Passed CISSP 7/27 on first try - my preparation and strategy
Hi all - long time lurker, first time poster. I recently passed the CISSP, so I wanted to give my feedback. Leading up to the exam I read through dozens, if not hundreds, of these threads, and they helped me a lot in preparing for the exam, so hopefully my experience will help others as well.
First, a little background on me. I started doing networking work in 2006, and moved into a security-focused role in 2008. I was working for a college dormitory at the time, and had to protect networked and physical resources from inquiring (and occasionally malicious) students, as well as the general population. In 2013 I got on the certification track, and so throughout 2013 and into 2014 I got my CCNA/CCNP R&S and my CCDA, and then in December 2014 I completed my CCIE in R&S (took three attempts for the lab, glad it's over). At that point I decided it would be good to pursue a security-centric, non-Cisco option. For several years colleagues had been recommending the CISSP, so I decided to give it a shot.
My most difficult part was getting back into my study routine. When going after the CCIE, I would study for 30-35 hours a week, in addition to working full-time. After ~9 months of that I was pretty burned out. I spent several months "studying" for the CISSP, in which I would flip a couple pages through a book every day or two and occasionally Google related concepts. I actually had this same issue with the CCIE: until my money was on the line with a hard date set, I didn't really take it seriously. So I scheduled my exam for about two months out, and got to work.
I used the following study resources:
- (ISC)2's Official Guide, Fourth Edition
- Shon Harris' Exam Guide, Second Edition
- James Stewart and Mike Chapple's Study Guide, Third Edition (old book, was a hand-me-down)
- Eric Conrad's Eleventh Hour Study Guide, Second Edition
- CCCure Quizzer subscription
- Pocket Prep's CISSP Exam Prep for Android
I read through maybe a third of Harris' book, then moved to the (ISC)2 copy, in particular because I waited long enough that I now had to take the new version of the exam. I read about 75% of the (ISC)2 book in depth, and flipped through the other 25%. Took all the practice questions.
For me, even though it was a very old copy, James Stewart and Mike Chapple's Study Guide was my favorite book. Easy read, clear and interesting. I read it cover to cover, and when continuing with the (ISC)2 copy, a lot of the content was now "review" rather than "learn". I also read through the Eleventh Hour Study Guide twice, once a few weeks before the exam and again the day before as a quick refresher.
I took practice tests via the CCCure Quizzer subscription. My default practice test was set to "pro" level in test mode with 100 questions. I took about 15 such practice tests, with my starting tests scored in the 60's to 70's. By the time I took the exam I was consistently scoring in the upper 80's, taking an average of 35 minutes to finish the 100 questions. In addition, I used Pocket Prep's Exam Prep quizzer on my phone for 25 questions at a time dozens of times - similar scores to CCCure.
A couple comments from my experience. First, use at least two different primary study sources, one of them being (ISC)2. None of the resources I used contained questions quite the same as the real exam, and in my opinion (ISC)2's practice questions weren't much closer, if any, than some of the other sources I studied from. In addition, different perspectives on the same material helps a lot. For me, the way (ISC)2 presented the material didn't stick much, but some of the other sources helped much more.
Next, take practice tests. Then take some more. Then find questions from a completely different source, and take those too. Watch your time.
In addition, utilize your available time well. This comes in two forms. First, when it's time to study, study. For me at least, one hour of dedicated study time is more productive than two hours of distracted studying. And second, use the small amounts of downtime throughout the day to your advantage. I have an hour lunch at work, so I'd take 20 minutes and then knock out 100 practice questions or read a study book. Anything security-related in my work I'd study in-depth to benefit my work and studies. Even when I was on the porcelain throne I would be taking practice tests on my phone. When I was studying for my CCIE I had an hour commute to work each way, so that meant I got two hours of audio lectures in every day. I managed to fit an extra hour and a half on average of study time for the CISSP per day doing this.
With all that, on to my exam experience. I won't go into much detail here for obvious reasons, but I will say that it seems like I ended up studying much more than the common "inch deep" mantra, and it showed on the exam. There were a few curve balls that I didn't recognize, otherwise everything seemed very high level, method and purpose focused rather than detail oriented.
I did three passes on the exam. On the first pass I answered everything that jumped out at me. Took about 2.5 hours, and I answered 245 of the 250 questions. The second pass I examined the five questions I skipped, and on the third pass I reviewed every question again. I changed about six answers on the third pass. That brought me to 3.5 hours, including two short breaks, at which point I ended early.
As has been said before and I'll repeat, the challenge is to choose the "best" answer among several "right" answers. My most common technique was eliminating answers that were not best, rather than trying to choose the best straight away. For many questions this led me to having to choose between two answers, at which point I had to ask which best fit the spirit or intention of the question being asked as well as the testing body asking the question. Hopefully that's clear enough to make sense - if not, I'll try to elaborate.
