Yes, you can. A lot of people do. Grab a couple books (Official Guide and 11th Hour seem to be highly recommended). Cybrary.IT videos (good overview). And, I've heard great things about CCCure.org practice questions.
Those seem to be the best and most often recommended resources for self-study and it is what I am using myself, which is going great so far. Read responses here, /r/cissp, and others to find other resources and lots of posts on people self-studying and passing the exam. It's a lot of studying, though!
Personally I don't think classes or bootcamps do much good for CISSP. Studying helps fill any knowledge gaps you might have, but the exam is very judgement-oriented, it's not a test of your ability to memorize a ton of factoids but how you apply that knowledge in realistic scenarios.
Success on this exam relies more heavily on real-world experience than most certifications, so if you have a lot of experience as a security manager or team lead or architect, you're probably more prepared already than you think. Good luck.
Personally I don't think classes or bootcamps do much good for CISSP.
The purpose of a bootcamp is to separate the wheat from the chaff - do you want to spend weeks or months poring through dry texts & documentation, or would you rather have them provide a more focused version that lets you pass the test without spending too much valuable time? This is the purpose of a good boot camp. If they are not focused enough to do that, then they are just wasting everyone's time and taking your money without providing much value.
As with all things YMMV, but my take on a CISSP bootcamp...
Because the CISSP is so broad, covering 8 domains in 5 days doesn't allow good coverage of any domain. Most candidates will have at least a few domains they know well because of their work experience, and a couple they don't work in at all. So the coverage of the domains they know will be a waste of time, and they won't get nearly enough time with the domains they don't know much about. That's my 2 cents FWIW.
self-study is also an essential skill that can be acquired for your future security work. passing CISSP really means nothing as you will eventually forget all pages you read. take your own notes - not only for CISSP - but make your mind think in the way of CISSP (different fields: network, security, application development, HR, physical security, access control, encryption, etc. ). i benefits a lot from this forum and currently working as a security consultant in NZ. sorry my English sucks, but security really pays well and the workload is much less compared to other roles..
If you have good self-discipline to do self study then I would recommend going that route. Sometimes boot camps can be overwhelming for someone trying to learn information for the first time. Boot camps should be used as a refresher versus an all-in-one course to help you pass an exam. I know a few individuals that have taken boot camps and done well on exams without any prior knowledge on the subject prior to the boot camp. However, I think those individuals have photographic memories . The CISSP is about understand the concepts, models, methods, and phases. It's a very broad exam that requires a certain level of knowledge across all 8 domains. Trying to cram that into a 1 week course can be challenging. Good luck!
i self-studied years and years ago for it (back when it was scantron). books ended up being worthless as most of my questions back then were non-technical. passed mostly on my existing experience.
I don't know if this is the right forum to post in, but here goes... I'm looking at changing careers in to Information Security. I know I need CISM, CISA and CISSP qualifications to make the chang easier, but is there a best route to follow, i.e. CISM, CISA then CISSP etc.?
Also, although I'm looking for a stratetic or management role, I dont have an IT background, so will these courses be overwhelming for a newbie? Is ComptiA+, Network+ a better place to start?
Hi whitehorse2017. Welcome to the forum. You would get more responses if you started your own thread under "Forum" and whichever topic you think is more relevant, maybe CISSP?? However, if you don't have any experience in IT that would be a real challenge for anyone. CISSP requires, I believe, 5 years of relevant security IT work. I'm not discouraging you from posting and there are a lot of very helpful people on here so ask and you might get some help on finding a path into IT.
.. can I do the training on my own and then take the exam?
Generally yes, so long as you can obtain study resources from official sources or third parties. GIAC certifications are a little different, since you can't obtain the study material from say Amazon. Your stuck cobbling together study material from several different sources or obtaining the official books from questionable sources.
I don't know if this is the right forum to post in, but here goes... I'm looking at changing careers in to Information Security. I know I need CISM, CISA and CISSP qualifications to make the chang easier, but is there a best route to follow, i.e. CISM, CISA then CISSP etc.?
Also, although I'm looking for a stratetic or management role, I dont have an IT background, so will these courses be overwhelming for a newbie? Is ComptiA+, Network+ a better place to start?
I agree with GeekyChick...you will get more responses from the community if you start your own thread. I think the certification path you choose depends on your career path and background. The CISSP has certain requirements that you must meet in order to qualify. Also, if you're looking to become an auditor then choose the CISA, security management (CISM), or an broad understanding of all aspects of InfoSec (CISSP).
Doing CISSP self study right now. Gonna re-read the Sybex book and then a couple more ebooks that coworkers have. Set a routine and stick to it IF the information is sticking to your brain.
Comments
I've passed a bunch of other certs which I learned entirely on my own so I am sure I'll be able to get CISSP as well...
Those seem to be the best and most often recommended resources for self-study and it is what I am using myself, which is going great so far. Read responses here, /r/cissp, and others to find other resources and lots of posts on people self-studying and passing the exam. It's a lot of studying, though!
Success on this exam relies more heavily on real-world experience than most certifications, so if you have a lot of experience as a security manager or team lead or architect, you're probably more prepared already than you think. Good luck.
Because the CISSP is so broad, covering 8 domains in 5 days doesn't allow good coverage of any domain. Most candidates will have at least a few domains they know well because of their work experience, and a couple they don't work in at all. So the coverage of the domains they know will be a waste of time, and they won't get nearly enough time with the domains they don't know much about. That's my 2 cents FWIW.
So: if I can, you can too
xx+ certs...and I'm not counting anymore
'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP
The only value I can add, is that plenty work experience in infosec will help a lot with passing the CISSP exam.
@Danielm7 - I am cracking up!
That's actually good to know. I'm going to attempt CISSP next after CCNA CyberOps. Maybe I should try to get a good-paying job along the way.
Also, although I'm looking for a stratetic or management role, I dont have an IT background, so will these courses be overwhelming for a newbie? Is ComptiA+, Network+ a better place to start?
Generally yes, so long as you can obtain study resources from official sources or third parties. GIAC certifications are a little different, since you can't obtain the study material from say Amazon. Your stuck cobbling together study material from several different sources or obtaining the official books from questionable sources.
I agree with GeekyChick...you will get more responses from the community if you start your own thread. I think the certification path you choose depends on your career path and background. The CISSP has certain requirements that you must meet in order to qualify. Also, if you're looking to become an auditor then choose the CISA, security management (CISM), or an broad understanding of all aspects of InfoSec (CISSP).
I didn't realize they came out with that new exam. I wonder if they're going to expand it to the CCNP level. Good luck!