Passed CISSP - An hour ago.

mkohi

Hello
I passed an hour ago and I thought I should share my experience, especially since you'll have been helpful the past few months.

Background: Background? Don't really have one. My undergrad was in Global Affairs, I'm 25 years old, I don't really have any other certs besides A+ and CCSK (basic cloud) and I only have 1 year and 10 months working in the IT field (Intel Security). As you may have guessed, I have to wait a few years for my endorsement.

Study materials:
1: CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide: Edition 7 (Sybex)
2: Cybrary videos
3: CBT Nuggets
3: CCCure practice exam

-I had less than 4 hours of sleep last night so excuse the typos.

I spent about 3 hours every weekday after work and the entire weekend for the past 3 months studying. Almost everything I used as my study materials was useless. I would say 80% percent of what I studied from the Sybex book or learnt from Cybrary videos wasn't in the exam. I basically read the Sybex book twice if not more and watched the Cybrary series, re-watched certain sections multiple times. I practically outlined the book, and took detailed notes on each chapter. Did all the chapter quizzes and took one of the Sybex online exam where I think I got around 74%. Here is my CCCure scores:



[TH="class: sort_enable"]No of Question[/TH]
[TH="class: sort_enable"]Score[/TH]
[TH="class: sort_enable"]Area[/TH]
[TH="class: sort_enable"]Difficulty[/TH]
[TH="class: sort_enable"]Quiz Type[/TH]
[TH="class: sort_enable"]Time Taken[/TH]
[TH="class: sort_enable sort_down"]Date[/TH]
[TH="class: sort_enable"]Status[/TH]
[TH]Results[/TH]
[TH="class: hidden_tooltip"][/TH]


20
70%
CISSP 2015
Pro
Test
00:15:47
08-May-2016 05:45:32 pm
Complete
Review Quiz



20
70%
CISSP 2015
Pro
Test
00:20:31
08-May-2016 05:11:12 pm
Complete
Review Quiz



20
75%
CISSP 2015
Pro
Test
00:19:40
07-May-2016 05:15:51 pm
Complete
Review Quiz



20
85%
CISSP 2015
Pro
Test
00:19:15
07-May-2016 04:49:02 pm
Complete
Review Quiz



20
0%
CISSP 2015
Pro
Test
00:00:00
06-May-2016 11:51:33 pm
In Complete
Change quiz status



20
80%
CISSP 2015
Pro
Test
00:17:36
05-May-2016 08:15:43 pm
Complete
Review Quiz



20
85%
CISSP 2015
Pro
Test
00:09:40
05-May-2016 07:46:28 pm
Complete
Review Quiz



20
65%
CISSP 2015
Pro
Test
00:16:16
05-May-2016 07:06:17 pm
Complete
Review Quiz



250
75%
CISSP 2015
Pro
Test
04:18:00
04-May-2016 06:21:02 pm
Complete
Review Quiz



25
76%
CISSP 2015
Pro
Test
00:31:20
02-May-2016 09:33:40 pm
Complete
Review Quiz



25
96%
CISSP 2015
Pro
Test
00:26:32
02-May-2016 08:31:43 pm
Complete
Review Quiz



50
70%
CISSP 2015
Pro
Test
01:04:28
02-May-2016 07:54:36 pm
Complete
Review Quiz



20
100%
CISSP 2015
Pro
Test
00:15:32
01-May-2016 09:34:27 pm
Complete
Review Quiz



10
100%
CISSP 2015
Pro
Test
00:07:22
01-May-2016 09:16:06 pm
Complete
Review Quiz



10
90%
CISSP 2015
Hard
Test
00:06:48
01-May-2016 09:04:22 pm
Complete
Review Quiz




Exam
I only got about 20 easy questions where I learnt from Cybrary or Sybex. Some of the ares my exam focused on were VPN, Software Development, Federated Identity, Networking, Encryption, a lot of scenario questions, and little bit of everything else. For the amount of time I spent studying for it, I was expecting it to be a little easier but every question was a battle. Even simple questions were complicated even though I knew exactly what the question was referring to. Here is a fictitious example, a simple antivirus question was worded so awkwardly that even you AV expert you still be confused. There were parts of the exam that experience was necessary which I understand but most of it was a word game. I'm sure you guys can since my frustration but honestly it didn't need to that convoluted. Maybe my exam was one of those hard ones..

Advice
At around the 70th question I started to get the feel of the exam. By "feel" I mean looking at the questions in a high level way, holistic way. Most of the time you will have two wrong answers and two right answers, by two right I mean they both can certainly be the answer. Once you start getting the "feel" of the exam, you can pick an answer between the two. That how my exam went, I chose the one that felt right. That being said, the study materials I used didn't particularly help me with a definite answer but it did help with the "feel" and I think that's important. So everything you you study, books, videos and practice exams won't help you much but it sill. Like everything else in life, the closer you get to the truth the more paradoxical it becomes.

In conclusion I thought the exam was unnecessarily convoluted and seemed like an English/IT exam. Quite honestly, I used three different sources to study for this exam and I spent countless hours studying yet there were a lot of question that i'd never seen. Here is a shortcut: Watch the Cybrary series twice along with CBT nuggets videos and take good notes. This will give you some of the answers and most importantly the "feel".

Infosec85

Congrats on the pass!

Remedymp

Here is a fictitious example, a simple antivirus question was worded so awkwardly that even you AV expert you still be confused.

This is something that -many- people have complained about and I have no idea why ISC refuse to listen. SMH...

cyberguypr

Congrats!

gncsmith

Congrats!

csk007

Congrats Dude!!!

alfred06

congrats,.so you studied 3 months for this? 3hrs a day in weekdays and all day weekend. ALL your hard work paid off

protacticus

Bravo mkohi, you made a good post with many useful information. So, you spent about 400 hours (app 8 hours by weekdays) for learning and about 1.000 questions.

