Passed CISSP first time

jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
Hey all.

So I sat the exam today in London, after 6 months intense study and 2.5 years of on-and-off study.

It was brutal and gruelling, but fair. All questions were clear. I completed the first run through within 3 hours, flagging ones I was unsure of and skipping ones I did not get or didn't like. Then I had a break, some food & water, washed my face and went back in. Now I answered all incomplete questions and then reviewed flagged questions. Once that was done, I had another quick break, had an energy bar and went back in. With 2 hours to go, I went through all 250 questions again. Glad I did! Some questions I'd not flagged, I had obviously wrong. Having those breaks made all the difference. I know conventional wisdom says don't change your first answer, but I did, on about 30 questions. Most of those were because I was sure I was wrong, some I just felt I had the wrong first answer, but couldn't say why.

With 20 minutes to go, I ended it. I was shattered. I felt quite confident I'd passed, but really wasn't sure. I figured at worst, I'd fail with a high score.

People say it's a management exam. I'm a techie with 15 year's experience and none of that was management. So I disagree. Personally, I think it's an analyst's exam - which is exactly what I do. Can you analyse the best approach to security in any given situation? That's what the exam is testing you for.

My study resources were:

Sybex guide - read cover to cover 3 times
Shon Harris AIO - read cover to cover once
Eric Conrad - read cover to cover twice
CBT Nuggets - watched once
Approximately 2,500 test questions (Shon, SkillSet, StudiScope)
Sunflower & Combined Notes
Eric Conrad 11th Hour
About 120 pages of my own notes
YouTube videos
Passed SSCP exam 7 months ago

Out of all that, the resources that I think helped me the most are the ones I had the least faith in, at first. They are:

Shon Harris AIO
Eric Conrad 11th Hour
YouTube videos
StudiScope questions

I really wanted to hate Shon's book. I do hate it! But I have to admit that neither the Sybex guide nor Eric's larger book provided enough depth and understanding.

I read Eric's 11th Hour yesterday, cover to cover. Well worth it, as it helped refresh the concepts. The Sunflower and Combined Notes are OK, but I felt they were distracting. Too many technical factoids. Too much memorisation. I gave up on them, taking on board the wisdom of the others in this forum (thank you do much!), who told me to stop mindless memorisation and instead learn WHY x is better than y.

StudiScope isn't great, but it does prepare you for the exam format. SkillSet is a nicer format, but too easy and too full of errors. NONE of the questions I've seen online came close to the real thing.

I'll post links to the most useful YouTube videos I found later. There's one in particular that helped me finally fully understand IPSec. Without it, I'd have gotten at least 2 questions wrong!

Just want to finish up by saying a HUGE thank you to everyone who helped me on this forum, whether directly or indirectly. Your assistance and advice was priceless. I'll do whatever I can to help other CISSP hopefuls :)



  • dou2bledou2ble Member Posts: 160
    Congrats! Welcome to the club.

    Most system or network engineers and administrators will tell you this is a mgmt. exam and I tend to agree with them. Biggest example is to always pick the answer with cost instead of how it would be implemented. A Techie get's into the weeds. Mgmt knows frameworks, methodologies and a high overview of exactly how it's implemented. Cisco, Microsoft certs to me are more techie and ISC2 is more management or senior roles.
    2015 Goals: Masters in Cyber Security
  • Genesis99Genesis99 Member Posts: 17 ■□□□□□□□□□
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Congrats on passing... most of the points you made i agree with. After i took the test i wish i had read shon harris cover to cover. whats next for you?
  • H3||scr3amH3||scr3am Member Posts: 564 ■■■■□□□□□□
    Congrats, and welcome to the club :D
  • itsgonnahappenitsgonnahappen Member Posts: 95 ■■■□□□□□□□
    Congratulations and well deserved!
  • RobicusRobicus Member Posts: 144 ■■■□□□□□□□
    Great job, man! Congratulations!
    What's Next? eLearnSecurity's eCIR

  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
  • Spin LockSpin Lock Member Posts: 142
    Congrats on passing! Great news! Thanks for the detailed write-up. You clearly put a lot of time and effort into preparation. I think that will serve you well beyond the exam.
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    Thanks for all the congrats, much appreciated!

