Anyone done CISSP after the OSCP ... my possible plans

I've just passed my OSCP and my intention was always to immediately pay for the CISSP exam and start studying. In the past two weeks I've listened to some of the podcasts and had a flick through the book. I didn't want to start properly studying until OSCP was done as I didn't want to be distracted.

Those that have done OSCP, what was the efforts required for the CISSP? (I know this varies person-to-person, but I'm after subjective views).

My plans are:

Potentially to book the exam for 10 or 12 weeks time.
I'd then study around 2 hours per day and about 8 on the weekend. So that's total of about 18 hours per week on average.
I've bought my books (Sybex and Eric Conrad - the short one for referencing).
I will listen to the MP3's from Kelly Handerhan
Will also do tons of online questions

My experience isn't the best for this. No management experience and never been in an Information Security role. When listening to the podcasts and reading the book it wasn't complicated, but it was confusing as I found the content a mix between very very abstract, some very obvious, and some useful. I guess I will learn more as I go through the book and it will mean more to me.

Anyway, any thoughts on what I've posted here?

Thanks,
Cybercop

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

SteveLavoie

I don't know you, but I think that you don't give you enough time to study. CISSP is a concept exam and it need time to digest. CISSP is not a "fact-based" exam like a Comptia, and many question are based on best practice, experience not on hard fact like a port number.

TeKniques

I took the CISSP before the OSCP and imo they aren't really related other than you are faced with some of the technical vulnerabilities in the OSCP that are discussed in the CISSP. Obviously, you see the impact of poor best practices. One thing to consider is that the CISSP requires a certain information security experience to qualify for the certification; otherwise you can obtain the "Associates" title while gaining the necessary experience. Your study plan seems solid. I thought the Eric Conrad book and the ISC practice tests were good preparation for the exam. There's a lot of material to cover that seems overwhelming and it's a long exam to sit. Once you start going through the domains, you'll know more of what to expect as you have pointed out.

Good luck!

DZA_

Usually the guideline and rule of thumb is that don't book your exam quite yet until your can score 80% and higher in all the domains and fluently understand the concepts. Your study habits are sound to avoid any sort of burn out (which I have personally gone through). The quizzes and exam simulations (BOSON, Transcender, Sybex, 11th hour, CCCure) will put you in the right direction of thinking like a manager but there is no substitute for experience. Best of luck with your studies!

Cheers
DZA_