Just passed the CISSP – Yes it is like running a marathon

coffeeisgoodcoffeeisgood Member Posts: 136 ■■■□□□□□□□
My brain hurts but happy I got the “Congratulations!” letter at the end. Almost every question was a battle!

How I prepared
  1. Sybex 7th (official CISSP Guide)
  2. Eric Conrads 3rd edition CISSP Study Guide
Read both books, cover to cover and took over 200 pages of written notes. I find physically writing things down helps for me. I completed all book exam questions, some chapters I would do the exam multiple times! The Sybex official guide has an iOS app with the same practice questions as the book that I would find myself using randomly. Sybex was ok but it was reading Conrad's 3rd edition that made things “click” for me to understand that "concept"!

I purchased a 60 day access to the

3. CCCure test engine (completed over 2000+ questions all on Pro setting)
I liked their engine & detailed explanations but many of the questions were way too overly technical than what was needed for the actual exam BUT what is really important is you understand the “CONCEPT”. Stop memorizing and understand the concepts, this cannot be stressed enough. Anyway, that said sometimes you really need to understand the “tech” to understand the concept. Over the last two weeks I did a three 250 question exams so I was prepared for marathon of sitting for the real thing. I averaged about 80%/85% on all CCCure tests but honestly maybe only preparing yourself for 5+ hours of a mind game is the real benefit here.

Anyway… I also did

4. Flash Cards (written 3” x 5” index cards)

Every time I missed ANY question, I would write a card to help me with some point. Sometimes I would have many of the same items just asked different ways, which sometimes had me going back to re-read a section I missed. (CCCure has an option to keep your missed questions in your future “pools/banks” of test questions.) For the past couple months, it was rare you would not find me with a 10-15 flash cards going over a few topics.

No CISSP courses but I do have 10+ years in InfoSec experience, extremely heavy on PCI DSS. My experience helped with many of the firewall, cryptography, networking questions, SDLC was one of my weak areas.

It is really hard to explain but none of the practice test questions really line up to the actual exam. Some were familiar in the idea but none really line up. If/when you get down to two answers, re-read the question! I had planed to watch some of the Cybrary videos but just never got around to it. Everyone learns a little different.

Over the 5+ hours spent on the exam, I took a couple breaks. Besides bathroom, water, stretch, I had some snacks which I left all in my locker. My breaks never lasted longer than 5 minutes. You cannot have anything in the exam room. I found it easier to just leave my pockets inside out … maybe I will leave them that way and start a new fashion statement.

My exam felt heavy on IPSec / other cryptography, SDLC, FeID/SAML, BCP/DRP but the range of topics was really was a "mile wide & an inch deep"

Often I would read a question and get down to two of the four answers. Go back and re-read the question and study each word, what is it specifically asking to help pick one of those two answers. There are some multiple answer/matching questions, not a lot but some. You will stumble on a few questions (like was this subject on my study guide?) but just remember 25 questions are not counted and ISC2 is just throwing them out.

Cheers… I had a few cold ones last night but my body still gets up at the crack of dawn to study. What will I do with all my free time?

Good Luck!


  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Congrats coffee!
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Congrats and thanks for the write up!
    I am a Jack of all trades, Master of None
  • coffeeisgoodcoffeeisgood Member Posts: 136 ■■■□□□□□□□
    forgot to add... after taking a CCCure exam, I would spend almost 1/2 the time I took going over both right & wrong answers. (& yes if it was wrong, it got a flash card, even if I had one already!)

    Some of the info / descriptions on the CCCure question/answers are pure gems. Do not get too bogged down on the technical but understand that concept.
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    Congrats! That sounds very familiar to my experience on test day.
  • ZzBloopzZZzBloopzZ Member Posts: 192
    Congrats mate!

    I am having similar experience. Yesterday I just started reading the Conrad 3E book and some things are starting to "click" and getting MUCH better understanding on the CONCEPTS. This is after going through the Sybex 7E book twice.

    What domains would you say were the BEST or rather that helped you make things "click" in the Conrad 3E book? So far I read the Security and Risk Management and Identity and Access Management chapters. Both were good but Security and Risk Management was PURE GOLD. My exam is next Tuesday and so I won't have time to finish the entire Conrad book since I plan to do the Cybrary video series this weekend, so only have time to read 1-3 more domains in the book.

    At this point I am going to stop memorizing the technical. Not going to bother memorizing the TCSEC/ITSEC levels or go super deep in crypto. Only so much my brain can hold anyhow. :c)

    What's next for you? Any other certs?

    Edit: Any tips on what aspects/how deep to study for IPSec? You could do a 2 week course on it alone since there is SO much to it.
  • SeabSeab Member Posts: 127
    Congrats and thanks a lot for the review! My exam is in 2 weeks now, it's the last mile before the exam, last chance to get the concepts right!
    I am doing 125 cccure questions per domain, with good score until now, only 3 domains to go. I will do probably 2 full practices exam to be more secure with my result. Finishing 11th hour this week. Cybrary video marathon, and reviewing concept in Conrad's book.

