Passed the CISSP Exam!!! Woot Woot!
If I can do this -- so can YOU!
Thanks to everyone who contributes to this board. It was absolutely critical for me and I used it to form my study plan. I hope something I share will help one of you too.
First, I have been working in information security for about 15 years. I have been a security administrator for both mainframe and active directory. I have provided audit support for SOC 1, SOC2 and SOX. I most recently began running a full integrated management system in support of ISO27001 and ISO9001. Having this experience was very helpful to me for this exam.
My study plan
I decided in August 2016 I was going to attend a boot camp and take the test in November 2016. I signed up for a 6 day bootcamp with Training Camp and they administer the test on the 6th day (Saturday afternoon beginning at 1:00pm). I bought the SYBEX Study Guide and began reading that as often as I could. I hate reading that stuff so I was probably not the most thorough of readers. I also read CISSP for Dummies (loosely). I signed up in August for CCCURE’s freepracticetests (not really free, but worth the money) and started taking these immediately. I also took the Sybex tests online that you get when you purchase the book. I was not good at the tests, but it gets you into the mindset of what you need to know and you start to pick up little facts here and there. I especially love study mode. You can see the answer and explanation before you move onto the next question. I can honestly say this was one of the best resources because it exposed me to a lot of small facts that while they were not exactly required for the exam – it still gave me a good basis. I learn better when I am engaged and not as well when reading a book. I would say I studied about 4-6 hours a week until the middle of September. That is when I found the Kelly Handerhan Cybrary IT videos. Kelly is AWESOME. She explains things very clearly and gives some good tips and tricks on how to remember things. I sat at a screen with the video on one monitor and OneNote open on the other screen while I took notes. This was really helpful. I also love the sunflower PDF. A plethora of info in a small space. http://www.kilala.nl/Sysadmin/Images/CISSP_Summary_V1.1.pdf
The bootcamp
Wow was that intense. We used the actual CBK for the class. I arrived on Sunday evening and started the first class on Monday morning. It was every day from 8:00am to 6:30 or 7:00 each night of classroom time. Then go back to my hotel and read 11th Hour by Eric Conrad for that days domain(s), review notes from the day, review the sunflower pdf (this is EXCELLENT) and take test after test on CCCURE. In bed by 11:00 to get plenty of rest for the next day’s beating…I mean lecture. I listened to a meditation app each night to help my brain relax and actually be able to get some sound sleep. Reading 11th hour made the most sense because it was small and short. Reading more from big books at this point was really not helpful. I also reviewed my Kelly Handerhan notes and watched a couple of videos again like crypto and networking. I was not doing great on the practice tests. Maybe 60-70%. By Thursday I was in full panic mode. But I just kept visualized the “Congratulations you passed” paper and kept at it. I did use flashcards and while I think they were helpful, it probably didn’t help as much as I would have liked. On Friday night I made my “brain ****” sheet. I will tell what I put on that below. I also took tests and my scores got worse and worse. I was so tired and drained. I stopped doing tests and just focused on the information sheets (notes, pdf, kelly handerhan notes) at this point. Best thing I could do. I went to bed at 10:00pm. I needed rest.
Test day
We had a bootcamp review session for about 3 hours and this was helpful. Touched on everything a little more and I had my sunflower pdf handy to review. I used about 5 hours and 20 minutes of time for the test. Here is what my test plan was:
Make sure as soon as you sit down and they log you into your machine that you accept the NDA. Do not read it, do not hesitate, do not start your brain ****. If you don’t get past all the NDA screens and start the test within 5 minutes – you forfeit the fee and you do not take the test. They mean business. If you like to read everything before you sign it – read it on their website. If you are on the fence about the NDA -- don't sign up for the test. The proctor said there is about 1 person per month that doesn’t complete the NDA and gets timed out. Don’t let that be you!