Can you estimate which area of exam you are not found in books/video courses but they were largely represented at the exam (cloud, software development, mobile security/embedded systems, risk analysis, OSI model, disaster recovery or PKI)?
What about tehnical questions and memorization (need to know facts)?

Have a nice sleep

uleghari007@gmail.com

Congrats, You did it.

gtsapl

Congrats on the pass mkohi !

Danielm7

Congrats on the pass!

sameoj

Congrats

Seab

Congrats and great advices, thanks!

mkohi

protacticus wrote: »

Bravo mkohi, you made a good post with many useful information. So, you spent about 400 hours (app 8 hours by weekdays) for learning and about 1.000 questions.

Can you estimate which area of exam you are not found in books/video courses but they were largely represented at the exam (cloud, software development, mobile security/embedded systems, risk analysis, OSI model, disaster recovery or PKI)?
What about tehnical questions and memorization (need to know facts)?

Have a nice sleep

Hello Comrade,

I can't talk specifics for obvious reasons, but the book and videos don't focus on SAML and SSO as much and they should. You should study everything you mentioned, "(cloud, software development, mobile security/embedded systems, risk analysis, OSI model, disaster recovery or PKI)". You might get 1 questions or maximum of 5 on each of those topics but its important because to study those topics because it will give you the "feel". My exam at least was more of an conceptual, English/IT exam. You have to read through the question 3 times and and pick between 2 rights answers. The "feel" will give you the right answer and it's typically the less technical answer.

coffeeisgood

mkohi wrote: »

the study materials I used didn't particularly help me...

I hate reading bits like this because it makes me wonder the value of what I am studying....

Over & over I hear you must understand the "concepts" but too often I read statements that much of the test is NOT what was in the study material.

Congrats on the pass. I am sitting this month.

mkohi

coffeeisgood wrote: »

I hate reading bits like this because it makes me wonder the value of what I am studying....

Over & over I hear you must understand the "concepts" but too often I read statements that much of the test is NOT what was in the study material.

Congrats on the pass. I am sitting this month.

It's okay, keep studying your materials. Just remember, when you're taking the exam think on a larger scale and don't pick the technical answer unless its obvious. My exam was hard, hopefully you will get a easier batch. When you're taking the exam you'll think that you'll fail but keep pushing and focus on every single question like your life depends on it. Don't give up just because it's hard.

dbailey007

W00t! How much harder do you think it was for you in light of not having a lot of security experience?

jones551

Great Job!!

[Deleted User]

Great Work! I'm studying for my CISSP next year. Let's hope I pass my exam as well Anything you can share about the exam?

mkohi

dbailey007 wrote: »

W00t! How much harder do you think it was for you in light of not having a lot of security experience?

I was never a data custodian (lol), It admin, network admin or security admin. I have less than two years of experience but my role here at Intel Security has taught me a lot. We have solutions ranging from simple AV to complicated SIEMs and everything in between. So I have a good general understand of overall security and I had to learn all this quick! It's been a quite an intense learning experience but I like the challenge. I didn't have to take the CISSP but I chose to Again, it's true that it is not a technical exam, so my lack of experience wasn't that big of a factor. That being said I studied hard and covered everything on my book. I encourage you guys to study your material, know the models and such, you might see questions regarding Biba and Bella.. You might get a more technical exam than me..

CyberSecurity

Awesome! Congrats! I'm passing this on to some people I work with as a strategy

havoc64

Congrats!

mkohi

How do I know what exactly I scored?

faris1

Congratulations on passing the exam. Did you do any course or just self study?

Swimfan2516

Congrats!

faris1

Congrats again for your success! I'm currently going through official CISSP prep book and planned to take the exam in 3 months time. Do you think it worth taking a course which cost over £5,000.00 and it will cost me weeks pay as a contractor.

Seab

Hi Faris,

Depends how much you value your time
Studying for CISSP is very, very time consuming. I know people that did the 1week boot camp and passed, with mostly only that week of training and Info Sec experience of course. If you go that way, you need to ensure of the reputation of the instructor, post his/her name here, maybe people could give you some feedback. Some are famous and magically makes all their students pass! If you go that way prepare to give up your life for that week, nothing than studying all evening after class, etc.

This being said, I think a one-week training is a fantastic thing for adding the title to your name or on Linked in, but you will probably forget everything the week after. I don't think a one-week training versus a self study for 3-6 months have the same value. Self study will bring you way more personally and professionally, but with important sacrifices. Plus, for a fraction of the price, you can have a self-pace class or video that would bring similar knowledges or even for free : Cybrary.it is one of the best resources, the lessons are great, and free a rare thing these days.

Most of the people will combine Sybex or Eric Conrad CISSP, with Cybrary videos ( x2 ), CCCure questions and personal notes. It seems to be one of the best path according to people here.

Remedymp

Because of your experience, I assume you can only be Associate of ISC2?:

webpriestess

Whoo hoo! Good for you! Are you still doing a victory dance??

mkohi

faris1 wrote: »

Congrats again for your success! I'm currently going through official CISSP prep book and planned to take the exam in 3 months time. Do you think it worth taking a course which cost over £5,000.00 and it will cost me weeks pay as a contractor.

I don't know how well these courses are, maybe someone who has taking a course should chime in. Personally, there are tons of other resources out there for free or cheap.

mkohi

Remedymp wrote: »

Because of your experience, I assume you can only be Associate of ISC2?:

Correct.