I am currently working on getting my CompTIA Security+ cert as a warm-up, and then I want to start hardcore working on getting my CISSP cert. What are your best recommendations for study resources and learning strategies to prepare me for the test? I will have accrued the necessary experience by around the end of 2018, so I want to use 2018 to prepare.
Thank you in advance for your tips and advice!
I earned my CISSP in 2012, so it has been awhile. I think I was actually one of the last people to take the test with paper and pencil instead of computer.
My advice: study, study, study. I have heard that the ISC(2) study guides are good but I didn't use them (or else they didn't even exist...I don't remember). I used the Shon Harris All-In-One Exam Guide and her book of practice exams. I reviewed the whole guide over the space of about 3 months and I set a goal of taking and passing every test in the practice exam book.
I also booked a room at the hotel where they were giving the exam and spent the entire first day doing practice exams. Then I got a good night's sleep, woke up the next morning and took the exam.
Good luck with your exam, I hope you pass!
I'm in the probably unusual position of actually having sat the CISSP exam twice, and passed twice. I was too busy to submit CPEs(or so I told myself at the time). After you pass and go through certification I don't recommend doing the same... it's expensive if nothing else.
Here's how I would approach it:
1) Buy/Inherit/borrow the big heavy official book, or one of the others make sure its well recommended and mainstream. I found the second time round they were more focused and appropriate than even the book by the late great Shon Harris. Read it little and often and well in advance, schedule time and be disciplined, reading for 40mins to an hour and summarizing notes for 5-10 mins. Look up things you note and are not clear on from a different source, this gives perspective. The body of knowledge is big, but not rocket science take a reductive approach and build bridges between the islands of knowledge start with one of the eight domains(we used to have ten in the old days, we were robbed I say!) you know the best to get familiar and aim to spend longer on those you don't. Do not leave the least familiar till the end, you require time to assimilate the unfamiliar. Pick up the tempo 4-6(your milage may vary) weeks out.
2) Join a chapter, get a mentor, study buddy, whatsApp group(more a CCSP thing I've found) and share the burden. A problem shared is a problem doubled! Official review course is great too if you can afford it/have sponsorship. I had one paid for CISSP by my employer at the start of the decade, and I took the virtual CCSP training with Moshe Ferber, who was very knowledgeable and a lot of fun(big shout out to CCSPHK Dec15! - you know who you are).
3) Come the exam be reasonably well fed(not too much now...), be well rested and book it when you will be at your best in the day, try to do it at a quite time in the week, month, quarter etc. When taking the exam remember, it's as much a comprehension exercise as its a test of remembered facts. Answer all questions, mark those you don't know and move on. The exam covers so many topics and has so many questions one or more of them may remind you of the answer to one you thought you didn't know.
Others may well have more, even better advice for you. Ultimately it's only you and what's in your head in the testing center, so enjoy it, answer well, bravely click the finish button at the end and at least know you'll know if you've passed quickly. 😉
Best of luck,
You have received great advice in this thread already!
I would just add a few small things - those are:
Best of luck!
Echo other comments. I too used Shon Harris' book as the bible when I went for it (actually still sits on my shelf and I've gone to it as a reference from time to time). But that was also 15 years ago. Before social media, and before a lot of online resources. Which I'm sure you can take advantage of these days.
I think one key is to understand the type of certification this is. Unlike some of the big vendors (Microsoft, Cisco, Novell, etc.) - the CISSP is a management exam. And as such, the topics are more abstract. There are often not a "right" answer - but simply the best answer. So you do need to have very good understanding of the topic. Memorization is not something that will help you here.
As they say - the tough part of this certification is that the breadth of coverage is "a mile wide, and inch deep".
I think they've shortened the test a bit since I took it, but it used to be 6 hour long. I would always tell people to make sure they are hydrated and to make sure they eat a decent meal to keep their blood sugar at reasonable levels. There are plenty of guides out there. I recommend using 3 from different authors. I'm a tactile learner, so having a lab set up and running through some of the concepts manually was helpful. You should be able to sit down an write all the formulas on the scratch paper before the test starts.
The questions are tricky, so I developed a strategy for the questions. First, identify the domain. Second deconstruct the question, take out any distractors and reconstruct the question. Read all the answers. Read the question. Select answer. If you practice this on practice exams you can knock these steps out super quickly.
Finally, do not cram over a short period of time. Dedicate the time to understanding what you are reading, I recommend 6mo-1yr study on top of experience. Memorization will not get you through this test.
Honestly, the best advice that I got out of the SANS prep class was:
- if one of the answer options is some variation of "defer to the business owner" or "consultant an attorney," that's probably the correct answer so far as the exam is concerned. If answer B is the correct technical answer but C is "do what your boss says," hopefully your boss tells you to do the correct thing. Otherwise, this is what risk acceptance forms are for 😉
In 2011, I went to a CISSP boot camp run by Training Camp, trainingcamp.com. It was five days long and the sixth day was the test. My company paid for the course and also for staying at the hotel that held the course. I cannot recommend that course enough. Even though I had been self-studying for a year, I found out that the way the questions are presented would have made all my answers wrong. I basically slavishly followed every suggestion the teacher made. If you plan on doing it all on your own, here are a few takeaways from
my experience and the class:
1. Study from the official ISC(2) books, so that you will understand how the questions are presented and answered correctly.
2. Get a hotel room near or at the test site and get a good night's sleep before the test. Don't skimp on breakfast or snacks and water.
3. You will only know how to answer 100 of the questions. You will be guessing on the other 200, including the ones you won't be scored on because they were snuck in as a dry run for next year's test.
4. Due to a totally stupid reason, there were too many BCP/DRP questions on the test for it to be a coincidence, just as the teacher had predicted. I don't know if this still a factor, but keep it in mind.
5. If you don't pass, start studying again immediately; keep that knowledge fresh for your retake.
Best advice I can give, Set a test date. Schedule the test and pay for it. By setting a test date you will force yourself to study and be ready by that date. If you go the other route and say "I will set a test date when I am ready to take the test." You will find that it will take you longer to get to taking the test because you will have the urge to think that you are "not quite ready yet". I have supervised many people who had to take certification tests and the ones who were most successful were the ones who set the date, even if it was a year out, than the ones who kept waiting until they were ready.
Passed my CISSP on Sept 30th, 2017. Started June 5th 2017 and ended my journey on Sept 30th. Before I started I performed my "due diligence" on researching what other successful people did before me. Since it worked for my PMP, why change my methodology. Once I settled on the resources, I put together a formal CISSP Study Plan. Treated my CISSP as if it was a formal project. I studied every single day. Never once did I miss right up to Saturday, Sept 30th. Used the following resources:
I also created a CISSP study group that the 5 of us would meet every Thursday and give a 5 minute class to the group on what they thought was their “weakest” subject. The best way to learn a subject is to teach it. The week before the final exam, I took the 3 Transcenders exams (Mon, Wed and Thursday). Friday I read Eric Conrad’s 11th Hour book. On Saturday my test was scheduled for 1:00 PM. Started on time. Completed exam in 3 hours 42 minutes. Passed.
Good luck and hope you succeed!!