CISSP provisionally passed March 14th - comments and advice
I just passed (provisionally) the CISSP sort of 4 hours ago, and as I've been for the past three months reading other people experiences on the CISSP exam, I guess it's fair to post mine.
My study materials
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition. (9/10)
Sybex CISSP Official (ISC)2 Practice Tests, 2nd edition. (9/10)
11th hour CISSP. (8/10)
Boson CISSP tests. (10/10)
3 years as a sysadm (back in 2001), doing system administration, user management, firewall management, and some network maintenance.
3 years doing IT security tasks: IDS, vulnerability management, monitoring, etc.
12 years as a GRC consultant: Risk assessment, ISMS and 27002 assessments, BCP, privacy, policies and procedures, compliance, etc.
CISA and CRISC.
"Methodology" (sort of)
For the study, I read (and highlighted) the Sybex book and the 11th book (just one time), and then did all the Sybex practice tests (8 domains + 4 more, about 1300 questions). After that, I did the Boson tests several times (what made no sense after the 3rd attempt, as I had somewhat memorized the response), and finally reviewed the wrong answers in the Sybex tests. I also viewed a couple Kelly Handerhan videos, on tips for the exam and Kerberos explanation.
To do tests is critical. Read the materials slowly and then get deep into the tests. Sybex and Boson tests are both fabulous. Probably Boson is more close to the real thing (and I would say quite a bit), but the importance relies on reading and understanding the explanation. In total, my score of the tests was about 75% right the first time, even though I was not really paying much attention to the questions and I missed some obvious, so it should have been around 80%.
Day of the exam
I approached the exam with the feeling that there were some things I didn't know well enough, but also with the feeling that I had a pretty good knowledge of all domains. Even though, I was worried because I wasn't totally confident with things such as the F agan phases, the full details of Kerberos or all the crypto key and block size stuff. I knew most, but I had the feeling there were details I was not remembering.
It took me about 90 minutes to do the 100 questions I needed to make it thru. To be sincere, I had no clue if I was in the right direction or not.
About the exam
I've read many frightening posts about the exam questions, the exam wording and the tricky options, and i was REALLY scared, but that wasn't my experience at all. I must admit I didn't find the exam particularly difficult to understand, and I am not an English native speaker, for those of you out there that are not native English speakers. The questions were one or two sentences long, easy to read and pretty clear grammatically, in my opinion.
(I'm probably a little biased now that I've passed the exam, take that into account).
There are many tips on how to pass the exam. All I want to say is that the exam is passable. Study, practice, and you can do it. And remember, you can fail some answers and still pass. Don't be discouraged if you don't know something or if a given question sounds alien to you. Move on and try with the next one. For those of you that have failed, don't let that get you down. You can do it.
Re: CISSP provisionally passed March 14th - comments and advice
One more thing. CISSP is not quantum physics. What makes it hard is the, vast amount of materials (concepts, technologies, protocols, methodologies, etc.) and time to study and the scaring fact that you don't know what you are going to face the day of the real exam. But everything is out there. Some will need more time of study, some will need less, some will be lucky with their questions, and some will not. But at the end everything you need to learn is in the books, Wikipedia, NISTA, etc. Good luck (it always counts) ;-)