Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ISC2 Team

Resources and approaches to preparing for any ISC2 Exam



I'm Terence (Terry) Dutton and as the Senior Exam Content Development Manager for ISC2 as well as a certified ISC2 member (CISSP, 2009), I'm in a unique position to provide a structured approach to preparing for any of our certification exams.  I can't go over actual exam content, but I can share what FREE resources ISC2 provides as well as the process I've used to successfully prepare for all of my certification exams (past and present) such as CISSP, PMP, MCSE: Security, and CCNA.


Just send me an IM on this platform and I'll reach out to you.

66 Replies
Community Champion

@tldutton @AndreaMoore 


Is it possible that you share tips/tricks/things with the entire Community.  MANY people come here looking for advice and it would be great to simply be able to point people to a discussion that had happened.



ISC2 Team

  1. First pull the most current exam outline; that will shape what you study--it gets updated every three years.  For example the CISSP exam outline:
  2. Go to the "References" page,, then go to the cert you're interested in.  This page is updated every January to reflect the top-10 references for each cert's domains (combined, then dupes removed) that were used by volunteer member SMEs to create items (questions) for that particular cert.  It's not all-inclusive and won't guarantee you pass but will give you insight into the top references used to support most of that cert's items (additional study resources)
  3. Pull the flash cards for the cert you're interested in.  For the CISSP, the cards can be requested at:
  4. Join the ISC2 Communities site,, then join the "Exam Preparation" board under "Certification" then join the "study group" associated with the exam you're interested in; these are found under "Groups" then "Study Groups", then join the appropriate board.

Those are the free resources that ISC2 provides to help with your exam prep. 


I highly recommend scheduling your exam first, giving yourself more than enough time to study/prepare for it.  Many times, if you don't schedule it, you'll just keep pushing it to the right then scramble to schedule it at the last minute.  If you think it'll take you six months, give yourself a buffer and schedule it eight months from now.


I also suggest reading the most current CBK for the cert you're preparing for as well as an "exam prep guide"; for the CISSP; don't rely on just one source for your studying. I personally read the entire current CISSP CBK as well as Shon Harris' most current CISSP Exam prep guide; find what works for you.  I also recommend taking a week-long, real time boot camp the week prior to your scheduled exam to act as a final, formatted study session and time to get all the concepts straight in your head. In reference to boot camps, go with a training provider you've used in the past that resulted in passing an exam or ask your peers who they used.  The company I used is no longer in business but they definitely helped me understand topics such as cryptographic algorithms better.


If you don't have any of our exams and are aiming for the CISSP as your first, I highly suggest starting with our Certified in Cybersecurity (CC) exam, which you can take a free course by ISC2 and get a free exam voucher for your first attempt.  This will expose you to how our items (questions) are formatted.  The process we use to create content for our CC exam is the same standardized process we use for all of our exams.


If you have any questions, you can always reach out to me via IM on this platform.



ISC2 Team


Newcomer III

@tldutton, first off THANK YOU for responding.  I love that you are engaging directly with members in this manner.


I saw and appreciate your comment about starting with the published CBK for any of the certifications.  My frustration with this is that the primary source documentation is significantly newer than the publish date of the ISSEP's CBK.  ISC2 does a great job with SSCP, CISSP, CSSLP.  ISC2 does a pretty awful job keeping the other certificate's CBKs up to date with many of them not being revised in years.  For CISSP, I was able to purchase a few sets of resources for study (first party and third party) this made it easier and more manageable for me to read, study, and determine if I wanted an official ISC2 class.  For something like ISSEP, the current CBK isn't published and the only way to get it is shelling out a couple thousand for a ISSEP class.


Thank you.

Andrew L. Kahn, CISSP, CCSP, CEH
Ham Radio Callsign: WA8LIV
Community Champion


@tldutton  @AndreaMoore 


 TLdutton wrote:


Since not everyone is starting from the same point, I adapt my advice to each person's specific situation. I shared the general information I provide in a subsequent post.


Thank you for posting the general information.


We are well aware that not everyone starts at the same point or that everyone has the same or similar issues.


The rationale for asking you to share is that we are a Community and the intentions is to share.  Many of us have staffers who might well benefit from your expertise or others who may be able to add to your advise for the betterment of the Community.




Community Champion

@ALKahn10 wrote:
...starting with the published CBK....  not being revised in years.

To be fair, Terry's recommended starting point is the exam outline (a 10-ish page PDF)  and the official references list. They both have a good reputation for being kept up-to-date. But more importantly, they come from the exam development team (headed up by Terry) so they do in the abstract tell you what is on the exam.  


The CBK is completely different.  It is fundamentally a reference book (like an encyclopedia), written by 3rd-party authors (instructors/teachers/execs), similar to the all-in-one, 11th-hour, Dummies, OSG, etc.   These are all written by experts who are good at explaining and have the necessary knowledge to expand upon the outline and to condense the reference material.  But, the authors have no more access to the exam materials than you, I, or any other author. The only real "advantage" the official books have is an endorsement. I personally did all my studying with "non-official" references and did just fine.


More than any particular title, the much bigger take away from Terry's post is to select a variety of study materials from different authors and different learning mediums.  This helps reinforce the underlying concepts and helps one become less dependent on a particular author's writing style.

Advocate I

@denbesten wrote:

More than any particular title, the much bigger take away from Terry's post is to select a variety of study materials from different authors and different learning mediums. 

I think the worry about study guides based on "old" material may be more psychological. It's been 20 years since I took the CISSP, but I have worked with younger colleagues who have prepped for the exam, and the content is remarkably evergreen. Of course they don't know that. I think there is a tendency of feeling they are working with "wrong" material. As I tell my kids, just because something is old, it doesn't mean it's wrong.


A lot of this for me is part of the broader challenge we have in the industry and the workforce in general. Jobs have gotten so specialized that we're limiting experience. While many people learn better by doing, part of experience, too, is finding that variety of materials and having to dig through them to triangulate an answer. I think a lot of folks today studying for credential exams are reliant on study guides rather than experience or a collection of materials they gathered while wearing multiple hats in a job.

Viewer II

I need to delete this...

Newcomer I


I am preparing to take the CC certification on December 30. I'll love to have some resources and approaches toward preparation.

Thank you