CISSP Passed on 1st Attempt

mang109mang109 Member Posts: 15 ■□□□□□□□□□
I passed CISSP today. Since I like reading these posts so much I thought I would put up my own.

Background: IT Auditor/Audit Manager for 6 Yrs.icon_jokercolor.gif Have already done CISA, SSCP and COBIT Foundation.

Preparation Time: 2 weeks daily study (8-5, I took time off work), but I was very careful not to burn out so took breaks lunch/evening etc.

Preparation Booksicon_study.gif: I found the Sybex 7 book most readable/engaging (read it all cover to cover), but I also used Eric Conrad for the technical bits (Networks etc). Shon Harris AIO is a very detailed book, and good for reference or newcomers, but I couldn't 'study' from it. The official ISC2 guide is just not that easy to read, I don't know why!

Preparation Questionsicon_confused.gif:: Sybex end of chapter questions were useful reinforcers (I did them as I went). Eric Conrad online exams very useful too. I also did all of the CCCure Questions - not sure how much these helped, as even from the first 250 I did I was getting 80%+, but I did like the interface and it gave me alot of confidence. Lesson Learned: Should have bought access to CCCure earlier - as it was I paid $49 for effectively 4 days use!

The Exam: I used about 2.5 hrs of the time. 2 hrs full run through, then 30 mins review (I changed only 1). I have no idea how I could have used 6 hrs. The questions were not as hard as I expected at all.icon_cheers.gif I have often heard people claim you need to 'think like a manager', and maybe due to my current role I just do that anyway.

Final Thought: I know its daft, but this forum helped me alot (not just CISSP, but in the past CISA and SSCP too). Thanks to everyone who posts their thoughts/experiences.icon_thumright.gif It really helps and encourages me to know when I am studying the right books, following the right process etc.

Question to the floor: What should I study next ? I get the impression Security + is below CISSP/SSCP, so seems kind of pointless. How about CEH? or CISM? Advice, as always, appreciated. icon_arrow.gif

Comments

  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    Congrats!

    Seems like CISM would be good for you. Not sure why you would do CEH unless you are interested in changing roles or just really interested in the cert.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • fitzlopezfitzlopez Member Posts: 103 ■■■□□□□□□□
    It's great you passed on your first try, and in just 2 hours? I did the previous version and used the AIO, it took me about 4 hours to finish it a break and about an hour to review.

    I'd agree that you shouldn't do the CEH, it's not worth it. I'm scheduled in a couple of weeks for the CompTIA Cybersecurity Analyst+ and it looks more promising plus it was only $50 dlls. My company just got me an xvoucher for the CSX Practitioner from ISACA that also looks interesting, will have more news by January. I'd advise you check them out.

    I'm waiting to hear back on my accreditation for the CISM, CISSP-ISSMP and CSSLP. I found the CISM material less technical than the CISSP but really interesting as it focused more on standards, procedures and risk. I didn't like the paper exam I don't remember when I had to fill the circles with a #2 pencil. I also did the ISSMP concentration because the guys in the forums said that studying for the CISM helped for the ISSMP. They were correct, I did have to read the ISC2 book to map the CISM concepts the way ISC2 frames it for the ISSMP.

    In my roadmap I want to try out the ISACA CSX Expert, and the GIAC Information Security Expert but GIAC/SANS stuff seems to damn expensive.
  • ilikeshellsilikeshells Member Posts: 59 ■■□□□□□□□□
    Nice!!! I'd do OSCP next! You'll learn a lot, it's worth the effort!
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Congrats!!
    I am a Jack of all trades, Master of None
  • TrucidoTrucido Member Posts: 250 ■■□□□□□□□□
    Grats!!! Thanks for the tips.
    2017 Certification Goals
    CompTIA A+ [ ] CompTIA Net+ [ ] CompTIA Sec+ [ ] CCENT [ ] ITIL [ ]
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
  • trueshrewkmctrueshrewkmc Member Posts: 107
    Congrats! I agree with my fellow CEH holders. There were several CISSPs in my CEH boot camp back in 2014, but I don't really understand why. CEH isn't worth the effort. If you look at CompTIA continuing ed points for CASP awarded by cert, CEH is worth only 5 points.

    SANS GCIH might be more appropriate.
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Congrats! This is really FAQ; you can find a lot of opinions in this forum. :D

    I recommend CISM given your background and the fact that some job postings that ask for the triad of "CISA, CISM and CISSP". CEH serves as HR filter and an intro to pen testing. If you are really keen on pen testing, go for OSCP.
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    If you look at CompTIA continuing ed points for CASP awarded by cert, CEH is worth only 5 points.

    You get 8 points not 5 with the CEH icon_wink.gif
    https://certification.comptia.org/continuing-education/renewothers/renewing-casp
    I am a Jack of all trades, Master of None
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
Sign In or Register to comment.