A student of mine asked me how to know what to read, there is so much out there. 

My reply: It is not rocket science… well sort of:

I will take the (ISC)2 courses as an example. The exam questions for (ISC)2 come from the CIB which is a crappy outline and a list of books they used as source materials. To make a question for the exam you must cite two sources on the CIB. You get the CIB from the (ISC)2 site. So all the answers are there, but it is about 22,000 pages.

  • No, you cannot steal my idea. 
  • No, there are no short-cuts.
  • Yes, I am vague on some points to protect my process.

Either YOU or the instructor needs to read the all the pages; find the gems and match them to the CIB books, which he must read. (Yes I did.) Then mix in better summary readings that come from the sources that the author cited. Finally, pick what works and then what is readable in the limited time of the course.

For example- all the BCP articles in the Information Security Management Handbook (ISMH) are not that good– one guy comes close- but he took all his stuff from Toigo and did not cite him. Toigo wrote the original material cited in the CIB. Toigo’s book is out of print. (If you read the two carefully you can see the concept matching for the exam.) Now you need to pick the correct reading that summarizes the 325 pages that Toigo wrote. (No it is not in ISMH- that is why I am writing about it here.) I found a clean, easy to read 120 pages that matches up to the CIB.  Then you need to validate the readings by looking at the failed score reports from students. So for X# of students only a few failed. Only Y# had BCP as their top three bad domains. (Yes, I have the statistics that I have collected over years)

You need to repeat this process for every reading, every domain, and every topic. Even when you love the work and the subject matter, it is a long and tedious process.

So it is like rocket science… which is about trial and error, collecting data, and process improvement.

Other training companies dump a +2000 page  book in the students lap and say, READ IT. Drinking from a fire-hydrant is not teaching or good courseware.

To be clear: This is not about bad jokes, what the instructor knows, how smart (s)he is, or if they can remember all the details. This is about:

  • Working with the students
  • Identifying what is reasonable for them to read
  • What will stick in the students’ head
  • Matching it all up to the exam

No, I am not perfect at this skill: Sometimes I pick something that I think  is great and everyone else thinks it sucks. I revise my reading list everytime I teach a topic in my online courses.

For those instructors who steal my students’ reading list; you still have a long way to go to be able to answer real questions. For those of you who think you can compete, BRING IT!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.