSP oleh Pete Zerger

Penjelasan singkat dan contoh praktis dari Pete membuat topik yang kompleks lebih mudah dipahami. Jangan lupa tonton juga video addendum 2024.

c. Ringkasan CISSP Sunflower

Referensi ini sangat membantu untuk belajar di detik-detik terakhir. Sunflower merangkum konsep-konsep utama dalam format yang padat dan mudah dicerna, cocok untuk dibaca di hari terakhir sebelum ujian.

d. Referensi untuk membentuk pola pikir yang tepat

Persiapan CISSP bukan hanya tentang menguasai materi tetapi tentang juga pola pikir seorang pemimpin di dunia keamanan informasi. Video-video ini membantu saya menyelaraskan cara berpikir saya dengan cara pikir ala CISSP:

a. Why You Will Pass the CISSP oleh Kelly Handerhan

b. How To Think Like A Manager for the CISSP Exam - Director's Cut oleh Prabh Nair

c. How to "Think Like a Manager" for the CISSP Exam oleh Pete Zerger

Video-video ini ini mengajarkan saya untuk melihat kondisi dengan perspektif yang lebih besar dan mempertimbangkan selera risiko organisasi, persyaratan kepatuhan, dan tujuan operasional.

3. Bangun fondasi yang solid dengan pengalaman kerja

CISSP bukan hanya ujian teori—ia dirancang untuk para praktisi. Soal-soalnya sering menguji kemampuan kandidat untuk menerapkan prinsip-prinsip keamanan dalam skenario dunia nyata. Jika teman-teman baru di bidang ini, jangan khawatir. Teman-teman masih bisa mengikuti ujian dan meraih gelar Associate of ISC2, sembari bekerja untuk mendapatkan pengalaman yang diperlukan. Namun, pengalaman langsung dalam operasi keamanan, manajemen risiko, dan sebagainya akan memberi seorang kandidat keuntungan dalam mengerjakan soal.

4. Pelajari domain demi domain

Ujian CISSP mencakup delapan domain yang masing-masing membutuhkan gabungan antara pengetahuan teknis dan pemikiran strategis. Hal-hal yang saya lakukan:

a. Belajar domain demi domain: fokus pada satu domain pada satu waktu.

b. Kejelasan konseptual: Alih-alih menghafal materi, saya berusaha memahami filosofi di balik setiap konsep.

5. Latihan seperti ujian sesungguhnya

Berlatih soal ujian itu wajib. Cara saya berlatih adalah sebagai berikut:

a. Latihan soal secara dedicated: Saya mendedikasikan waktu untuk menyelesaikan soal latihan dari CISSP Official Practice Tests dan referensi daring lainnya (salah satu favorit saya: www.examtopics.com).

b. Simulasi penuh: Mencoba ujian simulasi dengan waktu yang terbatas membantu saya membangun daya tahan dan strategi mengelola waktu.

c. Fokus pada area lemah: Setiap jawaban yang salah adalah kesempatan untuk belajar. Saya meninjau penjelasan dengan teliti untuk memperkuat area di mana saya masih lemah.

6. Kembangkan pola pikir CISSP

Untuk lulus CISSP, seorang kandidat harus berpikir seperti seorang manajer keamanan informasi. Beberapa pola pikir tersebut adalah:

a. Selalu gunakan perspektif bisnis—karena itu, upaya keamanan harus disesuaikan dengan tujuan bisnis.

b. Pikirkan keamanan dengan pendekatan holistik.

c. Bantu manajer bisnis untuk membuat keputusan berdasarkan risiko.

d. Pertimbangkan implikasi jangka panjang daripada solusi jangka pendek.

e. Keamanan manusia selalu menjadi prioritas utama.

f. Selalu pertimbangkan biaya vs manfaat dari setiap upaya keamanan informasi.

g. Pimpin organisasi kita untuk berperilaku secara etis.

h. Kepatuhan dan etika itu penting.

7. Manajemen waktu selama ujian

Ujian CISSP bersifat adaptif, dengan 100-150 soal yang harus dijawab dalam waktu 3 jam. Strategi saya:

a. 1 menit per soal: Usahakan mengerjakan dalam sekitar 1 menit untuk menghindari kehabisan waktu.
b. Tetap tenang: Percaya pada persiapan yang sudah dilakukan dan kemampuan diri sendiri.
c. Jangan menyerah terlalu cepat: Ketika mencapai soal ke-100 ujian CISSP, saya mulai meragukan diri—berpikir saya mungkin tidak akan lulus karena orang lain lulus setelah 100 atau 130 soal. Namun, ujian belum selesai sampai benar-benar selesai, jadi teruskan usaha terbaik kita.

