CyberCop's CISSP blog - PASSED

Hi everyone,

I've come over to this side of the forum after passing the OSCP - blog here: http://www.techexams.net/forums/security-certifications/129407-cybercops-oscp-blog.html

I'm very humbled and excited to have passed this as it was something that months ago I couldn't even imagine achieving it. Now I'm onto my next challenge and it's the CISSP.

I'm from a more technical background and so the main challenge I think for me is the management side of things, and the business type stuff in the CISSP.

My Resources

I have bought the Sybex CISSP Book - 7th edition and also the question book too
Also Eric Conrad's 11th Hour - the small one

It's very likely I will buy the bigger book by Eric Conrad after I finish the Sybex one. I'm hoping by that stage to have a 50-60% knowledge of the CISSP material, and can top it all up by reading the Conrad book and doing questions.

I have signed up for BOSON questions too and will also listen to Kelly Handerhan's MP3s in the car.

My Plan

I hope to be exam ready by 15th April 2018. That is currently 83 days away from today. The reason I chose this day was that it was around 3 months from the first day I started my studies.

I plan to put a lot of work in:

Monday-Friday: around 10 hours
Saturday-Sunday: around 10 hours
TOTAL per week: approximately 20 hours

I've not booked the exam yet but was very tempted. However I wanted to start studying first to see how I get on. I'm half thinking I may even be exam-ready before April but want to give myself some breathing space.

My Learning Strategy

I'm not too sure on how best to approach this to be honest. I think I will read and highlight bits from each chapter of Sybex. I will then write this up onto posters with diagrams and key words/points to remember.

I will probably take notes along the way too.

As stated I plan two read throughs - one on Sybex and one with Eric Conrad. I will also do lots of questions too, to try to identify knowledge gaps and try to get myself into the right management mindset.

Thankfully I have no children and a good job that means I can finish work at 3pm and can get home to study early. Also I can easily take days off from work so plan to take either a full day or half day off every 7-10 days roughly, just to fit in a full day of work.

I'm planning on moving house at some point, so will potentially be trying to sell/buy somewhere. This will probably cause some distractions but I hope to finish the CISSP before I actually move so hopefully it won't be too big an issue.

...

Will post next on my progress so far.

Thanks for reading!

Find more posts tagged with

Comments

mattster79

Looking forward to hearing about your progress. Looks like you’ve got a nice detailed plan.

I know you probably will, but get your exam booked as soon as possible. It really helped me focus and stick to my study schedule.

CyberCop123

UPDATE #1

Domain: 1
Chapter: 4
Current Page Number: 131
Confidence Level: 15%

I've made a good start over the last couple of weeks. Some parts of CISSP are incredible frustrating, mainly the NON STOP overload of Acronyms. It's like every single phrase has an acronym. It's pretty exhausting! I've also found it challenging where it lists 5 things to remember... then it says, Number 2 on that list has 3 parts..... then it says, you should remember that A/B/C etc.. so it's basically a massive list of different things to remember.

I found Sybex a bit confusing with regards to way the BCP was written up after the Quantitive Risk Assessment and the other bits. It almost sounded a different process until I started reading on and discovered it was just a part of the same kind of thing, just a wider description. I'm keen to read about this in another book to make sure I understand properly.

I'm no onto Chapter 3 which is still Domain 1. This is all about law. As someone from the UK it's quite alien some of it. It's also quite difficult to follow as it's Law 1 1986 was made up... it was amended in 1987, then this law was also made... and then two other laws were made... etc.. so it's a lot to try to remember and take in.

It's going ok though, my biggest improvements are in gaining the right mindset, I am starting to visualise a bit now on the way CISSP and the related areas can fit into a business, especially around Risk assessment/BCP.