Other factors here: I'm single with no kids. For a portion of my study time I had a S.O., and it made life more difficult in terms of studying. I have a tremendous amount of respect for the people who do this type stuff while balancing a marriage and/or kids. However, if you do have a family, don't think that means you can't achieve this. You can, but you will need to be all the more structured in your studying, as well as how you use your time.
In addition, I don't have, nor have a ever owned, a TV or video game console. Granted, I'm only in my late 20's, so it's not saying too much yet, but it helped a lot for my studying, as well as my life as a whole I feel. For me, when I come home from work, kicking back on the couch and flipping on the TV isn't an option. If you're finding a challenge with distractions like that, I recommend some out-of-the-box thinking to increase your time utility.
However, do recognize what is a realistic study schedule. I tried doing the study non-stop thing, and it lasted maybe a week before I was ready to go crazy. While I did study pretty intensely, I also had fun too. I have two sailboats, a motorcycle, more camping gear than I care to admit, and am a board member for a non-profit that puts on contra (folk) dances. The trick is, my fun time is separate and distinct from my study time.
Hopefully this helps someone as they pursue their CISSP. Approach it for what it is: an effort by the test creators to validate that you have the knowledge and understanding they want you to have. Put your time in, and you can do it!
Best,
Reece
First, a little background on me. I started doing networking work in 2006, and moved into a security-focused role in 2008. I was working for a college dormitory at the time, and had to protect networked and physical resources from inquiring (and occasionally malicious) students, as well as the general population. In 2013 I got on the certification track, and so throughout 2013 and into 2014 I got my CCNA/CCNP R&S and my CCDA, and then in December 2014 I completed my CCIE in R&S (took three attempts for the lab, glad it's over). At that point I decided it would be good to pursue a security-centric, non-Cisco option. For several years colleagues had been recommending the CISSP, so I decided to give it a shot.
My most difficult part was getting back into my study routine. When going after the CCIE, I would study for 30-35 hours a week, in addition to working full-time. After ~9 months of that I was pretty burned out. I spent several months "studying" for the CISSP, in which I would flip a couple pages through a book every day or two and occasionally Google related concepts. I actually had this same issue with the CCIE: until my money was on the line with a hard date set, I didn't really take it seriously. So I scheduled my exam for about two months out, and got to work.
I used the following study resources:
- (ISC)2's Official Guide, Fourth Edition
- Shon Harris' Exam Guide, Second Edition
- James Stewart and Mike Chapple's Study Guide, Third Edition (old book, was a hand-me-down)
- Eric Conrad's Eleventh Hour Study Guide, Second Edition
- CCCure Quizzer subscription
- Pocket Prep's CISSP Exam Prep for Android
I read through maybe a third of Harris' book, then moved to the (ISC)2 copy, in particular because I waited long enough that I now had to take the new version of the exam. I read about 75% of the (ISC)2 book in depth, and flipped through the other 25%. Took all the practice questions.
For me, even though it was a very old copy, James Stewart and Mike Chapple's Study Guide was my favorite book. Easy read, clear and interesting. I read it cover to cover, and when continuing with the (ISC)2 copy, a lot of the content was now "review" rather than "learn". I also read through the Eleventh Hour Study Guide twice, once a few weeks before the exam and again the day before as a quick refresher.
I took practice tests via the CCCure Quizzer subscription. My default practice test was set to "pro" level in test mode with 100 questions. I took about 15 such practice tests, with my starting tests scored in the 60's to 70's. By the time I took the exam I was consistently scoring in the upper 80's, taking an average of 35 minutes to finish the 100 questions. In addition, I used Pocket Prep's Exam Prep quizzer on my phone for 25 questions at a time dozens of times - similar scores to CCCure.
A couple comments from my experience. First, use at least two different primary study sources, one of them being (ISC)2. None of the resources I used contained questions quite the same as the real exam, and in my opinion (ISC)2's practice questions weren't much closer, if any, than some of the other sources I studied from. In addition, different perspectives on the same material helps a lot. For me, the way (ISC)2 presented the material didn't stick much, but some of the other sources helped much more.
Next, take practice tests. Then take some more. Then find questions from a completely different source, and take those too. Watch your time.
In addition, utilize your available time well. This comes in two forms. First, when it's time to study, study. For me at least, one hour of dedicated study time is more productive than two hours of distracted studying. And second, use the small amounts of downtime throughout the day to your advantage. I have an hour lunch at work, so I'd take 20 minutes and then knock out 100 practice questions or read a study book. Anything security-related in my work I'd study in-depth to benefit my work and studies. Even when I was on the porcelain throne I would be taking practice tests on my phone. When I was studying for my CCIE I had an hour commute to work each way, so that meant I got two hours of audio lectures in every day. I managed to fit an extra hour and a half on average of study time for the CISSP per day doing this.