8. Jaga Kesehatan

Persiapan CISSP adalah maraton, bukan sprint. Begini cara saya menjaga kesehatan:

a. Istirahat: Tidur sangat penting, terutama sebelum ujian.
b. Olahraga: Tetap aktif membantu saya mengendalikan tingkat stres saya.
c. Istirahat sejenak: Saya mengambil istirahat singkat di antara sesi belajar untuk menjaga fokus.

9. Baca cerita orang-orang yang sudah lulus CISSP

Salah satu strategi persiapan yang sering terabaikan adalah membaca pengalaman dan cerita pemegang CISSP. Perjalanan mereka memberikan insight di luar materi belajar disertai tips praktikal dan pelajaran yang didapat dari dunia nyata.

10. Berdoa dan percayalah

Bagi saya, berdoa adalah sumber kekuatan dan ketenangan. Bisa dengan berdoa, meditasi, atau berlatih mindfulness, temukan sesuatu yang dapat menenangkan diri dan menjaga fokus pada perjalanan yang ada di depan.

Catatan akhir

Perjalanan CISSP bukan hanya tentang lulus ujian—ini tentang menjadi profesional keamanan informasi yang lebih baik. Meskipun proses ini sangat menantang, pertumbuhan yang didapatkan membuatnya pantas untuk diperjuangkan.

Jika teman-teman sedang mempersiapkan CISSP atau mempertimbangkannya, I'm rooting for you. Jangan ragu untuk menghubungi jika teman-teman memiliki pertanyaan atau membutuhkan dukungan. Mari bersama kita bangun dunia digital yang lebih aman.

Semoga berhasil, teman-teman 😊

"Adults feel pain too. It’s just that adults keep it bottled up." – Reply 1988

Just like Dukseon in the Reply 1988, who looked back on her youth through the said K-drama, I would love to be able to look back at my 2024 via this post. Coincidentally, both years shared a connection to the Olympics—Seoul in 1988 and Paris in 2024—and both carried the bittersweet weight of their narrators' journeys. In the future, I hope I can recall my 2024 memories—here in my Reply 2024:

2024 was a paradoxical year. On the surface, it was filled with achievements I had worked tirelessly for: becoming an IT audit team leader, managing Auditoria magazine, leading the MoF-Cyber Guardians public relations efforts, earning a place on the Dean’s List, serving as a governor for IIA Indonesia, building a stable presence on social media, and passing the CISSP exam— a dream that had lingered for years. Each milestone stretched me, forced me to grow, and uncovered parts of myself I hadn’t known before. Alhamdulillah.

But beneath it all, this year became one of the hardest chapters of my life. 2024 mercilessly tested me—physically, mentally, and emotionally. This particular year, my life seemed like a constant downhill journey and there wasn’t a way back. I battled two illnesses that left me questioning whether I should just lock myself in my room and give up on everything. There were days when I felt completely defeated—wondering if I even deserved happiness. There were nights when I lay awake, questioning everything—especially whether life was worth the pain and sorrow. 

If Reply 1988 captured a world that moved slowly, 2024 was its opposite—everything moved too fast. Space exploration, AI advancements, the Olympics, the elections in both the U.S. and Indonesia, and so on all seemed to unfold at a deafening pace. Yet, I felt like a quiet insignificant bystander, standing in a corner with an unsettled heart. If this story has a soundtrack, please lend me “Don’t Worry, Dear” from Reply 1988. Its warm consolation—"그대여 아무 걱정 하지 말아요 (My dear, don’t you worry about a thing)"—felt like the embrace I desperately needed.

Amidst the chaos, I found solace in ordinary moments. It wasn’t the achievements that kept me going; it was the small, quiet acts of kindness and connection. Family members who constantly prayed for me. That’s a nod to Reply 1988’s quote: “In the end, what helps you overcome obstacles isn’t brains, but someone who will take your hand and never let you go. In the end, that’s family”. Friends who offered comforting words and companionship on difficult days. The simple joy of noticing anything better as you are slowing down.  Ultimately, the tranquility from having full reliance on My Lord. These seemingly "small" moments became my lifeline, teaching me that even in the darkest times, beauty can be found in the simplest things.

And then, there was the “husband-guessing game” that Reply 1988 so cleverly played in the story. For me, the mystery remains unresolved and the search continues. But I’ve come to realize it’s okay not to have all the answers right now. It’s okay to sit with uncertainty and trust that the answers will come in their own time. Maybe, one day, when I look back, I’ll understand why I felt so lost this year. Until then, I’m learning to find peace in the waiting and trust that some mysteries are worth the journey.

