For anyone that has taken the CISSP do you feel that there is enough time to complete the exam or do you feel like you have to hustle to get though it?

Hardening depends on your threat model and needs of the client. Have the system do what it is supposed to do nothing more or less. I pretty much use this as a guide line depending on client needs.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/security_guide/red_hat_enterprise_linux-7-security_guide-en-us.pdf

The low hanging fruit will already be scooped up. You have to get creative with emphasis on it being pronounceable first and brevity second. I feel the biggest mistake that gets made is waiting for the perfect name and overlooking a good one.