I took a break after 100 questions. Went to the restroom and got a drink of water. Did the remaining 150 questions and took a break. At this point I counted the number I was sure I had right and how many to go back and review. I had 95 I was confident I knew. The remaining I went back through and validated. If I couldn’t deduce anything further, I removed the flag and moved on. With each hard one, I would phrase the answer like a jeopardy question. This would help me make sure I was really answering what they asked for and not just what I thought. It really is a test of picking the MOST right answer. I took another break and then sat down for the final review. If I had exhausted all brain cells -- I just made the best guess I could and moved on. Don't overthink and change answers unless you really think it is wrong. Your gut guess is usually correct unless you misread what the question was asking you.
Finally, here are my tips to remind yourself when you are taking the test:
1) This is a management exam. It is not really about knowing technology in detail. Leave that for the worker bees.
2) People safety is ALWAYS first.
3) Management buy-in is critical to the success of anything with regard to security. Without that -- you have no plan
4) Everyone is responsible for security
5) Training is Essential
OSI Model (Brain ****)
All People Seem To Need Data Processing / Some People Fear Birthdays
A - Application (Layer 7), IMAP
P - Presentation
S – Session
T – Transport (Segment) All I protocols except for IMAP
N – Network (Packets)
D- Data Link (Frames)
P – Physical (Bits)
ALE=SLE * ARO
SLE= AV *EF
Bell Lapadula no read up/no write down
Good LUCK!
Thanks to everyone who contributes to this board. It was absolutely critical for me and I used it to form my study plan. I hope something I share will help one of you too.
First, I have been working in information security for about 15 years. I have been a security administrator for both mainframe and active directory. I have provided audit support for SOC 1, SOC2 and SOX. I most recently began running a full integrated management system in support of ISO27001 and ISO9001. Having this experience was very helpful to me for this exam.
My study plan
I decided in August 2016 I was going to attend a boot camp and take the test in November 2016. I signed up for a 6 day bootcamp with Training Camp and they administer the test on the 6th day (Saturday afternoon beginning at 1:00pm). I bought the SYBEX Study Guide and began reading that as often as I could. I hate reading that stuff so I was probably not the most thorough of readers. I also read CISSP for Dummies (loosely). I signed up in August for CCCURE’s freepracticetests (not really free, but worth the money) and started taking these immediately. I also took the Sybex tests online that you get when you purchase the book. I was not good at the tests, but it gets you into the mindset of what you need to know and you start to pick up little facts here and there. I especially love study mode. You can see the answer and explanation before you move onto the next question. I can honestly say this was one of the best resources because it exposed me to a lot of small facts that while they were not exactly required for the exam – it still gave me a good basis. I learn better when I am engaged and not as well when reading a book. I would say I studied about 4-6 hours a week until the middle of September. That is when I found the Kelly Handerhan Cybrary IT videos. Kelly is AWESOME. She explains things very clearly and gives some good tips and tricks on how to remember things. I sat at a screen with the video on one monitor and OneNote open on the other screen while I took notes. This was really helpful. I also love the sunflower PDF. A plethora of info in a small space. http://www.kilala.nl/Sysadmin/Images/CISSP_Summary_V1.1.pdf
The bootcamp
Wow was that intense. We used the actual CBK for the class. I arrived on Sunday evening and started the first class on Monday morning. It was every day from 8:00am to 6:30 or 7:00 each night of classroom time. Then go back to my hotel and read 11th Hour by Eric Conrad for that days domain(s), review notes from the day, review the sunflower pdf (this is EXCELLENT) and take test after test on CCCURE. In bed by 11:00 to get plenty of rest for the next day’s beating…I mean lecture. I listened to a meditation app each night to help my brain relax and actually be able to get some sound sleep. Reading 11th hour made the most sense because it was small and short. Reading more from big books at this point was really not helpful. I also reviewed my Kelly Handerhan notes and watched a couple of videos again like crypto and networking. I was not doing great on the practice tests. Maybe 60-70%. By Thursday I was in full panic mode. But I just kept visualized the “Congratulations you passed” paper and kept at it. I did use flashcards and while I think they were helpful, it probably didn’t help as much as I would have liked. On Friday night I made my “brain ****” sheet. I will tell what I put on that below. I also took tests and my scores got worse and worse. I was so tired and drained. I stopped doing tests and just focused on the information sheets (notes, pdf, kelly handerhan notes) at this point. Best thing I could do. I went to bed at 10:00pm. I needed rest.
