Options
Passed 30.04 Moscow, Russia
OK, here is my feedback and suggestions after yesterday successful examination.
Background and experience: 10+ years of implementing various security solutions in engineer and consulter role. FW, IPS, AV, DLP, SIEM and all this stuff. Also I wrote many technical docs like policies, procedures and so on. A little manager experience as security team lead.
Study materials: 1st for my mind's knowledge base was Eric Conrad 2E. Material in this book is still valid. I do not have 3E so cannot compare differences.
2nd source was Sybex 7th ed. I think you can easily interchangeable this book with Conrad 3E. So book choice is up to you. You should also note some themes isn’t covered even in inch deep. SSO, clouds, assessments, software security. You should to spend some time to read about this in other sources (or rely on your exp).
I also own paper Shon Harris 5E. It is hard to read so big book Смайлик «wink» and I do not do that.
CISSP for dummies also useful and can make sense to basics.
Cybrary.it is absolutely best source and you can get it free! Kelly Handerhan and her CISSP course help me so much. Thank you Kelly! This is the thing you really should to thank with donate. This is not ad, this is truth!
Test banks: I used paid CCCure questions just a year ago and used Sybex and McGraw-Hill bases this year. As for me, I can’t see huge difference between paid and free question bases.
CCCure: it was so deep in technical details and contains many outdated techs. I think you really do not need to knowledge about FDDI and xDSL types now. Knowledge about exact meanings of bytes in IP packets headers isn’t useful today. At least for CISSP exam. This is my 2 cents. Also it’s overpriced, yes sir. I done may be 800 questions in overall. My max scores was 85%. (rarely seen this )
Sybex: This is something similar to real exam. I done something around 15-20 short tests of 30-40-50 questions. My average score was 75-80% Isn’t so high, right? Do not forget what all test engines have heavy technical direction.
McGraw-Hill: I was not have many tests here. 2 or 3 50-question tests. Looks like Sybex.
Notes about preparations:
I moved in my study efforts twice - first time one year ago with break in August to January and second time at February. It is very long time. I think if you have enough expereince (5Y+) in security practices, you absolutely can complete your study in 3-4 months.
I spend for study 1 or 2 hours in day depends of my private life (I’m father of 2 little childrens) and full time job. Process was simple – I read books, watch cybrary videos, do some tests. Nothing hardcore. Readings in public transport during my home-job-home moving was helpful
After you will complete your readings\videos download quick notes of any kind. Sunflower, CCCure notes whatever. Read it. Try to mark all unknown definitions for you. Drill into these words (techs, practices, laws, processes, etc). For success, you should not have unknown definitions. You should to know what the meaning of this thing and this thing is. What is the cons and pros of this thing? What is better thing1 or thing2? Why?
I repeat. You should to have not unknown words in quick notes. Ever. If you can tell for yourself: I know what every term mean in this notes and why it is better or worse in comparison with this term – you are ready.
Make focus on steps in risk mgmt, BCP, DRP, SDLC, SMM and all other processes. You should to know the order and what is going on every step.
Before you will stand up and go out of your house in exam day, watch this Kelly video: https://www.cybrary.it/video/part-3-exam/ twice!
In addition, one more time again. Remember it. This should be behavior cornerstone for you.
Notes about exam:
Do not panic. It is like Sybex. But 250 question and 6 hours. I done 2 short 10 minutes break for eat some chocolate and drink some water.
Time isnt matter. I done exam in 4 hours (and I’m Russian, English isnt my language). You can do it quickly. DO NOT WORRY!
I was really scare about "tricky" questions with nonlinear wordings and 4 right answers to choose the best. Bullshit. I saw may be 5 quiestion like this in overall.
From other side you can expect only 5-10% quiestions about definitions - what is this tech? Here is description and you should name the law and so on.
Main body of quiestions come from risk management, access control, software development and testing and right security behaviour.
No fear.
Special thanks:
Cybrary.it and Kelly Handerhan. You done your job well.
Study Notes and Theory FB group. Great motivation and study source.
Techexams.net. A lots of tips and real life experience.
That’s all folks. Good luck and have fun.
Sorry for spelling and wording mistakes, English isnt my native language )
BR, Oleg, not-yet-endorsed CISSP
Background and experience: 10+ years of implementing various security solutions in engineer and consulter role. FW, IPS, AV, DLP, SIEM and all this stuff. Also I wrote many technical docs like policies, procedures and so on. A little manager experience as security team lead.
Study materials: 1st for my mind's knowledge base was Eric Conrad 2E. Material in this book is still valid. I do not have 3E so cannot compare differences.
2nd source was Sybex 7th ed. I think you can easily interchangeable this book with Conrad 3E. So book choice is up to you. You should also note some themes isn’t covered even in inch deep. SSO, clouds, assessments, software security. You should to spend some time to read about this in other sources (or rely on your exp).
I also own paper Shon Harris 5E. It is hard to read so big book Смайлик «wink» and I do not do that.
