Wanted to share my CISSP experience with the community. Did my CCSP in May this year and started my CISSP journey In July. After searching through various posts for study material and approach, I settled down with thorough approach rather than the quick exam oriented approach. I bought the following books:
Shon Harris 8th Edition (Excellent read. Prepares you very well and thoroughly for the exam as well as for the field. Keeper. However; it doesn’t cover all of the terms, standards and management stuff which is required to pass the exam. External research is still required. Great value)
CBK Reference 5th Edition (Now this book is a total disappointment and torture to read. The book deviates from the topic without any notice. You are reading something and all of a sudden you sense something doesn’t make any sense here. Then you go back, re read and realise that the writer is now talking from someone else’s perspective. This happened to me with CCSP CBK too. But I read good things about CISSP CBK in various forums so I took the chance but I was wrong. Adds no value)
Official Study Guide, Sybex, 8th Edition (Excellent read. Not as detailed as Shon Harris but as good as Shon Harris. Covers a few of the gaps that Shon Harris has. However, external research is still required. Great value). None of the books cover the security management stuff in enough details.
I bought Boson and ISC2 Official tests. Boson tests are good in making you think and relate various concepts together. ISC2 tests are simply there to test your memory, as in how well you remembered the official study guide. I only did the questions once. I saw many terms, names, concepts and standards which weren’t covered in either of the book. I researched those terms on internet. I made sure that I wasn’t only able to pick the right answer but was also able to explain the remaining options in the answer. I scored between 70 – 80% in the practice tests. If someone is planning to count on these exams then it’s my moral obligation to inform, please don’t. Not even a single question was from these tests. Not only that; if someone is thinking that there would be direct, pointy, and to the point questions from the study books, please don’t. However if you have read the books seriously then you would be (in most of the cases) able to pick the best answer. Usually all answers are right but you need to pick the best.
Exam was on 20th December. I don’t usually like the afternoon exams but wanted to try one time before Jan. As expected the exam was a mental torture. I was going through my memory sectors to find relevant terms, words or sentences that would match the options but no luck. Questions appear alien. After struggling for some time I looked at the screen, I was at question no 7. It felt like eternity. I started to think about the next try in Jan 2020 but wasn’t sure what would I do differently than what I have done this time. So, I thought if I am going to fail then forget books or tests, just rely on my good old friend, common sense. After that I stopped when the test stopped after 100th question. Took me 2 hours and a few minutes. I raised my hand, got out, collected my report card (didn’t have a look at it), folded it and left the center. I had no courage to look at it and secondly I had a pretty good feeling about the result. Upset, I hit the bar. After 2 pints I collected enough courage to unfold the report card. A burden lifted. I remember only two words ‘congratulations' and ‘provisionally’. I also lost the count of the pints.
To pass this exam one should be able to understand and explain all options presented in the question. Secondly, we should be able to constructively apply (not only use) the knowledge we gain by reading the books. Next step ISSAP. Can someone please provide some guidance for ISSAP?
The exam outline is a good place to start with. ISSAP is a "concentration" which there are domains "overlap" the CISSP one, which means you may need to refer back CISSP material. (I hope you still keep the materials and references.).
The Official (ISC)2 Guide to the ISSAP CBK (2nd edition) is another good place to start with, although the material is "old", and try to use the ISSAP Flash Card in complement to get the "up-to-date" material and you will know more about what ISC2 is expecting on ISSAP.
Of course you can take the official ISC2 self-place training on ISSAP if you have good resource ($$ backing), I did not take that, so I don't know the content and I can't comment on that.
What is not overlap with CISSP, mainly will be cloud, architecture framework and some appsec (domain 4,5,6 respectively). You have done CCSP, I think those knowledge would definitely help, revisit and refresh on cloud security material.
On top, knowing some basis architecture framework ,such as SABSA would also help. At least for myself, I am TOGAF certified and knowing a bit on SABSA and Zachman Framework myself.
Honestly my personal experience on studying ISSAP is definitely not painful but rather enjoyable, but like you said during the examination itself may not be so "enjoyable".
Hope this help and good luck with the study and exam.