If official books, official prep questions, and boot camps are no good, what options do I have? I failed on my first attempt and continue to use what resources are available. However, I still feel lost as to how I can prepare for the test. I am in search of good advice.
My advice for anyone is rather than trying to study a particular domain, experience it. I think that is the key to the CISSP - it's not supposed to be a test-prep type of test (sure, a cottage industry has popped up to sell you just that). It is supposed to measure experience. If you have never done a business impact analysis, for example, you can study the definition of one, but until you have actually gone through the process of evaluating dozens of scenarios and their impact on an inventory or service, you'll probably not have the ability to know-out an exam question. Whatever domain you are weak in, try to get some experience (work, volunteer, etc.) in that area.
Thanks for the advice. If you read my original post, though, I actually already said I had a CompTIA Security +. I also said in later posts that I retook the exam and passed. I also gave some quick tips on how to actually pass. I also stated that the exam had to be taken, failed, and then evaluated. I mentioned failing the exam once as being part of the exam process; only because there is no material that exists that prepares you for this test; at least that I know of. It is a bit of an underhanded exam, that opinion of it has not changed; justify it how you will.
Anyway, it matters no more. I have the certification, and I am using it to its fullest extent. I am currently working on a disaster recovery plan, an encryption architecture approach, and an architecture approach to extending our existing architecture to the cloud; all of which are CISSP related activity. So, whatever; things we have to do and the price we have to pay just to be trusted to do work we already know how to do.
You should edit your original post with an update in big letters stating that you eventually passed otherwise you will continue to get advice from people in the future. No one will skim through the pages to find out that you actually passed. Unless you like receiving these type of "advice" posts then sure
First of all, congrats on clearing the exam, @Dr_C_Lace; as @Spoon2k said, it would be really helpful if you updated your original post to add that you passed at your next attempt, else others who just see the first few posts in the thread are likely to abandon their quest.
@Flyslinger2, I can relate to part of what you went through. Prior to the CISSP, I had taken certifications like the CompTIA Security+, MSCE: Security, CCNA: Security, and ITIL Foundation, wherein my usual strategy would be to prepare with reading materials, videos, and simulators / emulators if applicable --- for some months before an exam --- and then try some practice questions shortly before the exam.
It always worked for me until I tried the CISSP --- and flunking it was definitely a blow.
Anyways, I concluded that a lack of experience might have been responsible --- even though my earlier posts did involve elements of IT Security, they weren't dedicated to it. Unfortunately, garnering the needed experience wasn't a immediate option as I'd resigned shortly before the exam, so there wasn't much else to do but turn to practice questions.
When I retook --- & cleared --- the exam, only a fraction of the questions I encountered matched those practiced with, so it's clear that one can't bank on practice questions alone. Experience has a major part to play in this...