As a CISSP who studied for and passed the CCSP exam, how did you prepare? What did you find valuable? Did you learn through self-study, if so, what books did you buy? Did you attend an official training course, if so, which one? What was your study plan? What's your secret for success? We want to hear from you!
I have been a CISSP-ISSEP, CSSLP for many years. I was able to take a five day online live instructor lead course for CCSP through my work so it was 5 8 hour days. During the class we went through the Official (ISC)² CCSP Study Guide. They also provided us with a student account to cccure.education for practice tests. The instructor was a CCSP and was pretty good. She went through the guide and made sure to explain the topics and pointed out to us to make sure we looked at things from the Cloud perspective not a CISSP perspective because they are different. I think that right there was the biggest thing that helped me the most out of the whole week. When we were talking about the topics we discussed why or how the Cloud perspective was different than the CISSP perspective.
I will tell you one thing was very clear. She was not going to discuss anything about the exam and no one was going to ask about it more than what was in the beginning of the book. And the practice question were no where close to the real exam questions. They covered the same topics or similiar ones but not even close to the wording.
But this exam was not easy at all. I went in pretty confident and walked out just like any other ISC2 exam. Saying to myself I have no clue if I passed or not. Not until they handed me the print out did have a clue that I passed.
Thank you for asking.
Back in January 2017, when I left my last job, I studied my Master in Cybersecurity, research companies and started doing my security certifications. I looked up (ISC)2 website and booked a CISSP bootcamp in March . To gain confidence, I studied and passed my CompTIA Security+ in less than 3 weeks ( I wrote an article about this on LinkedIn).
Time flew and only 1 week before my bootcamp, I realized I only spent a few hours studying my CISSP! So I studied for about 4 hours a day for 1 week, took the bootcamp and took my first exam on March 11. I scored 686 and did not pass. You need to score 700 or more to pass.
The week later, I booked for the re-test, knowing that I need to wait at least 1 month before (ISC)2 allow me to re-test. The nearest date I could get within 50 miles drive from my home was first week of May. With almost 8 weeks before my next re-test, I spent 8 days with about 2 - 2.5 hours each day to study the (ISC)2 SSCP. I took and passed the SSCP exam with almost 1 hour left on the time allowable.
Again, I did not learn my lesson and only studied for about 10 hours during this time for my CISSP then I realized that there were only 4 days left before the exam!!! During these last 4 days, I spent 4-5 hours each day to studied (by this time I forgot a few things in learnt previously). I took the exam on first week of May and passed.
Here is the resource that I used (listed from least cost to most expensive):
1. 11th Hour CISSP by Eric Conrad (and 2 other authors). Great book that you can go through in a few hours.
2. (ISC)2 CISSP Official Study Guide book by Mike Chapple (and 2 other authors).
3. LinkedIn Learning (Lynda) CISSP courses
4. CISSP Tests and Study App on iPad (they probably have an Android version). The questions here are not close to the exam but they are good to test your knowledge.
5. CCCure - very valuable. I took over 1,000 questions to practice. I set the level to "Hard".
6. CISSP Bootcamp training (most expensive)
If you have good IT / Network background, I'm not sure if the training is needed. Most material I learnt was available from books. What I did learn was the exam techniques.
I haven't started yet but I will be taking this certificate through my bachelor degree program. I will be using their study material for the exam. If I feel it is not enough, I will purchase the book and run through that as well.
I just passed my examp on Sept 30th. Currently in the endorsement phase. I started 4 months ago preparing and completed the following:
I took my exam last year (2016), and passed on the first try. I took a live online class hosted by the InfoSec Institute. The class was in Seattle, but I attended it "virtually" from Sacramento. I like the live class format because it forces you to put down your work for 7 days and focus on the material. I took the exam a few weeks later, studying during those few weeks in the evenings.
I had already been aware of many of the tenants of the CISSP training due to a colleague, who explained many of them while we were on the job. However, there was much more to the exam that I had learned in the course of securing patient data. I bought the CISSP study guide, 3rd edition, (by Conrad, Misenar, and Feldman,) and found that it helped fill some of the knowledge.
I never cracked the "bible" on CISSP until after I had taken the exam, and was performing security analyses for clients! The study guides provided by InfoSec Institute were mostly sufficient for studying.
If you are trying to avoid the cost of purchasing a live class, I highly recommend trying to incorporate the tenants of the CISSP program into your daily life. It is much easier to remember how the exam expects you to answer the question if you have been thinking about it for a while and have made the concepts more than just etherial terms you are required to remember.
I recently earned my CISSP, but have been working in the security space for a long time. I'm going to assume you have good experience with infosec. For those who don't, the CISSP is a terrible place to start.
I bought the official documentation and the Shon Harris book. Both are great, just get one or the other. I read through the book and took way too many notes. Because of the nature of the CISSP, for each domain, read the whole domain without taking notes. Then read it again and take no more than a page of notes. Do this for all the domains.
I took about two weeks to read the books, then took a 1-week bootcamp. The bootcamp just made me realize I took way too many notes. I did make some good connections in it, though, so there are very strong ancillary benefits to taking the course in-person.
Do the simulators and take the practice exams. The test is as much about getting into the mind of the test writers as it is knowing your stuff. If your version of the books comes with flash cards, use them. I always carried a bunch around with me to read while I was waiting around for lunch or a red light or such.
When you take the test, for me, about 20% of the questions I absolutely knew, 10% I had no idea and just marked-down the one that seemed "most right", and 70% I was able to get down to 2 reasonable answers, then picked the best-sounding one. This is why people freak-out over the CISSP.
You'll also want to map-out the nearest bar to the testing center. Pass or fail, if you drink, you'll want a drink.
Thanks for asking your question. My journey to the CCSP was different than most.... (pomodoros, for those who are familiar with them,) ... This is not as difficult as it may seem but rather a matter of consistent formal habit.
Knew it from "Learning how to learn" 😄 Great Coursera course... Podomoro technique uses a timer to break down work into intervals, traditionally 25 minutes in length, separated by short breaks.
I hope I can have my CCSP early next year. 😄