CISSP Passed 12/11 & SSCP Passed 12/14

I provisionally passed the CISSP certification on December 11/2017. I’ve been studying since August 7th 2017, so roughly 4 months of study-time. On average, I studied about 2 hours after work each day and longer on the weekends. I’d take some days off here and there because my brain tends to get overwhelmed with the vast amount of material. I believe my success came from creating my own flashcards (over 700) and being able to explain the concept or definition to myself or others. Originally, I was scheduled to take the test in January but I was so sick of studying the material I just decided to say screw it and scheduled my exam for the following day. Sunday night I checked the Pearson website and saw the test center had an opening slot the following Monday morning. I paid the $50 rescheduling fee and booked it.

My exam itself was scheduled for 8am. I arrived at the testing center lobby at 655am and waited for the test proctors to arrive. After signing in and taking my palm scan, the proctor took me to the testing area and I sat down and began the test. I plowed through all 250 questions in 3 hours with no breaks. Out of the 250, I flagged 17 for review, even though it felt like I marked more than that! At this point, I took a 10 minute break (ate a snack, went to the restroom, etc) and came back and answered the 17 flagged questions and submitted my test. I felt very confident and didn’t review any other questions, so I submitted the exam. When I walked up to the front desk to get my results the printer spit out two sheets of paper. I always heard if you get two sheets then you failed, the proctor kept one sheet and gave me the other. When I opened it I saw “Congratulations”. Such a huge relief!

I’ve read all the horror stories of CISSP and that you need thirty years of security experience, read the Shon Harris AIO eight times, get 80% on all practice questions, and take two bootcamps. I was fooled into thinking this is what you needed to pass the exam, but I can tell you it’s not. I have 3.5 years of experience in the IT Security field (system administration & Risk Management). I’ll be an Associate of ISC2 until I hit the 4 year mark in June (I have security+ and CASP, so that will substitute for a year of experience). It sucks to see so many people invoke fear in others about the cert. I bought into it, but it was actually easier than I anticipated. The questions are straight forward and do NOT try to trick you. I would say I got a nice blend of questions throughout all domains (more so Risk Management, Networking, BCP/DR and SDLC) and they were similar to the Official ISC2 Practice questions, but less technical. The CISSP exam is a nice mix of common sense and knowing concepts at a high-level.

Here are the resources I used:
Books:
Sybex ISC2 Official Study Guide 7th edition (primary resource, and ONLY book you need)
Eric Conrad CISSP Study Guide 3rd edition (for reference)
Shon Harris AIO 7th edition (for reference)

Practice Questions:
Official ISC2 Practice Questions (10/10)
Shon Harris Total Tester (10/10)
Boson (8/10)
Exam Cram (7/10)
Eric Conrad (7/10)
CCcure (5/10)
Shon Harris McGraw Hill (3/10) SKIP THESE!

As far as what practice tests are closest to the exam, everyone is going to tell you something different. Almost everyone says you will never see practice questions close to the real exam. Not true at all. I believe people say this just because the format of the exam is different with each test engine you take (Sybex, Total Tester, Boson, etc.) I did around 4000 unique practice questions, which I felt was sufficient. And for the love of god.skip the Shon Harris McGraw Hill questions. These questions made me want to curl up in the fetal position and cry! The test is nowhere near as hard as those questions so do yourself a favor and don't put yourself through that! Lastly, only do a set of practice questions once, if you do the same questions over again then you're only giving yourself a false sense confidence by seeing your score rise. Honestly, I believe the only way people say they are scoring 80% across all test engines is because they are taking the same questions several times. I would encourage you to get a Safari Books account, lots of good resources on there (tests, books videos). If you're going to complain about buying different practice questions, then you're obviously not serious about the CISSP. Does it suck to buy questions or a monthly subscription, sure. However, is the ROI worth it? Absolutely! And in the end, it's cheaper than a $4000 bootcamp.

Below you will see the tests I took, the date I took them, and my score on the FIRST ATTEMPT at taking these questions. Hopefully this will give you all a sense of relief. Unfortunately, I didn’t keep track of my Total Tester and CCcure scores.

Official ISC2 Practice Tests
Domain 1 100q Test 89% 8/14/2017
Domain 2 100q Test 82% 8/16/2017
Domain 3 100q Test 84% 9/4/2017
Domain 4 100q Test 77% 10/1/2017
Domain 5 100q Test 73% 10/11/2017
Domain 6 100q Test 71% 10/29/2017
Domain 7 100q Test 85% 12/2/2017
Domain 8 100q Test 78% 12/10/2017
Sybex 7th edition Online Full-Length Tests
Sybex 250q Test #1 76% 9/4/2017
Sybex 250q Test #2 71.60% 9/2/2017
Sybex 250q Test #3 84% 11/5/2017
Sybex 250q Test #4 78% 11/25/2017
Exam Cram Practice Questions (10 Domain)
Domain 1 Risk Management 90% 10/30/2017
Domain 2 Asset Security 71.76% 10/30/2017
Domain 3 Security Engineering 70% 11/13/2017
Domain 4 Communications and Net Sec 66% 11/14/2017
Domain 5 Identification and Authentication 76% 11/22/2017
Domain 6 Security Assessment 72% 11/28/2017
Domain 7 Security Operations 79% 12/2/2017
Domain 8 SDLC 71% 12/10/2017
Domain 9 Cryptography 78% 12/3/2017
Domain 10 BCP/DRP 66% 12/3/2017
Boson Tests
250q Exam A 73% 12/9/2017

Also, just sat SSCP today (December 14th 2017) and passed in about an hour. No prior study of SSCP materials, only CISSP. And before someone asks, why did you take SSCP after you passed CISSP? To answer your question, I will receive credits for school for passing SSCP, which is why I took it. Thanks for reading!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Resonate!

Congratulations on the pass and thank you for the nice, detailed, and positive summary!
Looking forward to seeing your "CISSP certified" in summer.

sameoj

Congrats

SteveLavoie

Congrats!

I’ve read all the horror stories of CISSP and that you need thirty years of security experience, read the Shon Harris AIO eight times, get 80% on all practice questions, and take two bootcamps. I was fooled into thinking this is what you needed to pass the exam, but I can tell you it’s not....... It sucks to see so many people invoke fear in others about the cert. I bought into it, but it was actually easier than I anticipated. The questions are straight forward and do NOT try to trick you. I would say I got a nice blend of questions throughout all domains (more so Risk Management, Networking, BCP/DR and SDLC) and they were similar to the Official ISC2 Practice questions, but less technical. The CISSP exam is a nice mix of common sense and knowing concepts at a high-level.

I agree with you on that one. CISSP is a "hard" exam as the subject is very wide. Now so many people are specialized so they get out of their comfort zone easily so for them it make the exam very hard. I feel the exam is not that hard as my experience is very diversified.

averageguy72

Congrats!

NetworkNewb

Congrats on the pass and thanks for the write up!!

Thats weird they would require you pass the SSCP for more credits when you just passed the CISSP. Weird logic there. Is what it is though!

tedjames

Excellent work, congratulations!

userav

Congrats!

ccnpninja

Congrats!