Passed CISSP exam on 13 May 16 - My mind felt like it was running a marathon

Hopsdaballa04

I passed the CISSP on Friday and it was the craziest mind journey I have taken. I have been in the cyber domain for around 10 years or so… I have a bachelors in CIS with an emphasis in information security and a masters in cybersecurity. The question I see on the forum is often how did you prepare?


The journey starts about three years ago when I went through a comprehensive course lasting six months that included satellite communications, networking (at the CCNA level), defensive operations, offensive operations and a lot more. I also got my Security+ out of that course as well. So, I would say that I am familiar with all of the domains. So being the “smart guy” that I am… (sarcasm) I didn’t study until the last minute…. Was this a mistake, probably!


(My saving grace)


The last two weeks have been a whirl wind of studying and attending a two week CISSP course. The course was awesome, the teacher was energetic and knew ways to explain core concepts. For example, IPSec tunnel and transport. He used a tractor trailer to explain how transport worked, explaining that the two components of a tractor trailer are examples of an AH and an ESP. He explained how you can see where the tractor (AH) is going, but you can't see the contents inside the trailer (ESP) . Was his class enough to to pass, well for me it was but for a few other students it wasn’t. I can say that one of the students that failed didn't have a lot of experience in the cyber domain.


So, what would I suggest to people that have a few months to study and no formal class to fall back on. Learn the concepts of each domain, but that’s only a first step. You need to understand how to apply those concepts into a business. You need to know what supporting resources are needed for the concept. For example, (strictly an example not meant to be implied that it's on the exam) to implement a complex password policy is great. But, what does it really take to be effective? Will it take senior management buy-in? Could it require a formal training of some sort, so users understand how to create strong memorable passwords? These are all things that must be taken into account before implementing a security control.


The strong password analogy is just one example, but if you can go in-depth enough to understand the resources needed to execute a control you probably will do well on the test. For a test bank of questions I used CCCure and the Sybex website. These test questions are great for testing your surface level knowledge of the concepts.. For reference materials, I used Eric Conrad’s CISSP Study Guide, third edition and the CISSP Official Study Guide, seventh edition.


I apologize for the rambling, as my brain is still mush and any grammar mistakes… But, hopefully this post will help you on your journey to passing the CISSP exam!

barman

Congratulations!
In your opinion, what was the most difficult domain, or the one that you would put the most effort on?

Infosec85

Congrats

ZzBloopzZ

Congrats mate!

Do you feel that the Conrad 3rd Edition was worth reading for someone that has read the Sybex 7th edition twice already? Thanks for the Tractor Trailer analogy. That is pure gold! Any other neat analogies/tips that you learned from class?

What's next for you?

Seab

Awesome, thanks for feedback!

cyberguypr

Congrats!

AverageJoe

Congrats!!

Hopsdaballa04

I'm sure you have heard this before but they are all equally difficult. For me in general, my weak areas are SDLC and risk management.

datybayo

Congratulation Sir for the achievement, wish you all the best ..

Actually, i am planning to set for the exam on 14 July, but to be honest with you i am scared and i need your help,


Can you please advice me to go throught it and pass the exam ..

I have two month form now, is that time enough for me to pass the exam ..


your help is really appreciated ..



Hope to hear from you soon


Regards ....

Hopsdaballa04

ZzBloopzZ wrote: »

Congrats mate!

Do you feel that the Conrad 3rd Edition was worth reading for someone that has read the Sybex 7th edition twice already? Thanks for the Tractor Trailer analogy. That is pure gold! Any other neat analogies/tips that you learned from class?

What's next for you?

I probably would review the exam essentials in the 7th edition a few times versus buying the Conrad book and reading it. The Conrad book is more of a no BS approach for the technically inclined and the 7th edition eases you into it.

(As always it depends on how you process information)

I probably will get my PMP certification and then call it quits on the certs.

Hopsdaballa04

datybayo wrote: »

Congratulation Sir for the achievement, wish you all the best ..

Actually, i am planning to set for the exam on 14 July, but to be honest with you i am scared and i need your help,


Can you please advice me to go throught it and pass the exam ..

I have two month form now, is that time enough for me to pass the exam ..


your help is really appreciated ..



Hope to hear from you soon


Regards ....

I was nervous as well. The best thing to do for someone that is doubting themselves could be to schedule the exam in advance. That way you won't easily be able to back out of taking the exam. Any exam with 250 questions and 6 hours to take it is going to be tough to handle.

Is two months enough? That really depends on your commitment and past experience in the eight domains.

I would suggest that you start to mentally prepare yourself by taking longer and longer practice tests. While CCCure doesn't go in depth with concepts it's a great start on conditioning your mind. Good luck!!

webpriestess

Hey Man! Congratulations! Wow, it sounds like you have quite the background. I'm sure that really helped you out.

I want to especially thank you on the tractor trailer analogy for AH and ESP. That's a good one that I won't forget. Also your take on how to deal with password complexity. That's a really good "heads up" to all of us that are going to be taking the exam.

