Passed CISSP (2nd Time)
Johnjaplin
Member Posts: 7 ■□□□□□□□□□
in CISSP
I just finished the exam 5 hours and 5 minutes and I still cannot believe I passed this exam. This is my very first post on techexam and I feel like I owe an obligation to this community for all the help/tips that made me pass this exam. I'm beyond exhausted, as I work night shift and the testing center only provides the test at 10 AM, so expect some errors in this post heh.... However I will try my best to help people achieve their goals as this was a goal for me.
For starters: I have 6 years of experience in the following roles Sr. RMF assessment engineer, Vulnerability Analyst, and lastly Sr. Cyber Threat Analyst for the DOD and DHS. This exam was a goal of mine ever since I started doing IT, and I was arrogant/foolish enough to think that I could pass this exam within a 1 month. All in all I studied for about 2 and half months the grind was real....
First time I failed: I got a 625 the first time I attempted this exam in 2 hours by only studying 11th hour (skimmed through it), and cybrary.it (Yeah I know, what was a I thinking) within the first 5-10 questions I knew immediately that I failed this exam. By having only experience to help me through the exam, I realized that I needed to know the concept inside and out to pass this exam... A thorough knowledge of the concept at a high level. I know this has been mentioned multiple times in other post however, I also want to re-iterate that this exam not only wants you to think like a manager but also apply the situations as a manager/Security Advisor. Now don't get me wrong there are some questions that will require you to answer the question as a technician but all in all if there is a managerial task take a minute or two to focus on that particular question. Also another thing I must mention is that this exam really wants you to understand the process of security as a whole! Onto my passing score phase
2nd time: I read multiple post as to what materials to use and that you should read multiple books such as the Shon Harris, Sybex, Eric Conrad 3rd edition, etc. However I highly disregard this method, unless you are a beginner in Cyber Security (CISSP Associate) I advise you to read the entire Shon Harris book as it helps to really get you into a mindset of a cyber security professional from the basics. If you are not a beginner and have the required experience, I advise reading the entire Sybex 7th edition book as it will cover everything that you will see on the exam. Lastly if you have the experience and knowledge of at least 3-4 domains in the CISSP then I recommend reading the Eric Conrad 3rd edition as it covers 85-90% of the exam.
What I did: When I failed the first time I took my paper and focused what domains I was doing badly in. I opened up the sybex official book and Eric Conrad 3rd edition on the top 4 domains I did bad on. Once I finished reading those domains, I took the official practice questions. DONT FORGET PRACTICE EXAMS, they are just as essential as reading the book, 50% of effort is needed in reading/understanding and 50% in practice exams (I recommend the official Sybex practice question). Now don't get me wrong these questions are nowhere as confusing or hard enough as the real exam, however they are the closest bet. (I've used CCCURE, (but eh). I took the 4 domain test (ones I did badly on) on the official sybex practice exam and was averaging into the high 70's and when I took the first 250 question part I got an 83% (not satisfied yet). After that I re-read the 11th hour in fine detail, and re-watched the cybrary.it videos on domains I did badly on. Took the second portion of the official ISC2 250 question and got an 85%.
Scheduled the test/Test taking tips: I started the morning having coffee and 2 red bulls as I was severely exhausted (please get ample amount of sleep). The second time I took the test I realized that "hey this is not that bad now" because I took a different approach at the test. This might take longer, but I believe was essential for me to pass the test. This go around I read the answers first to get a picture of what they're asking me. Example, when I read the answer I can tell oh, this is going to be a BCP question or oh, this is going to be a Network Security question, Or Authentication question etc. By knowing what the answers were and how they relate to one another I was able to kind of guess what the question was going to be, which gave me a step up to using my process of elimination. If you see a concept in the exam make sure to think at a high level and what you think your manager would do of if you are the manager what would you do (Experience and knowledge will help you on this). If you see a technical question make sure how it implies to security and which CIA or IAAA its trying to protect. When I went to go get my test I honestly thought I failed (55-60% confident that I failed) but when the instructor smiled and said I passed I couldn’t believe it... If I can pass this exam I am 1000% you can to, but don’t look at this exam as a chump like I did (I realized I was the chump).