Test day
We had a bootcamp review session for about 3 hours and this was helpful. Touched on everything a little more and I had my sunflower pdf handy to review. I used about 5 hours and 20 minutes of time for the test. Here is what my test plan was:
Make sure as soon as you sit down and they log you into your machine that you accept the NDA. Do not read it, do not hesitate, do not start your brain ****. If you don’t get past all the NDA screens and start the test within 5 minutes – you forfeit the fee and you do not take the test. They mean business. If you like to read everything before you sign it – read it on their website. If you are on the fence about the NDA -- don't sign up for the test. The proctor said there is about 1 person per month that doesn’t complete the NDA and gets timed out. Don’t let that be you!
I took a break after 100 questions. Went to the restroom and got a drink of water. Did the remaining 150 questions and took a break. At this point I counted the number I was sure I had right and how many to go back and review. I had 95 I was confident I knew. The remaining I went back through and validated. If I couldn’t deduce anything further, I removed the flag and moved on. With each hard one, I would phrase the answer like a jeopardy question. This would help me make sure I was really answering what they asked for and not just what I thought. It really is a test of picking the MOST right answer. I took another break and then sat down for the final review. If I had exhausted all brain cells -- I just made the best guess I could and moved on. Don't overthink and change answers unless you really think it is wrong. Your gut guess is usually correct unless you misread what the question was asking you.
Finally, here are my tips to remind yourself when you are taking the test:
1) This is a management exam. It is not really about knowing technology in detail. Leave that for the worker bees.
2) People safety is ALWAYS first.
3) Management buy-in is critical to the success of anything with regard to security. Without that -- you have no plan
4) Everyone is responsible for security
5) Training is Essential
OSI Model (Brain ****)
All People Seem To Need Data Processing / Some People Fear Birthdays
A - Application (Layer 7), IMAP
P - Presentation
S – Session
T – Transport (Segment) All I protocols except for IMAP
N – Network (Packets)
D- Data Link (Frames)
P – Physical (Bits)
ALE=SLE * ARO
SLE= AV *EF
Bell Lapadula no read up/no write down
Good LUCK!
Comments
-
lucky0977 Member Posts: 218 ■■■■□□□□□□Congrats on the passBachelor of Science: Computer Science | Hawaii Pacific University
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+ -
dhay13 Member Posts: 580 ■■■■□□□□□□Congrats!
I only marked 21 for review and only changed 3 of those. 15 of those were in the first 1/2 of the test. The 2nd 1/2 I figured I either knew it or didn't.
For Bell-Lapadula I remembered it this way...B/L is focused on confidentiality so to keep confidentiality you cannot let people read up. Reading up gives them access to objects that are above their grade. Biba is focused on integrity and is the opposite. Seemed easier for me to remember it that way.
I'm still waiting for my endorsement. I passed 11/10 and submitted my endorsement 11/14, having a co-worker endorse me. I got an email back from ISC2 that same day (11/14) saying they received my endorsement package and that it would take 4-6 weeks. -
greg9891 Member Posts: 1,189 ■■■■■■■□□□Congrats! great exam room info. Thanks!:
Upcoming Certs: VCA-DCV 7.0, VCP-DCV 7.0, Oracle Database 1Z0-071, PMP, Server +, CCNP
Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man. -
jcundiff Member Posts: 486 ■■■■□□□□□□Congrats!
You have the ALE formula wrong to remember it though ALE = AROxSLE (Arousal)"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke -
h1ck5r Member Posts: 37 ■■□□□□□□□□Congrats and thank you very much2017 Goals: CISSP(✔)
2018 Goals: Security+(✔),Find a girlfriend(?)
2019 Goals: Find a girlfriend(?)
2020 Goals: Find a girlfriend(?)