I passed CISSP today. Since I like reading these posts so much I thought I would put up my own.
Background: IT Auditor/Audit Manager for 6 Yrs.
Have already done CISA, SSCP and COBIT Foundation.
Preparation Time: 2 weeks daily study (8-5, I took time off work), but I was very careful not to burn out so took breaks lunch/evening etc.
Preparation Books
: I found the Sybex 7 book most readable/engaging (read it all cover to cover), but I also used Eric Conrad for the technical bits (Networks etc). Shon Harris AIO is a very detailed book, and good for reference or newcomers, but I couldn't 'study' from it. The official ISC2 guide is just not that easy to read, I don't know why!
Preparation Questions
:
: Sybex end of chapter questions were useful reinforcers (I did them as I went). Eric Conrad online exams very useful too. I also did all of the CCCure Questions - not sure how much these helped, as even from the first 250 I did I was getting 80%+, but I did like the interface and it gave me alot of confidence.
Lesson Learned: Should have bought access to CCCure earlier - as it was I paid $49 for effectively 4 days use!
The Exam: I used about 2.5 hrs of the time. 2 hrs full run through, then 30 mins review (I changed only 1). I have no idea how I could have used 6 hrs. The questions were not as hard as I expected at all.
I have often heard people claim you need to 'think like a manager', and maybe due to my current role I just do that anyway.
Final Thought: I know its daft, but this forum helped me alot (not just CISSP, but in the past CISA and SSCP too). Thanks to everyone who posts their thoughts/experiences.
It really helps and encourages me to know when I am studying the right books, following the right process etc.
Question to the floor: What should I study next ? I get the impression Security + is below CISSP/SSCP, so seems kind of pointless. How about CEH? or CISM? Advice, as always, appreciated.