Materials that I used (2 1/2 months)
Sybex 7th edition on the 4 domains I did bad the first time (9/10) - I give this score cause the book as too much info for me.
Eric Conrad 3rd edition also the 4 domains I did bad in (9/10) - This book was solid by giving me straight to the point info.
11th hour I read the entire book in fine detail for last minute study (8.5/10) - Great last minute study!
Cybrary.it the instructor Kelly was amazing at explaining cyber security concepts to human level comprehension (10/10)!!
CBTnuggets Keith Barker was a good technical instructor but I wouldn't recommend unless you have no technical expertise (7/10)
Official Sybex Practice Exam (9/10) - Excellent practice exam material (I would shoot for 80% and you should be fine)
CCCURE I did about 800 questions (6.5/10) - Some of the questions went too in depth and technical with the test, however it is still helpful material
I wish the best for anyone taking this exam and if you have any questions I will answer them to the best of my ability without violating the code of ethics. Good luck everyone!
For starters: I have 6 years of experience in the following roles Sr. RMF assessment engineer, Vulnerability Analyst, and lastly Sr. Cyber Threat Analyst for the DOD and DHS. This exam was a goal of mine ever since I started doing IT, and I was arrogant/foolish enough to think that I could pass this exam within a 1 month. All in all I studied for about 2 and half months the grind was real....
First time I failed: I got a 625 the first time I attempted this exam in 2 hours by only studying 11th hour (skimmed through it), and cybrary.it (Yeah I know, what was a I thinking) within the first 5-10 questions I knew immediately that I failed this exam. By having only experience to help me through the exam, I realized that I needed to know the concept inside and out to pass this exam... A thorough knowledge of the concept at a high level. I know this has been mentioned multiple times in other post however, I also want to re-iterate that this exam not only wants you to think like a manager but also apply the situations as a manager/Security Advisor. Now don't get me wrong there are some questions that will require you to answer the question as a technician but all in all if there is a managerial task take a minute or two to focus on that particular question. Also another thing I must mention is that this exam really wants you to understand the process of security as a whole! Onto my passing score phase
2nd time: I read multiple post as to what materials to use and that you should read multiple books such as the Shon Harris, Sybex, Eric Conrad 3rd edition, etc. However I highly disregard this method, unless you are a beginner in Cyber Security (CISSP Associate) I advise you to read the entire Shon Harris book as it helps to really get you into a mindset of a cyber security professional from the basics. If you are not a beginner and have the required experience, I advise reading the entire Sybex 7th edition book as it will cover everything that you will see on the exam. Lastly if you have the experience and knowledge of at least 3-4 domains in the CISSP then I recommend reading the Eric Conrad 3rd edition as it covers 85-90% of the exam.
What I did: When I failed the first time I took my paper and focused what domains I was doing badly in. I opened up the sybex official book and Eric Conrad 3rd edition on the top 4 domains I did bad on. Once I finished reading those domains, I took the official practice questions. DONT FORGET PRACTICE EXAMS, they are just as essential as reading the book, 50% of effort is needed in reading/understanding and 50% in practice exams (I recommend the official Sybex practice question). Now don't get me wrong these questions are nowhere as confusing or hard enough as the real exam, however they are the closest bet. (I've used CCCURE, (but eh). I took the 4 domain test (ones I did badly on) on the official sybex practice exam and was averaging into the high 70's and when I took the first 250 question part I got an 83% (not satisfied yet). After that I re-read the 11th hour in fine detail, and re-watched the cybrary.it videos on domains I did badly on. Took the second portion of the official ISC2 250 question and got an 85%.
Scheduled the test/Test taking tips: I started the morning having coffee and 2 red bulls as I was severely exhausted (please get ample amount of sleep). The second time I took the test I realized that "hey this is not that bad now" because I took a different approach at the test. This might take longer, but I believe was essential for me to pass the test. This go around I read the answers first to get a picture of what they're asking me. Example, when I read the answer I can tell oh, this is going to be a BCP question or oh, this is going to be a Network Security question, Or Authentication question etc. By knowing what the answers were and how they relate to one another I was able to kind of guess what the question was going to be, which gave me a step up to using my process of elimination. If you see a concept in the exam make sure to think at a high level and what you think your manager would do of if you are the manager what would you do (Experience and knowledge will help you on this). If you see a technical question make sure how it implies to security and which CIA or IAAA its trying to protect. When I went to go get my test I honestly thought I failed (55-60% confident that I failed) but when the instructor smiled and said I passed I couldn’t believe it... If I can pass this exam I am 1000% you can to, but don’t look at this exam as a chump like I did (I realized I was the chump).