With all that, on to my exam experience. I won't go into much detail here for obvious reasons, but I will say that it seems like I ended up studying much more than the common "inch deep" mantra, and it showed on the exam. There were a few curve balls that I didn't recognize, otherwise everything seemed very high level, method and purpose focused rather than detail oriented.
I did three passes on the exam. On the first pass I answered everything that jumped out at me. Took about 2.5 hours, and I answered 245 of the 250 questions. The second pass I examined the five questions I skipped, and on the third pass I reviewed every question again. I changed about six answers on the third pass. That brought me to 3.5 hours, including two short breaks, at which point I ended early.
As has been said before and I'll repeat, the challenge is to choose the "best" answer among several "right" answers. My most common technique was eliminating answers that were not best, rather than trying to choose the best straight away. For many questions this led me to having to choose between two answers, at which point I had to ask which best fit the spirit or intention of the question being asked as well as the testing body asking the question. Hopefully that's clear enough to make sense - if not, I'll try to elaborate.
Other factors here: I'm single with no kids. For a portion of my study time I had a S.O., and it made life more difficult in terms of studying. I have a tremendous amount of respect for the people who do this type stuff while balancing a marriage and/or kids. However, if you do have a family, don't think that means you can't achieve this. You can, but you will need to be all the more structured in your studying, as well as how you use your time.
In addition, I don't have, nor have a ever owned, a TV or video game console. Granted, I'm only in my late 20's, so it's not saying too much yet, but it helped a lot for my studying, as well as my life as a whole I feel. For me, when I come home from work, kicking back on the couch and flipping on the TV isn't an option. If you're finding a challenge with distractions like that, I recommend some out-of-the-box thinking to increase your time utility.
However, do recognize what is a realistic study schedule. I tried doing the study non-stop thing, and it lasted maybe a week before I was ready to go crazy. While I did study pretty intensely, I also had fun too. I have two sailboats, a motorcycle, more camping gear than I care to admit, and am a board member for a non-profit that puts on contra (folk) dances. The trick is, my fun time is separate and distinct from my study time.
Hopefully this helps someone as they pursue their CISSP. Approach it for what it is: an effort by the test creators to validate that you have the knowledge and understanding they want you to have. Put your time in, and you can do it!
Best,
Reece
Comments
-
Sam_aqua Member Posts: 72 ■■□□□□□□□□Great post ! So which one you found harder CCIE R & S OR CISSP ? Though they are totally different but still...
-
rjon17469 Member Posts: 52 ■■■□□□□□□□Thanks everyone!
Sam_aqua, this is a difficult question because of how different of exams they are. But in my opinion, while the CISSP is definitely challenging, I would still say they are in different leagues. For reference, in total I probably spent 5-10x more time studying for the CCIE, including the exams that built up to it, compared to the CISSP. I also spent 5-10x more money on the CCIE, including prep material, than the CISSP, but that's an even more subjective statement.
I would describe the CISSP as a double length CCIE written exam, both in terms of amount of content and effort required. -
!nf0s3cure Member Posts: 161 ■■□□□□□□□□Good work. Well I totally allocate your success to not having owned TV or Game console
Having said that seriously I think that you had a good plan. This is the missing bit in most people trying to take the test. Actually we all have plans but do not implement them properly. As they say 'Failure to plan is plan to failure', but I too have a plan that changes every now and then. So you were able to stick your plan that saw you through. Yes the family factor is a big 'but' 'if' 'when' issues that changes the game plan.
Now go and get a TV, sit back and relax:) Well done and thanks for taking the time to basically share your experience with us. Most of us though get here before getting the certs under the belt, and look for guidance on how to get there! -
vijaytyagi@msn.com Member Posts: 15 ■□□□□□□□□□Congrats Reece , I am also trying to get in this league
-
cbkihong Member Posts: 52 ■□□□□□□□□□On the first pass I answered everything that jumped out at me. Took about 2.5 hours, and I answered 245 of the 250 questions. The second pass I examined the five questions I skipped, and on the third pass I reviewed every question again. I changed about six answers on the third pass. That brought me to 3.5 hours, including two short breaks, at which point I ended early.
Wow, 2.5h for first pass? How did you manage to clear that fast? Would you say lots of practice question drills contributed to that?
