Book choices based on my experience?
Hi,
I know there's been threads where people have passed and described the books they were reading, but that doesn't really tell me much about the books themselves. I was reading another thread where someone recommended specific books, so I thought I'd ask for book recommendations base on my experience.
I currently only have around 4-4.5 years of experience in infosec. I feel like I'm kind of lucky to have been working on a small team which meant I got to touch most domains a bit and not get cornered into specialization, although that also means I'm not very deep into most of them. I've been mostly working in kind of management capacity (though not a manager), working with other sys admins in IT and asking them to do the security remediation, configuration, audits, and whatnot, mixed in with some technical stuff like security testing, vulnerability scanning (debatable how technical this is besides configuring it to not crash the network), also some sys admin work.
I read some threads and these seems to be the consensus on books to read:
Main book:
AIO
Eric Conrad CISSP 3E
Sybex
Right before exam:
11th Hour
Practice test:
It seems most main books come with practice tests, and then there are free ones that I can find pretty easily as well and wouldn't need to purchase extras?
I'd like to ideally get one or two main books (and not read 3-4 of them), and definitely the 11th hour. Someone mentioned that for the less experienced person should get the AIO? Do you guys agree with that? If so I feel like I should maybe get that book, but then would you recommend Sybex or Eric Conrad?
Thank you!
I know there's been threads where people have passed and described the books they were reading, but that doesn't really tell me much about the books themselves. I was reading another thread where someone recommended specific books, so I thought I'd ask for book recommendations base on my experience.
I currently only have around 4-4.5 years of experience in infosec. I feel like I'm kind of lucky to have been working on a small team which meant I got to touch most domains a bit and not get cornered into specialization, although that also means I'm not very deep into most of them. I've been mostly working in kind of management capacity (though not a manager), working with other sys admins in IT and asking them to do the security remediation, configuration, audits, and whatnot, mixed in with some technical stuff like security testing, vulnerability scanning (debatable how technical this is besides configuring it to not crash the network), also some sys admin work.
I read some threads and these seems to be the consensus on books to read:
Main book:
AIO
Eric Conrad CISSP 3E
Sybex
Right before exam:
11th Hour
Practice test:
It seems most main books come with practice tests, and then there are free ones that I can find pretty easily as well and wouldn't need to purchase extras?
I'd like to ideally get one or two main books (and not read 3-4 of them), and definitely the 11th hour. Someone mentioned that for the less experienced person should get the AIO? Do you guys agree with that? If so I feel like I should maybe get that book, but then would you recommend Sybex or Eric Conrad?
Thank you!
Comments
-
CryptoQue Member Posts: 204 ■■■□□□□□□□I don't think there's a wrong choice of the 3 books you posted when preparing for the CISSP exam. It depends on how you interpret and retain the content. I personally used the Sybex Exam guide and 11th Hour as my primary resources before sitting for the exam. I can say that the Sybex book touched on everything that I needed to be confident for the exam. The 11th hour was helpful during my last week of preparation as a refresher. The Sybex online testing engine that comes with the book was helpful because it was over 1200 exam practice questions, 500+ flash cards, and 500+ chapter tests. Your experience may help when breaking down exam questions because you haven't been the engineer/implementer but more so the facilitator. That was a hard adjustment for me as an engineer because sometimes ISC will give you the engineer answer (i.e. patch the vulnerability immediately) and the management answer (i.e. create a change control). Most of the questions, you have to think as if you're a manager. I came to this platform to do the same as you when I first started studying in March. Hope this information helps. Good luck!