Materials that I used (2 1/2 months)
Sybex 7th edition on the 4 domains I did bad the first time (9/10) - I give this score cause the book as too much info for me.
Eric Conrad 3rd edition also the 4 domains I did bad in (9/10) - This book was solid by giving me straight to the point info.
11th hour I read the entire book in fine detail for last minute study (8.5/10) - Great last minute study!
Cybrary.it the instructor Kelly was amazing at explaining cyber security concepts to human level comprehension (10/10)!!
CBTnuggets Keith Barker was a good technical instructor but I wouldn't recommend unless you have no technical expertise (7/10)
Official Sybex Practice Exam (9/10) - Excellent practice exam material (I would shoot for 80% and you should be fine)
CCCURE I did about 800 questions (6.5/10) - Some of the questions went too in depth and technical with the test, however it is still helpful material
I wish the best for anyone taking this exam and if you have any questions I will answer them to the best of my ability without violating the code of ethics. Good luck everyone!
Comments
-
Kyrak Member Posts: 143 ■■■□□□□□□□Congrats! I'm just starting my studies seriously today!Up next: On Break, but then maybe CCNA DC, CCNP DC, CISM, AWS SysOps Administrator
-
Mike7 Member Posts: 1,107 ■■■■□□□□□□Congrats!
Excellent advice on which book to use based on work experience. -
Johnjaplin Member Posts: 7 ■□□□□□□□□□Thank you everyone! The exam was indeed brutal.. but I'm always willing to help others
-
Johnjaplin Member Posts: 7 ■□□□□□□□□□congrats. I have my 2nd attempt on the 8th of May.
Good luck!! Hopefully we see a pass post from you as well -
Oztexs Member Posts: 32 ■■■□□□□□□□congrats and thanks for the useful info.
iam going to sit for this in late june. -
shimasensei Member Posts: 241 ■■■□□□□□□□Congratulations! I'm also hoping to join the CISSP family in a couple of months. Hope your endorsement goes through smoothly and swiftly.Current: BSc IT + CISSP, CCNP:RS, CCNA:Sec, CCNA:RS, CCENT, Sec+, P+, A+, L+/LPIC-1, CSSS, VCA6-DCV, ITILv3:F, MCSA:Win10
Future Plans: MSc + PMP, CCIE/NPx, GIAC... -
drakhan2002 Member Posts: 111Well done! It's quite a relief to obtain the CISSP, eh?It's not the moments of pleasure, it's the hours of pursuit...
-
Johnjaplin Member Posts: 7 ■□□□□□□□□□drakhan2002 wrote: »Well done! It's quite a relief to obtain the CISSP, eh?
It really was.. I'm just happy I don't have to sit through that gruesome exam again.. If they had maybe 150 questions then I would rate the exam in the high intermediate difficulty.. however since there is 250 questions in the exam it came down to be an endurance exam.. and staying focus is really key. -
Johnjaplin Member Posts: 7 ■□□□□□□□□□Thank you everyone!
Officially CISSP
4/22/2017 - Passed exam
4/22/2017 - Email received
4/22/2017 - Endorsement Sent
5/14/2017 - Received email about the process still on-going
5/15/2017 - Received official congrats email -
h1ck5r Member Posts: 37 ■■□□□□□□□□What do you mean by (9/10)2017 Goals: CISSP(✔)
2018 Goals: Security+(✔),Find a girlfriend(?)
2019 Goals: Find a girlfriend(?)
2020 Goals: Find a girlfriend(?) -
Johnjaplin Member Posts: 7 ■□□□□□□□□□What do you mean by (9/10)
the 9/10 means I rated the book or study material a 9 out of 10 (90%) -
Deadly-Dosage Member Posts: 49 ■■□□□□□□□□Nice work and it paid off! Good point on the process of elimination!