CISSP Passing tips...

Managed to pass the CISSP on first attempt today.

Thought I'd share a few thoughts for others to consider:

• It's not as difficult as it could be. I expected a lot more technically challenging questions, there were few.

• Comments to it being an "inch deep, mile wide" exam are very true.

• Often the questions have two answers you can eliminate immediately. i.e. They are obviously out of context.

• I found myself stumped by about 10 questions in total. A further 40 or so I was not confident about, but remainder were pretty clear cut.

• A higher volume of questions on BCP/DR, Cloud and web security than I was expecting.

• Few questions on encryption.

Ultimately, it was not the complex monster I was fearing. Suffice to say, I over studied.

Key recommendations would be to utilise Eric Conrad's CISSP study guide - by far the best text I used. The official ISC2 book and Shon Harris's publication are too detailed.

Also, leverage the excellent practice tests at www.freepracticetests.org - well worth the small investment for access.

I do have the good fortune of working 18 years in IT. This allowed me a familiarity with most concepts the exam covered. I studied intensely (6-8 hours per week) for about 5 weeks prior. But in retrospect, I over did it.

To anyone reading this concerned if they are ready to sit:

• Read the glossary of your preferred text and if MOST terms are familiar to you you're in good standing

• I averaged about 70-80% on practice exams I sat, occasionally bombing badly (50-60%). If you're doing similar you're likely ready.

And finally, remember it is a management exam - the focus is breadth not depth.

Good luck!

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

protacticus

Congrats Worldstoughest ! Thanks for the preparation notes and tips.

clarkincnet

Thank you!

Mechs

Hi, which version of Eric Conrad's book did you use

danny069

Sweet! Congrats! I take it you didn't use the Sybex 7th edition?

dustervoice

Congrats , thanks for the write-up.

Vonn

Congrats I sit for my exam next week studying 5-6 hours a day for 2 months hopefully it pays off.

gncsmith

Congrats! Thanks for the feedback and tips!

Worldstoughest

Hi all,

I used the CISSP Study Guide 2nd edition.

I had concerns about the new CBK and the fact this book wouldn't cover the new content.

As far as I could tell - the only new CBK content on the exam, not covered in the book, was related to Cloud Service Providers. There were maybe 2-3 questions in this regard.

Good luck all

sameoj

Congrats

Dextra

Thanks for the insight. I've read the Shon Harris book three times, but it was just too much. I have the Conrad book and found it a bit easier to read. I also like the ISC2 book. I was told the Shon Harris book was for someone with absolutely no experience at all. I think I underestimated what I knew, so thanks for the insight. I think my approach will be a little different this time.

On another note, can anyone tell me which one of the three - CISSP, CRISC, or the CISM I should take first. I'd like to take them all, but in a manner that builds on one another reducing the amount of time I have to study for each.

Brain-D

Congrats !!!!

NotHackingYou

Congrats!

jcundiff

Dextra wrote: »

Thanks for the insight. I've read the Shon Harris book three times, but it was just too much. I have the Conrad book and found it a bit easier to read. I also like the ISC2 book. I was told the Shon Harris book was for someone with absolutely no experience at all. I think I underestimated what I knew, so thanks for the insight. I think my approach will be a little different this time.

On another note, can anyone tell me which one of the three - CISSP, CRISC, or the CISM I should take first. I'd like to take them all, but in a manner that builds on one another reducing the amount of time I have to study for each.

Really depends on your experience and goals... The CISSP 1st in my opinion it is a holistic certification vs the specialization of the CRISC and CISM. I took CISSP 1st then CRISC, may do CGEIT and a couple of others before doing the CISM. With the CISM you have to have 5 years of InfoSec Management experience.

DocRoy

Congrats on your accomplishment