    Just want to add: my last job of 10 years was a sysadmin. My current role is InfoSec Analyst. I still maintain this is not a management exam; I felt it tested my analytical skills. Had it been management-focused, I would have failed, as I'm no manager!

    There were quite a few YouTube videos I watched, which helped me understand concepts (better than CBT Nuggets, which I felt was rushed). Here are the main ones:

    Understanding AH vs ESP (best video!):

    Cryptography basics:

    DSSS vs FHSS:

    State Machine Models (playlist):

    Oh, and one other resource I used was a fantastic book called Everyday Cryptography: Fundamental Principles and Applications by Keith M. Martin ( This book is WAY more than you need for the CISSP exam, but I started my studies with crypto being my weakest domain. By the time of the exam, crypto was one of, if not my strongest domains. I smashed all the crypto questions. That was definitely due to this book.
  • fuz1onfuz1on Member Posts: 961 ■■■■□□□□□□
    Congrats! | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | | @fuz1on
    Transmosis | | LinkedIn |
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • Dub_ladDub_lad Member Posts: 17 ■□□□□□□□□□
    Was skillset of no use at all?
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    Dub_lad wrote: »
    Was skillset of no use at all?

    Personally, no. The McGraw Hill (Shon) questions and StudiScope were better, in my opinion. The StudiScope interface is rubbish, and it's overpriced for what it is. But at least the questions are more challenging and realistic. I did about 500 question in SkillSet and found most of them either too easy or complete junk. It's a shame, as the interface is great. Note I didn't try cccure's questions.
  • Dub_ladDub_lad Member Posts: 17 ■□□□□□□□□□
    Im doing ccure and skillset and mc grawhill and while some of the skillset are rubbish, I am finding the later questiosn to be very good. Some are like the cccure and mcgraw hill.

    My exam is in 7 days and I tired to read the Shon Harris book but couldnt. Went through the DVD;s instead, also the CBT nuggets, which I found very good and covered allot, I like the combined notes from here.

    Say a prayer and hope I pass.
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    You'll be fine. The CBT Nuggets do indeed cover a lot. I personally found them to be too much crammed in to 12 hours. But if you understand each concept he raises, then you'll be fine. Keith Barker is very good; I've watched a number of his videos. I passed all my Microsoft exams using solely CBT Nuggets and experience.

    Remember, everyone's experience is different and one person's study combinations will work for them, but not for others.

    The Combined Notes are good, better than Sunflower, in my opinion. But personally, I preferred Eric Conrad's 11th Hour.

    Go through the CBT Nuggets and Combined Notes again. Make sure you understand all the concepts, and why one solution is better than another. Test yourself and highlight your weak points, then focus on them.

    Good luck! Keep us posted.
  • mjsinhsvmjsinhsv Member Posts: 167
    I agree with Jon completely.
    Review the notes in each domain and make sure you understand the concepts of the domain.
    You will be applying the concepts that you have learned when you take the test.

    The first time I took the test, I made the mistake of reviewing the test questions until I was getting high scores.

    On hindsite , I should have concentrated on the domain concepts more.
    Everyone is different like Jon said.

    Good luck and let us know how you do.
  • Matt2Matt2 Member Posts: 97 ■■□□□□□□□□
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
  • BGavnGBGavnG Member Posts: 13 ■□□□□□□□□□

    and thanks for the video links

    I hate reading.
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    BGavnG wrote: »
    congrats and thanks for the video links. I hate reading.

    Have you tried CBT Nuggets? You can get a 7 day free trial, which is enough time to view the 12 hour CISSP video course. Go for the Keith Barker version, the newest one; the older one isn't very good.
  • LR0926LR0926 Member Posts: 28 ■□□□□□□□□□
Sign In or Register to comment.