Dear ISC2 Community,
It's a pleasure to have joined you!
I am getting ready for my 2nd CISSP attempt, having failed the first about 9 months ago. My preparation back then included studying on the "Eleventh Hour CISSP®: Study Guide" and doing all questions on that book plus other questions found online. I took many notes while studying the book and I practically re-wrote it in a summarized format so I was pretty strong on the theoretical part but I admit I underestimated the difficulty of the exam and did too little practice. This is the reason why I failed although not in a terrible way, as I got "Below Proficiency" on 2 domains, "Near Proficiency" on 5 and "Above Proficiency" in 1.
After a bit of discouragement and a break, I committed to try again and I started doing a lot of practice tests. I have downloaded the "PocketPrep CISSP" app and bought a Premium Account. All the questions and answers are based on the study guide by Mike Chapple and they come with detailed explanations after the test is done. I have been practicing every day, multiple times a day for more than 3 months now and my scores are consistently above 70%.
The question which I am finding incredibly hard to answer is: am I ready?
I hoped you can help me answer this question by sharing your experience and particularly the moment when you said to yourself "I am ready, I got this!"
What other practice tests or preparation material can you recommend, that is compliant with ISC2 policies and is as similar as possible to the real exam?
A bit about myself: I have 9 years of IT experience, the last 5 and a half of which were a full immersion in security as I have been working in a Security Operations Center of a large organization, in several roles.
Educational background: B.S. in Computer Science
Other certs I hold/held: GCIA, CCNA
Thanks in advance for your help!
Interesting, thanks for all the details!
Welcome and sorry to hear about your previous result. With CISSP, as the questions in the exam are not B&W same applies to various perspectives and advises. I also passed my CCSP (May 2019) and CISSP (Dec 2019) in the first attempt. In terms of preparation I used Boson tests (only once) and never cared what % I was getting. Did ISC2 Prac test (only once) in one go and again never cared about the scores. I used Shon Harris 8th edition, Official CBK (pretty much use less) and Sybex official study guide. Nothing else. If you keep on doing practise tests then I suspect you will train your brain to a point that it will start to look for obvious choices and do lesser thinking. I felt that myself. 11th hour is a summarised book so you summarised a summarised book. I don't know how much time you have but I swear by Shon Harris, if someone wants to make notes, Shon Harris is a very good choice and so is Sybex Official guide.
Unlike other exams CISSP basically tests your capability to apply the knowledge in the field. If you are able to see the use cases which you didn't notice before, that means you are getting the concepts. An example can be the assessment of the Information Security Management Policy Framework which involves Policies, Standards, Procedures, Guidelines etc and regulatory/compliance requirements of your organisation.
Other example can be to look for data protection standards and see what ciphers are being used, are they relevant and in commensuration of the value of the data, key management etc.
My subjective assessment is CISSP is all about applying the knowledge and select the best approach under given circumstances.
Good luck for the next try mate
Study the book! That's basically it. I constantly used the official CISSP study and test apps on my phone to check the level of my knowledge and watched Kelly Handerhan explain it to me on Cybrary videos.
The questions on the exam are way different than anything you can practice online. Anyway, I'm positive that if you put enough effort in it that you can pass.
I am happy to communicate that I have provisionally passed the CISSP Examination at my second attempt, today.
Following up on this thread, I'd like to explain how I integrated my study practices hoping that my experience could help other members of this valuable Community from which I have received substantial help.
After having essentially exhausted all the questions on the Pocket Prep application, I went for another good round of theory and practice. I bought the Official Study Guide (Eighth Edition) and I have read it cover to cover on my Kindle. This is probably the first big book that I have studied on Kindle and I have to say my experience was great. I made hundreds of digital notes of it and commented on all the parts that were hard for me to digest. I have almost never read those notes back, but the sole fact of commenting made it easier for me to process the given piece of information. At the end of each chapter, I would do both the written test and the 20 review questions. For every wrong answer, I would re-read the concept and try to understand it better and describe it in my own words.
In parallel, I subscribed to the Sybex/Wiley portal and downloaded the CISSP Study Official App. Without exaggerating, I think that over the last one year and a half I didn't let a day go without doing a quiz (ok, maybe 1 or 2, but you get the idea 😉
On the Wiley portal alone, I clocked more than 16 h of pure quiz time averaging ~ 82% correct answers. For every single quiz, I would review the wrong answers and understand why I got them wrong and how I could change my mindset to get them right. I also took screenshots of the answers I got wrong, for me to review multiple times.
Another very useful source was the Cybrary Course by Kelly Handerhan. I watched it once, in parallel with my Study Guide read and I listened to it fully once again, the days preceding the exam. I especially found this last practice very useful to "bring it all together".
Last but not least, I have read and tried all the questions posted in this thread (thank you @rslade !)
They were very useful to set my mind back on the real exam question type (as all of you said, very, VERY different from everything one can find online).
Oh, and I made mindmaps (especially one for Cryptography which I'll share with this community as soon as I have a moment). I even made up songs to remember the Block and Key Lenght of each Block Cipher and jotted all down today on my note page... and surprise, no questions about that! 🤣
Now, I'd like to answer my own question: "When was the moment when you felt you got it?"
In my particular case, I have never reached that moment. This is by far the hardest exam I have ever written and the one I have studied for and suffered for the most. The scope and subjects are so broad that I don't think one person can possibly achieve 100% confidence in everything. I did, however, get to a point when I realized that "I had never been MORE ready than now and I don't know if I'll ever be without working another 20 years in this field".
To sum it all up, this is a scary, complicated, challenging test. The key to success, in my opinion, is perseverance.
Don't set the goal to study and do this test in 1 or 2 months. Allow yourself the time to soak up the concepts and make them yours. Don't care too much about deadlines and enjoy the journey.
The exam's only purpose should be to validate the knowledge, experience, and mindset that you have gained over the years.
Thanks again, everyone!