Passed CISSP (2nd Time)

JohnjaplinJohnjaplin Member Posts: 7 ■□□□□□□□□□
I just finished the exam 5 hours and 5 minutes and I still cannot believe I passed this exam. This is my very first post on techexam and I feel like I owe an obligation to this community for all the help/tips that made me pass this exam. I'm beyond exhausted, as I work night shift and the testing center only provides the test at 10 AM, so expect some errors in this post heh.... However I will try my best to help people achieve their goals as this was a goal for me.

For starters: I have 6 years of experience in the following roles Sr. RMF assessment engineer, Vulnerability Analyst, and lastly Sr. Cyber Threat Analyst for the DOD and DHS. This exam was a goal of mine ever since I started doing IT, and I was arrogant/foolish enough to think that I could pass this exam within a 1 month. All in all I studied for about 2 and half months the grind was real....

First time I failed: I got a 625 the first time I attempted this exam in 2 hours by only studying 11th hour (skimmed through it), and cybrary.it (Yeah I know, what was a I thinking) within the first 5-10 questions I knew immediately that I failed this exam. By having only experience to help me through the exam, I realized that I needed to know the concept inside and out to pass this exam... A thorough knowledge of the concept at a high level. I know this has been mentioned multiple times in other post however, I also want to re-iterate that this exam not only wants you to think like a manager but also apply the situations as a manager/Security Advisor. Now don't get me wrong there are some questions that will require you to answer the question as a technician but all in all if there is a managerial task take a minute or two to focus on that particular question. Also another thing I must mention is that this exam really wants you to understand the process of security as a whole! Onto my passing score phase

2nd time: I read multiple post as to what materials to use and that you should read multiple books such as the Shon Harris, Sybex, Eric Conrad 3rd edition, etc. However I highly disregard this method, unless you are a beginner in Cyber Security (CISSP Associate) I advise you to read the entire Shon Harris book as it helps to really get you into a mindset of a cyber security professional from the basics. If you are not a beginner and have the required experience, I advise reading the entire Sybex 7th edition book as it will cover everything that you will see on the exam. Lastly if you have the experience and knowledge of at least 3-4 domains in the CISSP then I recommend reading the Eric Conrad 3rd edition as it covers 85-90% of the exam.

What I did: When I failed the first time I took my paper and focused what domains I was doing badly in. I opened up the sybex official book and Eric Conrad 3rd edition on the top 4 domains I did bad on. Once I finished reading those domains, I took the official practice questions. DONT FORGET PRACTICE EXAMS, they are just as essential as reading the book, 50% of effort is needed in reading/understanding and 50% in practice exams (I recommend the official Sybex practice question). Now don't get me wrong these questions are nowhere as confusing or hard enough as the real exam, however they are the closest bet. (I've used CCCURE, (but eh). I took the 4 domain test (ones I did badly on) on the official sybex practice exam and was averaging into the high 70's and when I took the first 250 question part I got an 83% (not satisfied yet). After that I re-read the 11th hour in fine detail, and re-watched the cybrary.it videos on domains I did badly on. Took the second portion of the official ISC2 250 question and got an 85%.

Scheduled the test/Test taking tips: I started the morning having coffee and 2 red bulls as I was severely exhausted (please get ample amount of sleep). The second time I took the test I realized that "hey this is not that bad now" because I took a different approach at the test. This might take longer, but I believe was essential for me to pass the test. This go around I read the answers first to get a picture of what they're asking me. Example, when I read the answer I can tell oh, this is going to be a BCP question or oh, this is going to be a Network Security question, Or Authentication question etc. By knowing what the answers were and how they relate to one another I was able to kind of guess what the question was going to be, which gave me a step up to using my process of elimination. If you see a concept in the exam make sure to think at a high level and what you think your manager would do of if you are the manager what would you do (Experience and knowledge will help you on this). If you see a technical question make sure how it implies to security and which CIA or IAAA its trying to protect. When I went to go get my test I honestly thought I failed (55-60% confident that I failed) but when the instructor smiled and said I passed I couldn’t believe it... If I can pass this exam I am 1000% you can to, but don’t look at this exam as a chump like I did (I realized I was the chump).


Materials that I used (2 1/2 months)

Sybex 7th edition on the 4 domains I did bad the first time (9/10) - I give this score cause the book as too much info for me.
Eric Conrad 3rd edition also the 4 domains I did bad in (9/10) - This book was solid by giving me straight to the point info.
11th hour I read the entire book in fine detail for last minute study (8.5/10) - Great last minute study!
Cybrary.it the instructor Kelly was amazing at explaining cyber security concepts to human level comprehension (10/10)!!
CBTnuggets Keith Barker was a good technical instructor but I wouldn't recommend unless you have no technical expertise (7/10)
Official Sybex Practice Exam (9/10) - Excellent practice exam material (I would shoot for 80% and you should be fine)
CCCURE I did about 800 questions (6.5/10) - Some of the questions went too in depth and technical with the test, however it is still helpful material

I wish the best for anyone taking this exam and if you have any questions I will answer them to the best of my ability without violating the code of ethics. Good luck everyone!

Comments

Sign In or Register to comment.