cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
junghyun
Newcomer I

How I studied for the CISSP

Hello there,

 

Hope you're all doing well amidst the pandemic. This being my first post in this community, I am happy to start it with a positive venue. I took the CISSP exam yesterday, and all things considered with the recent changes in the CBK I thought it would be good to share my experience.

 

As preamble, I have a strong information security background, with over fifteen years of work experience in information technology management.

 

I first studied CISSP in 2019, completed all the eight domains during an instructor-led eight-class session over a month-long weekend course. Now, I can't account for others but for this certification I don't believe a six-day bootcamp will suffice to pass. Chances are, you will mostly be overwhelmed by the sheer amount of knowledge than what your brain can possibly absorb in that very short timespan. Even one month to cover two domains per week was very aggressive to me.

 

I strongly recommend planning a minimum of three months, and be ready to dedicate yourself significantly.

 

In May 2021, since we were back to the "new normal" I decided it was time I got over it, then I realized that things had changed. The new CBK wasn't released yet, although in the news the CAT in Pearson was already challenging the candidates with new materials. I basically had three choices. Either I subscribe to another CISSP bootcamp, wait until September for the new CBK, or just use my old materials.

 

COVID-19 wasn't helping much either so I decided to do this on my own, but rather than waiting until September I placed my bet on the online self-paced training to cover the new materials since my last time of study. Eventually, what initial two months I had planned stretched to three months. I believe I dedicated reasonable time to re-learn everything, in account of what I had learned previously in 2019. So again, three months would be the minimum required if you are serious about it.

 

My study materials:

Official (ISC)² CBK Training Seminar for the CISSP from (ISC)²

CISSP Official Practice Tests (Third Edition) from SYBEX

 

What I liked the most in the (ISC)² online self-paced training was, not only it covered up to date materials but it also restructured the course logically, such that instead of going through different domains it regrouped the knowledges in different chapters, further breaking down to several 1-7 minutes short but very concise modules to help your digest, while constantly keeping reference to the domain each topic belongs to. It is a very efficient tool to understand the baseline, connecting the dots and relating the principles.

 

The practice tests were supposed to provide a taste of what the actual CAT questions would look like. Actually, no. The practice tests are supposed to broaden your knowledge. Remember, the self-paced training is a baseline, it doesn't feed you with all the details. With test questions you can do more study, do more research, do more thinking. There are 1,283 questions which you can also take online if you register your book in Wiley website. This helps track your hit & miss, and your feel too, although not quite like the CAT you'll get eventually.

 

My method:

  1. Followed the modules in each chapter, visited all websites referenced throughout the modules.
  2. Stopped when I reached the "exercise" module (this was my milestone). Reviewed what I had learned since the last milestone before jumping to the exercise.
  3. Went through the exercise (a C-level requesting your feedback, a partner needing your opinion to resolve their issue, or a simple series of multiple-answer question).
  4. Compared my answer with the one provided in the training. Reviewed my learning.
  5. At the end of each chapter, challenged my knowledge with practice tests. Reviewed my learning

Out of the 1,283 questions in the practice tests there are 494 questions in the end, that I reserved for the review of my knowledge once I have completed the self-paced training. What's very important here is, no matter what you choose the practice tests are nowhere close to the actual CAT so don't be misled by believing if you memorize those answers you will somehow succeed. The practice tests can, however, help you identify the weaknesses in your knowledge so you can work on it.

 

Needless to say, there were a lot of "extracurricular activities" in support of my study materials. The reason why my initial two-month plan stretched to three months. If you opt for the (ISC)² online self-paced training, make sure to visit the websites referenced in the modules, for they will provide essential and tangible knowledge you won't find easily.

 

Exam date:

Some will book two weeks in advance when they feel ready for it. Some will book three months in advance at the very beginning of their journey as commitment. In my case, I booked two days in advance when I was done with my study. I was honestly lucky to have found an availability this close.

 

My feeling was, the field being so vast, no matter how long you've spent studying you'll never be quite ready for it. So once you think you're done then you are, mostly.

 

My exam:

Be extra careful with your time management. I spent too much time thinking during the early stage, which stalled me behind the clock. In theory you should not spend more than 1.2 minutes per questions in order to reach 150 within 3 hours, I ended up spending 1.4 minutes per questions and by the time I reached 100 I barely had 42 minutes remaining.

 

All the questions I encountered during the CAT were complex, situational, requiring critical thinking and most of the time I was able to eliminate the obviously wrong then I found myself hesitating between the remaining answers. Sometimes all four answers seemed correct, among which I was required to select what was best. If you're like me you will be challenged with the very principles you never questioned (if you just memorized), you will encounter terms and definitions you never met during your training.

 

As the exam progressed painfully, with the clock ticking and dangerously running out, I wasn't really sure how well (or badly) I was performing. Thus was my surprise when, upon answering my 100th question, the exam just ended.

 

I believe this "sudden death" is common to everyone, and will undoubtedly surprise everyone. In my case I got out with a "provisionally passed" result, and I can't be more happy with it.

 

My advice:

Aim at knowledge. Focus on learning, researching, thinking, and most importantly, relate with your own experience. Don't just aim at passing the exam.

 

Wish you all good luck!

 

Jean

4 Replies
csjohnng
Community Champion

@junghyun 

First Congratulations.

Good sharing of the your exam experience and preparation.

 

Yes, both domain knowledge and time management for the exam is key. Yes, if you are getting most answers  right, many people saying the "sudden death" is around 100 or 100 and something.

 

Agree that don't ever try to "memorise" the question and answer because it does not work and it does not worth also for ISC2 exam.

Consider them an exercise for a domain or knowledge check is ok and improve on one's weakness, and to familiarise with the domain. 

 

Your certfication process should be fast according my recent certification review process with ISC2. So it spare you the long wait process.

 

So a "pre"-welcome to the club!

John
tsiaterlis
Newcomer II

Thank you for taking the time to share this extremely detailed insight! 

Congratulations. 

 

Regards,

TS

Integrity doesn't only apply to data.
Dknoxy
Viewer

First of all Congratulations 

 

I have my exam soon and after a week long class based refresher and study I am hittng between 65-75% on the practice exams which is not filling me with huge amounts of confidnence as I am personally aiminig for 80%. 

 

Any advice on practice exams and what scores you were hitting before the actual exam and how close are the practice exams to the actual exam? 

 

Thanks 


 

 

Steve-Wilme
Advocate II

Personally I found aiming for 85-90% correct answers on the practice tests was the way to go.  

Also if on reflection you are weaker on a particular domain, go back and study it again, as attention spans being what they are you may well have missed something.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS