Kevin Henry: Teaching CISSP, CISM, CISA, CCSP and CSSLP

Group classes

A certification classroom is a practical forum where experienced security professionals return to structured study alongside peers from audit, cloud operations, software delivery and security management. Its value comes from the varied perspectives in the room, as each participant brings a different view of risk, control and decision-making.

Kevin Henry is a senior instructor with Readynez who teaches advanced information security and audit certifications, including CISSP, CSSLP, CISM, CISA and CCSP. The original profile describes him as an authorised instructor for (ISC)2 and highlights his long contribution to security certification training; the more useful story for learners is how that experience tends to show up in class.

A teaching style built around judgement, not memorisation

Advanced security exams rarely reward simple recall on its own. CISSP candidates may know a definition and still lose marks because they answer from the perspective of a technician rather than a risk owner. CISM candidates may understand governance terms but struggle to decide which action should happen first. CISA candidates can identify a control but miss whether the evidence is sufficient.

Kevin’s teaching approach is best understood through that gap between knowledge and judgement. A class on risk management, for example, is more useful when learners have to explain why one response is more appropriate than another, what evidence supports that response and which stakeholder would own the decision. That kind of discussion helps learners move from recognising terminology to applying it under exam pressure and at work.

The original profile includes a reflection from Kevin about learners over the age of sixty who continued to invest in training rather than accepting the status quo. That observation matters because many experienced professionals underestimate how much they already bring to the classroom. Their challenge is often not lack of experience; it is translating years of practical judgement into the language, domains and decision style used by certification exams.

Choosing between CISSP, CISM, CISA, CCSP and CSSLP

The certifications Kevin teaches are often mentioned together, but they serve different professional goals. CISSP is broad and suits professionals who need to connect security leadership, architecture, operations and risk. CISM is more focused on governance, risk ownership and security management. CISA is built around audit, assurance, controls and evidence. CCSP suits professionals working with cloud security architecture and operations, while CSSLP is aimed at software professionals who need to embed security into the development lifecycle.

A practical way to choose is to start with three inputs: the role held now, the role targeted over the next 12 to 18 months and the amount of time realistically available for preparation. A security engineer moving toward architecture may find CISSP or CCSP more relevant. An audit or compliance professional may get more immediate value from CISA. A security manager responsible for risk registers, governance reporting and programme direction may be better aligned with CISM. A developer, application security specialist or product security lead may find CSSLP more directly connected to daily work.

These differences matter because the exams reward different habits of thought. CISSP often requires broad reading speed and the ability to select the most business-appropriate answer. CISM regularly tests sequencing and governance judgement. CISA demands careful evaluation of evidence and control effectiveness. CCSP requires a clear grasp of shared responsibility in cloud environments. CSSLP expects learners to understand how security fits across requirements, design, development, testing and maintenance.

What learners can expect in class

A strong certification class should not feel like a slide deck being read aloud. For these exams, useful classroom time is spent turning domain content into decisions: interpreting scenarios, comparing plausible answers and identifying the assumptions hidden in a question. That is especially important for learners who have deep operational experience but are new to the exam’s style.

In practice, this means learners should expect discussion, domain mapping and repeated exposure to scenario-based questions. Whiteboard threat modelling can make CSSLP topics more concrete. Risk register discussions can clarify CISM concepts. Audit evidence exercises can strengthen CISA thinking. Cloud responsibility scenarios can help CCSP candidates separate provider obligations from customer obligations. Timed drills are also useful, especially for learners who understand the content but read too slowly under pressure.

Retention improves when learners keep a question journal rather than simply counting correct answers. The journal should capture why an answer was wrong, which domain it belonged to and what clue in the question pointed to the better option. Over time, patterns become visible: rushing, choosing the most technical answer, ignoring governance context or missing words such as first, best, most or least.

How to prepare before training

Preparation does not need to mean completing an entire textbook before class. A better starting point is to review the exam outline, note unfamiliar domains and collect examples from current work that relate to those domains. A learner preparing for CISA might bring examples of audit findings or control testing. Someone preparing for CCSP might map recent cloud projects to shared responsibility questions. A CSSLP candidate might review where security requirements enter the development process.

Spacing study usually works better than compressing everything into a few long evenings. Learners tend to retain more when they review material in short sessions before class, engage actively during class and then revisit weak domains afterwards. The instructor-led component should be treated as the point where difficult concepts are clarified and exam judgement is sharpened, not as the only study activity.

Realistic timelines vary by background and certification. A professional already working across security architecture may prepare for CISSP differently from someone moving in from infrastructure or audit. CISM and CISA candidates often need time to adjust to governance and assurance wording, even when they know the workplace processes. CCSP and CSSLP candidates may need extra time if cloud architecture or secure development is adjacent to, rather than central to, their current role.

Learner feedback and how to read it

The source profile includes learner comments such as “Fantastic teaching and coaching”, “Most Excellent educator” and a longer note describing Kevin’s knowledge and classroom manner. Feedback like this is useful as a signal of teaching style, but it should be read alongside more practical questions: whether the course matches the certification objective, whether the instructor teaches the current exam, and whether the format supports discussion rather than passive attendance.

Training decision-makers should also validate claims carefully. Authorised instructor status, current certification coverage and course availability can change over time, so the most reliable source is the current course provider or the relevant certification body. Testimonials can indicate learner satisfaction, but they should not replace a review of syllabus fit, prerequisites and the level of preparation expected before class.

Turning certification study into workplace value

The strongest outcome from certification training is not simply passing an exam. It is the ability to return to work and make clearer decisions: documenting risk ownership, asking better audit questions, designing cloud controls with shared responsibility in mind or improving security input into software delivery. That practical transfer is where experienced learners often gain the most value.

Kevin Henry’s classes at Readynez are relevant for professionals who want that combination of certification preparation and applied security discussion. To explore current availability without relying on outdated dates inside an article, use the current class booking link and confirm the certification, format and prerequisites before committing to a date.

Two people monitoring systems for security breaches

Unlimited Security Training

Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Access to 50+ seasoned instructors
  • Trained 50,000+ IT Pro's

Basket

{{item.CourseTitle}}

Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}