    Enjoy getting a life again if you can or go for another cert ;)
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
  • clarkincnetclarkincnet Member Posts: 256 ■■■□□□□□□□
    Well done - excellent write up!
    Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!

  • aftereffectoraftereffector Member Posts: 525
    Congratulations on the pass! You have a great writeup there - I'm sure it will help many aspiring CISSPs here.

    Now that you have all your free time back, you should reinvest it in the next educational goal! How does a CISSP-ISSAP sound?
    CCIE Security - this one might take a while...
  • webpriestesswebpriestess Member Posts: 82 ■■□□□□□□□□
    Way to go, Coffee! Thanks for the write up.

    I've been doing flash cards too. I made up a basic set from the domains and then I went nuts with the practice exam stuff. I take those puppies everywhere - most note worthy when I am waiting at medical appointments.

    Congratulations, Coffee!
  • AfterburneAfterburne Registered Users Posts: 2 ■□□□□□□□□□
    Very nice, congrats!! How many total hours studying would you estimate that you put in?
  • SeabSeab Member Posts: 127
    Afterburne, you don't really wanna know or count these.... ;)
    It should be something like (1-3h afterwork x 5), between (3-6h on week-end days x 2) x number of weeks, for 3-6 months.
  • AfterburneAfterburne Registered Users Posts: 2 ■□□□□□□□□□
    Seab wrote: »
    Afterburne, you don't really wanna know or count these.... ;)

    Ha! Yeah, it is a bit demoralizing for sure.

    The path set before me is more of a sprint than a marathon. The last day at my current job is July 1st and I have determined to set aside working for three months and do mostly nothing but study and hopefully obtain the CISSP by the end of September.

    I plan on studying 5 to 6 hours a day for 5 to 6 days a week to prepare. I am hoping that will be enough time per week to get me there in 3 months. I think spending any more time studying per day/week than that has the possibility to become counter-productive. On the other hand I can't afford any more than 3 months of not working either. Following this schedule would put me right at the mid-point of the study times mentioned above and hopefully be sufficient.

    Congrats to those who have passed! Very encouraging to hear for sure.
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
  • misthemisthe Member Posts: 26 ■■■□□□□□□□
    Hey Congrats!!

    Does "Eric Conrads" book helps you a lot? as you had already study from Sybex. I'm studying from Sybex and AIO too and i think to buy also Eric, but I' m not sure how much beneficial could be having already read these two books.

  • havoc64havoc64 Member Posts: 213 ■■□□□□□□□□
  • coffeeisgoodcoffeeisgood Member Posts: 136 ■■■□□□□□□□
    misthe wrote: »
    Hey Congrats!!

    Does "Eric Conrads" book helps you a lot? as you had already study from Sybex. I'm studying from Sybex and AIO too and i think to buy also Eric, but I' m not sure how much beneficial could be having already read these two books.


    I read for the Sybex 7th edition 1st because it was the "official" guide
    It puts the content in more of an order thru 21 chapters (content is not structured by domain)

    Eric's 3rd edition is divided up by domain but it is like 300 pages less. It just explains things differently and a bit more efficient. I learn by reading and taking notes, with my best study hours in the morning but everyone is different. I enjoyed reading Eric's 3rd edition guide way more than Sybex 7th, although add in the fact it was my second pass at the same material it still just made everything "click".

    BTW the 1st chapter/domain is available for free online
    I looked into the eBook but the print was cheaper, go figure. I know with the print Sybex 7th edition you can get a free .pdf, not sure about Eric's 3rd edition. (I did not look)

    Do not beat yourself up on the small details but understanding all the concepts cannot be stressed enough. That said, sometimes you must understand all the small pieces of the technology to understand the "technology" concept.

    Sidenote: The offical Sybex 7th edition practice questions, although easier than the exam, are the most similar to the actual exam. Do not skip the essay ones! That should test your knowledge of the concept!
  • kennethkckennethkc Registered Users Posts: 1 ■□□□□□□□□□
    may i know where can i get the sybex official guide an iOS app?
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
  • coffeeisgoodcoffeeisgood Member Posts: 136 ■■■□□□□□□□
    kennethkc wrote: »
    may i know where can i get the sybex official guide an iOS app?

    link below for the official iOS app & flash cards

    SAME questions & flash cards/review as the book but missing the labs (DO THE LABS to learn the concepts!)
    The app is nice because you can really have it anywhere. I did use it often & randomly (vs playing some free game)

    CISSP (ISC)2 Certified Information Systems Security Professional Official App by learnZapp
Sign In or Register to comment.