My sister has the PMP - she passed it on the first try. I don't blame you for calling it quits after that one.

Congrats again
::Claudia

havoc64

Congrats and great write up.

sameoj

Congrats

clarkincnet

Congrats!

gncsmith

Congrats!

ZzBloopzZ

What were you scoring on the CCCure, I assume you used the Pro level questions?

Hopsdaballa04

I did use the Pro level, my overall score average was 73%. It would depend on what I was doing at the moment. I took a bunch of the quizzes while hanging out with my family or out at dinner.

Johnmueller

Where did you get your masters in cyber security? Would you recommend them?

mark007

Congrats mate,

I am also in the preparation for this exam, unlike other people who can afford to pay for classroom unfortunately i can't, as am currently job searching in the security field, which you and i know if you don't have the experience and credentials its much harder to break through. I have a MSc in IT security and just recently passed the Security + exam , also have been in systems support for a decade so its time to move on. I have always liked security and its a shame am just picking it up now. I have downloaded free ebooks and materials online and the amount of volume of information for an old brain like mine is draining. sometimes i get lost in the book and my mind wonder into the winning the lottery so i can close these books forever...hahahah! i have just finished the CISSP CBK 7th edition, and just started on the Shon Harris (RIP) 6th edition All in one, i still have some other materials like the Conrad series and some other CISSP pdfs and somehow i feel that am ready. I have done some google searches and the CCCURE keeps propping up, but when i look into the site, all i see are forums with outdated replies from years back so a bit confused if i should pay for the practice questions since i cant see any new entries. Also StudiSCope dont have the latest CISSP update yet. My area of weakness is the Cryptography and Encryption. from your exam , where there lots of questions based on this? also you mentioned 8 domains, i thought it was 10. I am currently using this site for test purpose Elsevier FlashAutomate 3.0 . Very similar to what i'd imagine the exam to be like. Please can you assist with any course materials? most especially exam questions etc. Thank you and best of luck . will you be taking any other exam soon, i am thinking once i passed the CISSP , move unto ISO20071 and CISA.

Cheers

DocRoy

congrats on a major accomplishment

Hopsdaballa04

The 2015 CBK reduced the domains from 10 to 8. It's deceiving because the two extra domains have been added into other domains. I would suggest the official study guide 7th edition for study as it is tailored to the new CBK. When people talk about CCCure test engine they are talking about https://www.freepracticetests.org/ . It is updated to the 2015 CBK.

As for whether my test had a lot of crypto/encryption; it would be deceiving to say yes or no due to each individual getting a different test. I would continue to review the concepts and understand how to apply those concepts into a business.

Good luck with your studies and on the exam. Also, good luck on the job search!

ZzBloopzZ

Mark007, since you are on a tight budget why not just use the following test banks:

1. Sybex (Over 1500 questions, you already have the book so you can access the online portal)
2. McGraw-Hill - https://www.mhprofessional.com/sites/CISSPExams/exam.php?id=AccessControl
3. The Conrad books have practice questions in them too which you seem to have.

Do those first and see how you feel. Also, Cybrary is a great free resource that many people swear by. CCCure does some free prep materials although not as detailed but nice introduction and tips how to study. I think it's called CISSP Holistic video or something.

protacticus

Also, you can look at https://www.skillset.com/certifications/cissp they have free CISSP questions.

mark007

Thank you all, will update as soon as i pass.

Seab

When are you taking the exam?

jones551

Congrats

mark007

Hi Guys,

almost done reading the Shon Harris 6th ed. I read the official cbk book and noticed that the SH book has different domains , i know it has recently been revised, so am wondering should i continue to read the book even though i have read the official CISSPbook. I just want to get it over and done with as my brain is on overload mode right now. does any felt that at some point where the brain just can't absorb more, what did you do to counter this mode also, does anyone drift off into space whilst reading all these texts , and how did you remain focus.

I have been trying to apply for security jobs with my S+ and MSc IT sec degree, i must say its not been easy, from the non technical enough reason to lack of experience even though i answered all the telephone interview questions. I don't want to go back into IT support or Sys administrator and am slowly loosing faith. Also i cant phantom going for a job that is like £20k less than what am currently earning just because i want to break into the sector. i know i should start somewhere but 10k less will affect my finances. some please advice. I don't mind volunteering whilst am still doing my own regular job

mark007

i am struggling with the shon book, the domain on telecomms is like over 200 pages, how you getting on? what books are you reading, i have some pdfs if you interested

datybayo wrote: »

Congratulation Sir for the achievement, wish you all the best ..

Actually, i am planning to set for the exam on 14 July, but to be honest with you i am scared and i need your help,


Can you please advice me to go throught it and pass the exam ..

I have two month form now, is that time enough for me to pass the exam ..


your help is really appreciated ..



Hope to hear from you soon


Regards ....

sameoj

Congrats