Anyone done CISSP after the OSCP ... my possible plans

CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
I've just passed my OSCP and my intention was always to immediately pay for the CISSP exam and start studying. In the past two weeks I've listened to some of the podcasts and had a flick through the book. I didn't want to start properly studying until OSCP was done as I didn't want to be distracted.

Those that have done OSCP, what was the efforts required for the CISSP? (I know this varies person-to-person, but I'm after subjective views).

My plans are:
  • Potentially to book the exam for 10 or 12 weeks time.
  • I'd then study around 2 hours per day and about 8 on the weekend. So that's total of about 18 hours per week on average.
  • I've bought my books (Sybex and Eric Conrad - the short one for referencing).
  • I will listen to the MP3's from Kelly Handerhan
  • Will also do tons of online questions
My experience isn't the best for this. No management experience and never been in an Information Security role. When listening to the podcasts and reading the book it wasn't complicated, but it was confusing as I found the content a mix between very very abstract, some very obvious, and some useful. I guess I will learn more as I go through the book and it will mean more to me.

Anyway, any thoughts on what I've posted here?

My Aims
2017: OSCP -
2018: CISSP -
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
           GIAC GREM - Reverse Engineering of Malware -

2021: CCSP
2022: OSWE (hopefully)


  • SteveLavoieSteveLavoie Member Posts: 1,123 ■■■■■■■■■□
    I don't know you, but I think that you don't give you enough time to study. CISSP is a concept exam and it need time to digest. CISSP is not a "fact-based" exam like a Comptia, and many question are based on best practice, experience not on hard fact like a port number.
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    I took the CISSP before the OSCP and imo they aren't really related other than you are faced with some of the technical vulnerabilities in the OSCP that are discussed in the CISSP. Obviously, you see the impact of poor best practices. One thing to consider is that the CISSP requires a certain information security experience to qualify for the certification; otherwise you can obtain the "Associates" title while gaining the necessary experience. Your study plan seems solid. I thought the Eric Conrad book and the ISC practice tests were good preparation for the exam. There's a lot of material to cover that seems overwhelming and it's a long exam to sit. Once you start going through the domains, you'll know more of what to expect as you have pointed out.

    Good luck!
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    Usually the guideline and rule of thumb is that don't book your exam quite yet until your can score 80% and higher in all the domains and fluently understand the concepts. Your study habits are sound to avoid any sort of burn out (which I have personally gone through). The quizzes and exam simulations (BOSON, Transcender, Sybex, 11th hour, CCCure) will put you in the right direction of thinking like a manager but there is no substitute for experience. Best of luck with your studies!

Sign In or Register to comment.