CISSP for dummies also useful and can make sense to basics.
Cybrary.it is absolutely best source and you can get it free! Kelly Handerhan and her CISSP course help me so much. Thank you Kelly! This is the thing you really should to thank with donate. This is not ad, this is truth!
Test banks: I used paid CCCure questions just a year ago and used Sybex and McGraw-Hill bases this year. As for me, I can’t see huge difference between paid and free question bases.
CCCure: it was so deep in technical details and contains many outdated techs. I think you really do not need to knowledge about FDDI and xDSL types now. Knowledge about exact meanings of bytes in IP packets headers isn’t useful today. At least for CISSP exam. This is my 2 cents. Also it’s overpriced, yes sir. I done may be 800 questions in overall. My max scores was 85%. (rarely seen this )
Sybex: This is something similar to real exam. I done something around 15-20 short tests of 30-40-50 questions. My average score was 75-80% Isn’t so high, right? Do not forget what all test engines have heavy technical direction.
McGraw-Hill: I was not have many tests here. 2 or 3 50-question tests. Looks like Sybex.
Notes about preparations:
I moved in my study efforts twice - first time one year ago with break in August to January and second time at February. It is very long time. I think if you have enough expereince (5Y+) in security practices, you absolutely can complete your study in 3-4 months.
I spend for study 1 or 2 hours in day depends of my private life (I’m father of 2 little childrens) and full time job. Process was simple – I read books, watch cybrary videos, do some tests. Nothing hardcore. Readings in public transport during my home-job-home moving was helpful
After you will complete your readings\videos download quick notes of any kind. Sunflower, CCCure notes whatever. Read it. Try to mark all unknown definitions for you. Drill into these words (techs, practices, laws, processes, etc). For success, you should not have unknown definitions. You should to know what the meaning of this thing and this thing is. What is the cons and pros of this thing? What is better thing1 or thing2? Why?
I repeat. You should to have not unknown words in quick notes. Ever. If you can tell for yourself: I know what every term mean in this notes and why it is better or worse in comparison with this term – you are ready.
Make focus on steps in risk mgmt, BCP, DRP, SDLC, SMM and all other processes. You should to know the order and what is going on every step.
Before you will stand up and go out of your house in exam day, watch this Kelly video: https://www.cybrary.it/video/part-3-exam/ twice!
In addition, one more time again. Remember it. This should be behavior cornerstone for you.
Notes about exam:
Do not panic. It is like Sybex. But 250 question and 6 hours. I done 2 short 10 minutes break for eat some chocolate and drink some water.
Time isnt matter. I done exam in 4 hours (and I’m Russian, English isnt my language). You can do it quickly. DO NOT WORRY!
I was really scare about "tricky" questions with nonlinear wordings and 4 right answers to choose the best. Bullshit. I saw may be 5 quiestion like this in overall.
From other side you can expect only 5-10% quiestions about definitions - what is this tech? Here is description and you should name the law and so on.
Main body of quiestions come from risk management, access control, software development and testing and right security behaviour.
No fear.
Special thanks:
Cybrary.it and Kelly Handerhan. You done your job well.
Study Notes and Theory FB group. Great motivation and study source.
Techexams.net. A lots of tips and real life experience.
That’s all folks. Good luck and have fun.
Sorry for spelling and wording mistakes, English isnt my native language )
BR, Oleg, not-yet-endorsed CISSP
Comments
-
Options
mkohi
Member Posts: 49 ■■□□□□□□□□
Congrats comrade.
-You said "Make focus on steps in risk mgmt, BCP, DRP" Would studying Sybex help with this? I'm asking because every book has it a little different. What source do you think is helpful. -
Optionsmika123
Member Posts: 23 ■□□□□□□□□□
Good question. What should be the source of BCP, DRP, Risk Management? Sybex?
-
Optionsoooorp
Member Posts: 7 ■□□□□□□□□□
I think Sybex is good. Little differences in sources doesnt matter.
-
Optionsgespenstern
Member Posts: 1,243 ■■■■■■■■□□
Поздравляю тащимта
Редкий серт для РФ, малопопулярен, меньше двух сотен. А ИССАП вообще 3 человека, лол -
Options
webpriestess
Member Posts: 82 ■■□□□□□□□□
Yay!! Congratulation and THANK YOU for all the detail that you have provided about your entire experience.
What you have said about the exams being very technical driven makes so much sense to me. Right now, my average is around an 80 for the practice exams. I do think that your experience probably gave you a real edge. I also have 10 years of experience, but my focus was mostly in Identity & Access Management and Software development. My primary duties are that of an Active Directory software engineer
I love how you spoke about your study habits and how you have a family with two little ones. And you passed! Your post gives me a lot of hope that I might be able to pull this off myself.
You are very inspirational. Thanks again
::Claudia
PS - Thanks for the chocolate tip, too. I'm going to follow that advice the most
