15+ years in the industry, having finally passed this exam today, felt it prudent to give back and share my experience.

My story

- Undertook a 5-day class room course a year ago (2018). For me it was to get an overall understanding of the content and identify which areas I would need to focus on in my further studies. I've always liked the collaborative classroom experience of learning from young, particularly if the instructor and fellow students are all switched on, which thankfully I was lucky that they were.

- I soon after scheduled the exam for later in the year, but then re-scheduled it to early this year as I had barely studied. One bit of advice I would give, even if you're a person who needs to set the exam date goal to motivate yourself, take into account all life matters first. Between many major family commitments, it was clear that 2018 was not the year for me to take the exam, I had bit off too much and could not dedicate the time.

- Approx. 3 months ago decided it was time to get serious as I realised the new date I had set for the exam wasn't going to work either, and so I re-scheduled the exam a second time with a June 2019 deadline. I decided I now had some time (but really not that much more) to dedicate to studying to make my first attempt at this, and hopefully my only attempt.

Pleased to say I today provisionally passed it on my first attempt, and the exam ended after I answered the 100th question. It really is a great feeling when your hard work pays off.

I must admit I know that for many reports that the exam ending after 100 that this means a pass, but I was also aware if the CAT exam thinks there are not enough questions left for your to reach the required 700 of 1000, it will also end early. Read that somewhere. So I was both excited but also in deep fear. Why? Many of the questions scared the hell out of me as they talked about topics and/or terms I had not seen in any of my materials. I read and re-read all items on the screen and just made an educated guess. I wonder if these were the 25 research questions they say are there and not scored? Sure felt like they had to be. Other questions I knew the content but felt I at times second guessed myself expecting that perhaps I had misread the question or a word here or there, and feared I had made a simple mistake.

Materials used

- the 5 day course I mentioned, and these vary in quality around the globe. This course is run by a national training company in my part of the world (hint, the only both country and continent surrounded by water), and the instructor is a well respected security and IT professional who "collects certifications for a hobby". They're not arrogant, they're just really switched on and their "war stories", anecdotes and experience really helped in understanding much of the content but also how the content needs to be understood for how the CISSP exam tests for it. i.e. don't add any context to the questions from your personal experiences that aren't there in the question.

- CISSP Exam Cram (4th Edition)

As part of the course they provided a copy of this book. Instructor felt it was a good summary of the content. Despite a few online reviews saying otherwise, I have to agree, I read it on the way to and from work these past 3 months. There was supposed to be a 2018 5th edition of this book to address the re-arranging of the 8 domains, but it never got released. Still, a solid book with its own practice questions.

- Cybrary's free CISSP course by Kelly Handerhan

Watched more of this in the past fortnight as a refresher and also for tips in how to absorb and remember some of the more hard-to-remember concepts or names/terms, especially around security models and cryptography. I highly recommend this one, Kelly puts things into terms that are easy to understand and recall. I had tried the Pluralsight equivalent (via a free work subscription) but found it very dry, essentially they just reading what the slides would display.

- (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition and CISSP Official (ISC)2 Practice Tests, 2nd Edition combo

Ok, so the big Study Guide is far easier to read than the actual CBK text book, but the reality is I never got around to reading more than a few pages of it, I just felt time was against me versus the time I had in my life to study. Hence why the two items above I used as my main source of study. If you have the time you should use it, as let's be honest it's from ISC2, so it covers all items that would be on the exam, no gaps. (one would hope)

BUT, between the guide and the practice exams book, these two come with thousands of practice questions to test knowledge and understanding.

What's cool is that by buying these books you can register them at the Wiley test banks site, and get access to the very same questions in an easy, almost final exam like flow, which is far easier than balancing books on your lap. Likewise this platform also provides metrics etc, and has all the answers appear (if you choose) per question. I interchanged doing lots of these questions and the Cybrary videos this past fortnight.

I do agree it is somewhat true the questions in the exam differ from anything you'll find, however I felt that by doing hundreds of the practice questions, it allows you to get the feel for the type of questions and knowledge you would need. The key difference is that the actually exam definitely does do what everyone says, lots of "what is BEST, MOST, LEAST" etc style questions and that it combines lots of concepts into the one question. Which is what you would expect and want from the CISSP exam. To test that you both recall and understand the CBK making you a security professional.

Best of luck to all CISSP candidates and I hope this helps someone.