Drowning in CISSP knowledge

jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
So I've been studying CISSP for a couple months now, after passing my SSCP. I work in InfoSec, with 15 year's experience in IT. I'm studying for an hour each morning, lunch time and evening 5 days a week, plus 2-3 hours each weekend. I'm following a system that worked for me with SSCP and previous certs (see below). Yet I feel like I'm drowning, and worry I'll never be ready for the exam. For example, I've worked with networks for 10 years, yet when I took Shon Harris' network questions, I failed them both! And that was after studying the network domain. I got 3 or 4 questions wrong in each set. The stuff I have experience in stays in my head fine (about 65% of all domains), but the remaining 35% just won't stick.

Any tips? There's just SO much knowledge to consume, that by the time I get to the end of a domain, I've forgotten half of the stuff from the previous domains (stuff which I don't use in my job). I'm used to exams testing my technical knowledge and experience, not my ability to memorise a million things, half of which I never use!


1. Read CISSP Study Guide (Gibson) cover to cover, making highlights and notes. DONE.
2. Watch CISSP Webcast in a specific domain.
3. Read Eric Conrad's study guide in same domain.
4. Re-read all highlights and notes in Gibson book for same domain.
5. Read the InfoSec Handbook in same domain.
6. Watch CBT Nuggets for same domain.
7. Take Shon Harris quizzes (two of them) in same domain.
8. Repeat process for all 10 domains. TWO DOMAINS DONE SO FAR.

Once all 10 domains have been covered like this, I plan to do the following:
1. Read Eric Conrad's 11th hour cover to cover.
2. Take StudiScope test 1.
3. Re-read all my notes, highlights and bookmarks in all books.
4. Re-read Eric Conrad's 11th hour cover to cover.
5. Re-watch all CBT Nuggets.
6. Take StudiScope test 2.
7. Read up on weak points highlighted in 2nd test.
8. Take StudiScope test 3.
9. Re-read all my notes, and the Combined Notes PDF.
10. Take exam.


  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    This might sound a little counterintuitive but I would recommend maybe narrowing the study sources some. Without a doubt there are benefits to using many multiple study sources but your list is quite expansive. If you can narrow that down some and then study the domains you are struggling with from the remaining sources you might have more luck.

    With that said I definitely recommend keeping Conrad's Study Guide in the list.
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
    When I read your list i though "wait what? read, video, read, read, video, read, quiz?" I think it's too much and you may be experiencing fatigue. This reminds me of when I started to learn subnetting many years ago. I read every single method or trick I could find. I ended up retaining nothing and convinced myself I would never be able to subnet. Fast forward a few years. I stuck with one method I found here. In a week I was subnetting without even thinking bout it. Sometimes less is better.

    Have you been able to identify where exactly are you failing? I wonder if you may be focusing on minutiae that is outside the scope of the test. Also, have you done quizzes other than Harris? Perhaps trying CCCURE, McGraw Hill and others will help paint a better picture of where you stand.
  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■■■□□□□□□
    I think zxbane and cyberguypr have you covered on the advice portion of this but I wanted to chime in. I just wanted to let you know that I share your same frustration. Often times, I try to figure out how deep is deep enough for the CISSP. I've completed the AIO and the McGraw-Hill questions. I did feel like the McGraw-Hill questions made me think about my answers. Personally, I really liked the AIO because of the depth but I know I didn't retain all of the knowledge in the 1400 pages. I'm going through the Eleventh Hour book currently so I can report back on that soon. As the other guys stated, don't overwhelm yourself with determining how many different sources of material you need to get through to be ready. I know I'm probably doing the same thing but I think we are hyping the test up to be 1000x more challenging than it really is. Now, I could be wrong about this but that's the way I see it. Good luck with your studies!
  • kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    From personal experience (I've taken the test twice), I would use CCCure for your test bed, along with total tester. Conrad's book is a good base, but I would consider using Shon's book as well. The key is getting to 250 questions, and aiming for 800. I paid for the Studiscope questions, and found that they were sub-par.

    For the SSCP, I found that CCCure gave me a good idea where I was at. I started with 50 questions, and worked my way up to 125. I haven't seen anything out there that's been updated for the CISSP with exam materials. I understand that Shon was supposed to release a new version but that got delayed because of the obvious. I'm going to start back up with the CISSP in 2015 and get that off of my "to-do" list.
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    Thanks guys for your encouraging responses. I've heard so many things about this being a killer exam, and I can only afford to take it once (both financially and emotionally!), so I've used both concise and verbose resources. There is no way I can read Shon or the AIO - they're both awful in my experience, for different reasons. The Gibson book and both Conrad books are excellent, as are the CBT Nuggets.

    Regarding CCCUre, I have no faith in those questions. I've heard a lot of negativity about them. The site is junk, and the questions I did try seemed unnecessarily verbose - certainly more so than SSCP or MCSE questions were (and they were verbose!). I've already bought StudiScope and have used Shon's McGraw Hill questions.

    I guess you're right. I'll look at cutting study material down a bit.
  • aftereffectoraftereffector Member Posts: 525
    Shon Harris and CCCure are both way more technical than the exam. I was sweating the technical details but ended up with very few tech questions at all in the entire 250-question bank. The vast majority were procedural and managerial questions. If you know the fundamentals of each concept - for instance, why a particular technology would be implemented over another competing technology, and the risks that you will inherit or mitigate with each technology - you will do fine.
    CCIE Security - this one might take a while...
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    cyberguypr wrote: »
    This reminds me of when I started to learn subnetting many years ago. I read every single method or trick I could find. I ended up retaining nothing and convinced myself I would never be able to subnet. Fast forward a few years. I stuck with one method I found here. In a week I was subnetting without even thinking bout it. Sometimes less is better.
    Out of interest, which system did you use? I can subnet, but haven't had to in years, so I'm rusty.
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    Great, thanks!
Sign In or Register to comment.