Options
Passed - my insights and observations
Hi guys,
I just did & passed the CISSP exam, and I want to share my insights and observations on the exam with you. Of course this message is solely based on one exam and one exam only, and should be treated in conjunction with other "passed" threads.
The why
After working well over 15 years in the IT/audit industry, I thought the CISSP exam would be a good litmus test for me as a professional. My background is mainly audit/finance/Big-4 consulting with fairly solid knowledge on risk management, access management and cryptography (but more out of my personal fascination with mathematics).
The what
I found the majority of the exam questions clear and concise. Difficult/"intelligent" too in the sense that they really challenged me to think & apply the knowledge of the domains on real-world problems. Instead of diving into many nitty-gritty aspects, the questions required sound understanding of the main concepts. It must be noted that the phrase "A mile wide and an inch deep" is somewhat misleading as this was absolutely not an exam testing generic wisdom on security, but thorough knowledge on concepts like BCM, secure software development, and cost/benefit analysis. "Digging 6 feet deep in one acre" would be a better saying perhaps.
The portion of questions covering comparatively recent topics was much much more than I had anticipated. So do not underestimate topics like mobile/cloud security, IoT, embedded systems, as well as third-party assurance. Superficial understanding only will not suffice, my friend. This would be the bare minimum what you have to know:
https://cccure.training/m/articles/view/CISSP-CBK-2015-WHAT-WAS-ADDED
The how
With the questions of the exam in mind, the applicability/relevance of the books and resources that I have been using is as follows:
Books:
Eburon
I just did & passed the CISSP exam, and I want to share my insights and observations on the exam with you. Of course this message is solely based on one exam and one exam only, and should be treated in conjunction with other "passed" threads.
The why
After working well over 15 years in the IT/audit industry, I thought the CISSP exam would be a good litmus test for me as a professional. My background is mainly audit/finance/Big-4 consulting with fairly solid knowledge on risk management, access management and cryptography (but more out of my personal fascination with mathematics).
The what
I found the majority of the exam questions clear and concise. Difficult/"intelligent" too in the sense that they really challenged me to think & apply the knowledge of the domains on real-world problems. Instead of diving into many nitty-gritty aspects, the questions required sound understanding of the main concepts. It must be noted that the phrase "A mile wide and an inch deep" is somewhat misleading as this was absolutely not an exam testing generic wisdom on security, but thorough knowledge on concepts like BCM, secure software development, and cost/benefit analysis. "Digging 6 feet deep in one acre" would be a better saying perhaps.
The portion of questions covering comparatively recent topics was much much more than I had anticipated. So do not underestimate topics like mobile/cloud security, IoT, embedded systems, as well as third-party assurance. Superficial understanding only will not suffice, my friend. This would be the bare minimum what you have to know:
https://cccure.training/m/articles/view/CISSP-CBK-2015-WHAT-WAS-ADDED
The how
With the questions of the exam in mind, the applicability/relevance of the books and resources that I have been using is as follows:
Books:
- CISSP for Dummies by Lawrence Miller - Easy-to-digest with good chapters on Telecommunications and Asset/Physical Security. But the chapters on Crypto and Software Development are way too thin. And it does not cover any of the "recent" topics. Applicability: 5 out of 10
- CISSP All In One by Shon Harris (RIP) - A superb reference work, but it is getting painfully outdated since the passing of Mrs. Harris. Applicability: 6 out of 10
- 11th Hour CISSP 2nd edition by Eric Conrad - A nice summary, nothing more. A 3rd, updated, version might be worth the purchase. Applicability: 4 out of 10
- McGraw-Hill Education CISSP - Again, increasingly outdated, but some of the questions are actually in the same vein/spirit of the CISSP exam. Use them to train your logic on the concepts. And they are gratis. Applicability: 7 out of 10
- Conrad practice exams - Too many irrelevant items with marginal explanations and not containing any new material. Total waste of time if you ask me. Applicability: 2 out of 10
- Freepracticetests.org - This is probably the most respected source for CISSP test questions with peer-reviewed questions & answers. Unfortunately it has very few questions on the recent topics and many of the conceptual questions are fairly easy, but the pool of questions is being updated regularly according to the site, so who knows. Not free, but worth the money. Applicability: 7 out of 10
- Transcender - Quite similar to Freepracticetests questions, but with some intelligent brain teasers like in the real exam. Not sure if it's worth its high price tag if you already got Freepracticetests. Applicability: 7 out of 10
- PocketPrep app - I thought, what could go wrong spending a mere 10 EUR for 500+ questions? Well, it wasted my precious time going through too many irrelevant, poorly formulated, questions. Applicability: 0 out of 10
- Skillset - Total crap. No internet resources should be wasted on this. Applicability: 0 out of 10
- https://www.cybrary.it/course/cissp/ - Very concise and often spot-on! I would be surprised if any real-life CISSP bootcamp is better than these videos. Highly recommended although it does not cover the recent topics (yet). Applicability: 8 out of 10
- https://www.cbtnuggets.com/ - A nice attempt to fill (somewhat outdated) CISSP content to the brim in about 15 hours, but too boisterous for me. Applicability: N.A. as watching them for longer than 2 hours would have driven me insane.
Eburon
Comments
-
Options
g33k3r
Member Posts: 249 ■■□□□□□□□□
Congrats!
From your comments it seem like the study guides were a good start, but the practice questions were the most helpful to digest and understand the material. Personally I enjoyed the Cybrary videos as well, but worried if the depth was enough not even taking into account the new material.
Thanks for your write up! -
Optionsrony1234
Member Posts: 27 ■■■□□□□□□□
Congratulations Eburon and thank you very much for the detailed write-up !
-
OptionsSam_aqua
Member Posts: 72 ■■□□□□□□□□
Congratulations Eburon on the pass ... & Nice write up.
Looking at other passed posts, it seems the questions from mobile/cloud security, IoT, embedded systems, as well as third-party assurance "could be" from those 25 questions (not graded) BUT who knows ... -
Options
impelse
Member Posts: 1,237 ■■■■□□□□□□
CongratsStop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Options
RollTideND
Member Posts: 9 ■■□□□□□□□□
Congrats and thanks for the tips
Earned: BS Mgmt/CIS (Park University), CISSP, GCIH, CEH, Security+, Network+, A+, Project+, CSIS, CIOS, MTA 98-365
Current: WGU MSCIA - Risk Management, Cyberwarfare, and Cyber Law
Next Up: WGU MSCIA - Other Courses TBD, CHFI, CCNA R&S
