I know this is not what people want to hear but it was my experience. I got a Bachelor's and Master's degree in Information Assurance before I took the CISSP (after learning that the CISSP was worth more than degrees to some employers). I didn't really study for the CISSP, because over the course of 6-7 years in college, I had learned most of those topics already. I did do the official (ISC)2 study guide practice tests a few times, to get a feel for the question styles. One aspect that is often overlooked is trying to relax the night before - don't stay up late trying to cram those last few practice exams - get a good night's sleep and go into the exam refreshed.
I just passed CISSP, and that's what I did to prepare and hope this will help:
it took me 4 months to do the below with min 1 -2 hour per day "work days", around 4 hours during off days as I work on shift basis so my off are 2-3 days xD 😄 which is awesome for the preparation:
1 - I watched the awesome Kelly Handerhan's videos at cybrary IT, it gives a good overview and put you in the right mindset for the cissp
2 - CISSP (ISC)2 Certified Information Systems Security Professional : from wiley.com book
Sybex- 7th edition , very detailed but this was also useful for the cissp mindset.
3 - CISSP official practice tests , this was awesome to test your preparation.
4 - Eric conrad 11th hour guide -3rd edition : good summary to wrap up things
5 - sunflower mind map , nice mapping per chapter.
What I felt during the preparation/exam and after the exam that the overwhelming topics/resources are there to build a security pro mindset, CISSP target isn't to memorize all these stuff, but building layer over layer in security pro mindset.
Enjoy everyday, developing the right mindset will help u in both career and personal life.
Have fun ^__^
As a new to community, "Hi to everyone and greetings from Finland!"
I have keep reading, a lot, before the CISSP, while studying for the CISSP and also since then. I have to admit I hadn't went through that many NIST documents before the CISSP but those times really opened my eyes. Huge amount of great, valuable and really important stuff. A tremendously great source of course for the CCSP (as I see the cloudy stuff to be pretty much same thing as rest of the IT (security) field, just a "little" bit different twist).
Also CSA and Enisa do provide great documents, emphasis on the CSA most certainly. If you already haven't done so I suggest you to read through the CSA's "Security Guidance v4.0" after reading v3.0. Just because the v4.0 is such a great update with very valuable updates.
Beyond Enisa and CSA suggested reads there is of course the books. "The Official (ISC)2 Guide to the CCSP CBK", "CCSP Certified Cloud Security Professional All-in-One Exam Guide" and "CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide". Of which I think if you just want to read the best you should pick the "The Official (ISC)2 Guide to the CCSP CBK".
Is it necessary to read such a huge amount for the CCSP? Honestly I don't think so. It's just me and my mind which likes to learn and learn somewhat different perspectives as well. Which is why I more often than not end up going through the sources referred in the books as well.
Speaking of valuable sources, without any connections I do strongly suggest the "Cloud Computing Weekly Podcast" by David Linthicum. Somewhat great way to stay updated on "hot stuff".
Certified in 2011 and at that time had nearly 30 years in the business, but that's all in the government, which is very different than commercial.
Took week long unofficial boot camp as topic intro.
Bought the Shawn Harris book and DVD's, also had the official ISC2 book.
Bought subscription to Transcender.
Had legit access to retired exam questions.
Set a target month to test.
Studied every night for 3 months straight, without fail, for 2-3 hours, hardly saw my family; listening to the lectures, taking the exams, and reading. Scheduled the exam when I was scoring consistenly in the 90ish%.
Was lucky and passed the first time but that test is grueling. Cramming and cruddy sleep the night before, up at zerodarkthirty to drive to Seattle. took me about 4.5 hours and I was positive I failed because I was one of the first done.
Just lucky I guess.
Kelly Handerhan is great. Her CISSP course is great (and apparently the content of the CCSP course is at least partially "clips" of the CISSP course).
I used the (ISC)2 CSSP CBK and it covered the bulk of the exam but there were areas in the exam that were not touched in the book so I would encourage folks with less exposure to the cloud to review general information on cloud architecture. The NIST documents and SRG are good starting points.
I was asked a similar question and frequently am asked when I present at a conference. I wrote a blog post that sums up my advice. https://debinfosec.com/isc2-test-tips-cissp
With CSSP I have taken the exact same route as my CISSP which has been to perform an initial passthrough of the self-stufy course material text book 'ISC2 Official Study Guide' while using a mind map tool (xmind) to take notes on the various domains. As the exam date approaches I was taking mock test as provided by the book and the extended online version. Finally I downloaded a 3rd party mobile app for quick tests and flash cards which helped a lot. This time around ISC2 have an official mobile app for iOS which includes practice tests for CCSP. I found the mind mapping to be extremely useful as I used it as a reference up until the exam. With the pracice exams you gain a good understanding of the level while identifying areas which require attention.
Passed the CCSP in July of this year.
I read the sybex book and purchased a months access to the practice exam questions at cccure.org.
Its not a brain dump site, good content that lets you know if your on the right track.
I also passed the Cloud Security Alliance CCSK in May, the materials are free so I reccomend reading through them at a minumum.