I only managed 2 passes. 4 hours for first pass and flagging like 50 dubious ones (but I made sure I answered all 250). Then spent another 1.5 hours going over everything, spending like 50 seconds on the flagged ones and 10 seconds on the rest, flipping like 5-10 answers along the way. I left early by just around 20 minutes without taking leave.
Well, then, English is not my major language though so I needed more time to analyse to make sure I was not misinterpreting the questions or overlooking critical details (and ensuring answers were marked correctly - I observed an odd thing with the CBT system that Pearson Vue uses - you might inadvertently deselect an option by clicking an option twice, as usually on Windows a radio option won't be deselected by double clicking). -
g33k3r Member Posts: 249 ■■□□□□□□□□Not to derail the last question, but this brings up another though. Is your initial answer usually best statistically speaking? Its seems like on practices questions where I am not sure and change my answer, the first answer is usually correct.
-
rjon17469 Member Posts: 52 ■■■□□□□□□□cbkihong wrote:Wow, 2.5h for first pass? How did you manage to clear that fast? Would you say lots of practice question drills contributed to that?
In my opinion, the combination of studying the material from multiple sources as well as taking lots of practice questions contributed to that. For reference, when I was taking practice tests leading up to the exam, I was averaging 21 seconds per question. On the exam I deliberately slowed down, averaging about 36 seconds per question on the first pass. That's what I was aiming for - I wanted my practice tests to be substantially more difficult (in this case, more time constrained) than the real exam.g33k3r wrote:Is your initial answer usually best statistically speaking? Its seems like on practices questions where I am not sure and change my answer, the first answer is usually correct.
I don't have any studies I can pull from to provide you with conclusive evidence here, but my anecdotal impression is that yes, commonly your initial answer is correct. I did change a few of my initial answers, but only after examination of each answer and weighing the circumstance of the question and testing body (including the Code of Ethics). -
successrealm Member Posts: 104 ■■□□□□□□□□Great updates! Can you speak a little bit about the PocketPrep CISSP app on your phone? I recently bought the paid version, and was wondering how you felt it compared to the Exam itself. No need to break NDA, just wondering if it was worth the purchase in comparison.
-
rjon17469 Member Posts: 52 ■■■□□□□□□□I definitely do think PocketPrep was worth the purchase. The questions were good, and to me typically a bit more challenging than CCCure. My goal was to prepare with practice tests more difficult than the real exam, which I feel PocketPrep did. The explanations however commonly left something to be desired (and researched).
-
greg9891 Member Posts: 1,189 ■■■■■■■□□□Congrats:
Upcoming Certs: VCA-DCV 7.0, VCP-DCV 7.0, Oracle Database 1Z0-071, PMP, Server +, CCNP
Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man. -
CLICK Member Posts: 88 ■■■□□□□□□□thanks for the post and tips.. getting the PocketPrep for Android now too
-
successrealm Member Posts: 104 ■■□□□□□□□□Thanks for the info on PocketPrep. Every little bit helps! Congrats!
-
za3bour Member Posts: 1,062 ■■■■□□□□□□congratulations and thanks for posting your experience with the exam.
-
impelse Member Posts: 1,237 ■■■■□□□□□□Congrats, NO TV? Long time to hear somebody without TV. Good.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
pramin Member Posts: 138 ■■■□□□□□□□In addition, I don't have, nor have a ever owned, a TV or video game console. Granted, I'm only in my late 20's, so it's not saying too much yet, but it helped a lot for my studying, as well as my life as a whole I feel. For me, when I come home from work, kicking back on the couch and flipping on the TV isn't an option. If you're finding a challenge with distractions like that, I recommend some out-of-the-box thinking to increase your time utility.
Congrats on the pass !!!
How do you or others battle the internet as a distraction? -
Mike7 Member Posts: 1,112 ■■■■□□□□□□Congrats! Thanks for the write-up on how you manage your studying time.
-
rjon17469 Member Posts: 52 ■■■□□□□□□□How do you or others battle the internet as a distraction?
This is the difficult part. TV or not, Youtube, Facebook, etc, can all be significant distractions. For me at least, I have found that susceptibility to distractions is less a result of having the distractions and more a product of my approach toward studying.
For instance, without a hard deadline in the mix (and my money on the line), I have much less motivation to study, and thereby am more often distracted from my studies. So for me, step one is establish a deadline with money riding on it.
Then, my second factor is having a realistic study schedule. When first pursuing my CCIE I came up with this crazy study schedule. I kept it up for about a week, and then my productivity went sharply downhill. I found that I have an optimal amount of study time per week which maximizes my understanding and retention of the material, and it is substantially less than the schedule I first came up with. That means I still have time for relationships, fun, and sleep, albeit less than I had before.
At that point it's just following through on the plan, and understanding yourself well enough to know when to push through a difficult period versus taking a break from it.