In the end, 2024 reminded me of a truth that’s both humbling and freeing: I am just an ordinary woman living in a corner of the world. Like Deok-sun, I’m curious about the future yet burdened by worries about what lies ahead. But I’m learning to embrace the present moment, to find meaning in the here and now, and to trust that the pieces will eventually fall into place. Maybe one day I’ll write a "Reply 202X" where all the pieces make sense and everything I’ve been through will reveal its purpose. But for now, I’ll keep writing, keep hoping, and keep cherishing the beauty of this unfinished journey.

A belated farewell to 2024. You were the year I wiped away the most tears. The year I hugged and encouraged myself the most. The year Allah taught me that even if (hypothetically) I don't have anyone to rely on, I always have Him by my side. Thank you for reminding me of both my vulnerabilities and my resilience.

내년에는 더 행복하고 건강해지자.

Let’s be happier and healthier next year.

----------------

Borrowing Zion.T's lyrics from Yanghwa BRDG:

"행복하자 행복하자 (Let's be happy, let's be happy)

아프지 말고 아프지 말고 (Let's not get sick, let's not get sick)"

------------------

image source: Lisa Maria via pinterest

"Get up, perform a night prayer. Don’t feel tired in praying, Nduk*," my mom texted me one quiet early morning. Her reminders were almost daily, but something about that day's message cut deeper. It was as if she knew I was silently drowning, struggling to find the surface. It was as if she could sense her daughter had reached the lowest point in her life and began to question everything.

I placed the phone down, and almost immediately, tears welled up. At first, they fell slowly, but soon I found myself sobbing. These past months had been restless; I’d wake up feeling drained and powerless about my life. I could feel my heart growing numb, my hope fading with each trial and “unanswered” prayer. I was walking through a seemingly endless, dark tunnel with no light in sight and no hope of an end. 

After years of pleading, I had begun to surrender to the idea that maybe, just maybe, there was nothing left to expect. What happened next was I witnessed myself grow tired: of asking, of hoping, of waiting. Actually, I wasn’t tired of praying itself, but of the weight of the expectation that came with it. Lately, hope felt like a burden I wasn’t strong enough to carry anymore.

As I finished my prayer that morning, my mind drifted back to a younger version of myself—a girl who prayed with her whole heart, who poured out her soul in every sujud. I vividly remember that young girl who saw the world through the eyes of faith, wonder, and belief. She was an optimistic person who believed Allah was listening to every word. 

But that girl had slowly faded, worn down by the years of knocking on doors that never opened. I noticed that my prayers had grown quieter, more cautious, more guarded, and more restrained. I still prayed, but it felt like I was holding on to a thin thread, afraid it might snap at any moment. I was still asking, but the belief in the magic—the certainty that Allah would answer the way I asked, had gradually diminished. I began to limit my prayers and wishes only to the "realistic" and "achievable" ones.  And that thought—that I had lost the part of me that believed so deeply in Allah’s mercy and love—broke something inside me.

And what hurt even more was the harsh truth: I had become ungrateful. My life, compared to many, wasn’t so bad, yet I felt so broken by it. My trials weren't even the hardest among what people in this world face. Yet my heart complained while I was still living relatively well. 

I should have known that perhaps the things I had begged for so desperately weren’t what I truly needed. Perhaps, in His infinite wisdom, Allah was protecting me from unseen pain, guiding me toward a future I couldn’t yet understand. I should have trusted that He knows what’s best, even when the weight of the world felt unbearable. I also came to realize that not every trial will make sense. Sometimes, the tests Allah gives me seem too heavy, too confusing, too much to bear. But the struggles, the waiting, the heartbreak—they weren't abandonment.

So I cried uncontrollably because I felt so ashamed in front of my Lord. I regretted that I had been begging for my life to turn out the way I hoped. I felt sorry that I had been demanding—for my life to be okay all the time. I regretted that I didn’t have enough patience to fully trust in His decree.

Forgive me for being such a bad human, Ya Allah. Forgive me for being so consumed by my pain that I failed to see Your mercy. Forgive me for the moments when I questioned Your plan with sighs of frustration and tears of despair.  I had let my impatience cloud my faith, and let my doubts weaken my belief. I had spent so much time focusing on what wasn’t going right, on what I didn’t have, that I had forgotten to be grateful for all the countless blessings I did have. 

Forgive me for being weak, for being an awful servant. I am only human, and I will fall short again and again, but I am learning. I am learning to trust and have patience. 

Thank You for never giving up on me, even when I had almost given up on myself. Thank You for still allowing this ungrateful soul to mend her relationship with You—the most important relationship a human can have. Please keep on holding my hand, My Lord. Don't let this poor soul go astray. 

And slowly, I began to notice small wonders finding their way back into my life. I'm humbled.

---------

The title is taken from Ad-Duhaa verse 7: "And He found you lost and guided you"

*'Nduk' is a Javanese term of endearment, meaning 'my daughter.'.

---------

image credit: SERHAT TUĞ via pexels.com