I passed in September 2017, first time. I attended a 5 day beginners course and read Shon Harris' book cover-to-cover (much to the annoyance of my partner), plus loads of searching Wikipedia. It was a tough 5 hour exam for me.
Amazed I passed. Struck me that it was often tricky working out what the question was actually asking (probably my strength) as it is some years since I have been in a technical role.
I began my preparation for the CISSP with a lot of excitement and hope to get into a full time security position. I took a 5 day class organized by ISC2 with an exam at the end of the week long class. The class gives you an up to date syllabus of the exam and good set of questions at the end of each day of the topics covered and a final comprehensive set of all 8 domains on the last day. I found this very useful and builds a lot of confidence. However utilizing other materials and understanding the content is very important as some of the questions on the exam are very tricky and the choice of alternative answers to pick from are often confusing and even sometimes irrelevant.
I studied for the exam for about 8 months with a full time job and attending to other family matters. At the end of the journey, you get a very good understanding of the various IT domains and how security plays a key role. I am able to relate to things in a much better way when I am in meetings and am watching webinars. With all that said, I am still not in a full time security role as I intended to be when I took the exam. I would like to hear from others if a CISSP title helped them get further in their career.
I took the exam as a general introduction to the security area. It was great. My lecturer kept saying the course is "an inch deep and a mile wide".
However, I imagine employers are looking for some depth in some relevant domains. I would set up my CV, additional learning, talk to professionals to target this.
Although my job description stated that I would be required to obtain my CISSP within a prescribed amount of time, no one ever held my feet to the fire. Instead I worked tirelessly learning everything there was to learn about my company and working to secure every discipline. FINALLY I decided it was time to focus on me knowing what I learned would of course make me a better security professional.
I received what I believe was great advise; get the CompTia Security+ cert first. Many folks told me that this would be super easy. I attended a one day class and we were told that the cert had changed and now it was more challenging. I have nothing to compare it to so I don't know how accurate this was. None the less, I studied, took the exam, and passed.
I immediately signed up for a CISSP boot camp. I received the book for the class a couple of weeks prior to the scheduled class. Because of personal reasons, I had to reschedule the class for several months out. This proved to be beneficial for me because I had the book. I read the entire book taking detailed notes prior to the week long class. My instructor was "okay". I sat for the test and failed. UGGGHHHH More studying!
Because I have a total daily commute of a little over an hour I wondered if there were any audio files out on the net. I discovered a treasure trove of audio files authored by Shon Harris. Even though they were old (2003 maybe) they helped me a ton. I listened to them whenever I got in the car.
Right before I sat for my second exam I poured over my notes, re-read each chapter summary from my book, and took practice test after practice test. I took the advise I give my kids "If you have an hour for a test, use the entire hour". Actually I think the exam took me about 5 1/2 hours. I went through the exam at least three times maybe four. I really took my time on EVERY question. Don't be hasty by choosing what you think is the right answer. READ the question and read EVERY answer before making a selection. There was one question that made no sense to me until the last time through. It finally clicked and boy did I feel stupid because it really was a simple question. I just wasn't reading it correctly.
When I was handed the piece of paper that started "Congratulations........" I rushed in to the ladies room and had to re-read it just to make sure it didn't say something like "Congratulations for trying a second time but....." lol
Don't give up on yourself and don't let your study guides collect dust on your desk. Make the commitment and dive in. Don't come up for air until you pass the exam. In the end, I'm happy I failed the first time through. I learned so much more having to sit for the exam a second time. The first time it was memorizing, the second time I learned it and am better equipped to apply it to my work. Good luck!
With whatever I'd taken before this, (CompTIA Security +, MCSE, CCNA, CEH, etc.) there was a pattern --- I'd read a little (courseware), watch a lot (webinars, training) and bank on my past experience to clear the exams.
All that changed when I attempted the CISSP. I flunked at my 1st attempt, which left me rather shaken. With no options for a refund / free second shot, I tried the exam again, but this time I played it safe, joining study groups, using practice questions & free online resources, etc. It took a lot of effort & cost nothing, but definitely paid off.
You'll be expected to know how things should done rather than how things can be done, so a lot of experience may not count if things at work weren't being done the right way...