Don't bother with the CISSP. Those are only concepts and learning about general security, not just of software but of administrative and physical barriers (such as height of fences and outside bushes) The CISSP is aimed more for professional IT managers who have years of experience.
Simple sniffing with wireshark is a good place to start. Open up wireshark, start "recording" and do things such as logging into facebook, or web browsing. When you're done capturing the logs, go back into the logs and you'll see some granular level detail of what operations are happening behind the scenes (even see where the username/passwords are transmitted)
Edited by lacrossewacker - 5/16/13 at 2:51pm