This weeks aims: Get to page 200

CyberCop123

UPDATE #2

Chapter: 6
Current Page Number: 191
Confidence Level: 24.3%

It's been a good week and I've put a fair amount of work in. I went back to the beginning of the Sybex book and write out all the bits I've highlighted into a notebook which I should have done from day one. It wasn't too bad and I learned form re-reading the highlighted areas. I also skipped some chunks of it which were either obvious, unimportant (in my view) or that I knew 100% already and it was pointless noting it down.

I'm now up to Chapter 6 which is page 191.

One thing about the Sybex book I've found is that the descriptions of System Owner, Data Owner, Data Custodian, etc... are really poor. It just seems to go on to a needless extent and is also very confusing. When I wrote down the notes, I actually referred to the larger Conrad book which is 10x more clearer on the description.

I've realised that the law section may not be worth learning page-by-page. That was thanks to info online and also on this forum. I've picked out that certain laws and things continually come up and are obviously important, notably SOX, Safe Harbor/EU Data Protection Directive.... HIPPA, GLBA etc... So I'm learning those ones 100% and moving on.

I'm now about to start the Cryptography sections. I don't know it all, but it is more technical than all the BCP stuff I've covered so I hope to really sweep through that section and be more efficient with it.

I've started using my Sybex Question book and that's really good and very helpful. I was getting 50% write but it's gone and up. Some of the things I was getting wrong I didn't know, but also some because I just didn't understand the question properly. The questions (and maybe the exam) seems to be a crazy game with your brain. It's frustrating as I just prefer to see an answer that 100% is the right one... not where the answer is right because of the way the question is phrased, asked or the tone of it. Maybe it's an exam of interpretation which makes sense as everyone says it's about technique.

I'm doing about 30-40 questions per day. Any I get wrong I'm reading briefly, and making up a hand written queue card.

My plan is to try to finish the Sybex in the next 7 weeks, and I've made a study plan, part of which is shown below:

Hopefully, if I finish the Sybex book as scheduled, I will have 4 extra weeks to go through the whole of the larger Conrad book and do more questions.

Days until Proposed Exam Day: 76

cissp.jpg

ITSec14

I didn't use any of the paid practice exams. Just used the one's in the back of the chapters in the Sybex book and the one's you get access to on their site. Honestly, they didn't really help me much though. I stuck to doing flash cards and white boarding to reinforce the concepts.

CyberCop123

ITSec14 wrote: »

I didn't use any of the paid practice exams. Just used the one's in the back of the chapters in the Sybex book and the one's you get access to on their site. Honestly, they didn't really help me much though. I stuck to doing flash cards and white boarding to reinforce the concepts.

Thanks for the advice.

I'm also using flash cards, and also writing out some things on posters. That's on top of notes and videos.

CyberCop123

UPDATE #3 - END OF WEEK 2

Chapter: 8
Current Page Number: 267
Confidence Level: 31.7%

Stuck to my study schedule and covered Chapter 5, 6 and 7 this week from the Sybex book. This covered:

Labelling Assets - this was quite easy
Cryptography
Hashing
Digital Signatures
etc....

It was harder than I thought as there was many new terms, and also although I knew most of the things as a concept, I didn't understand their inner workings. Kelly Handerhan's videos are very helpful and this chapter I used them a lot.

Cryptography is a massive area, I can see why some say have kept in it's own dedicated Domain.

I'm making lots of cue cards but not using them too much yet, I probably will in a few weeks as I start to forget some of the earlier stuff - happening already to some extent. I'm doing questions most days and making sure I cover earlier chapters so that I keep re-enforcing the content.

I'm continually getting questions about Data Custodian, System Owner, Users, etc... wrong. The Sybex book did a terrible job of explaining this I feel. I've said that before, but seriously, it's massively confusing and stupidly unclear.

Plans for this week

Chapter 8

> 39 pages
Chapter 9

> 67 Pages
= 106 pages

I have Thursday off work to study, and also the entirety of next weekend.

Days until Proposed Exam Day: 68

wayne_wonder

You've really motored well done mate always good to see a fellow UK native on the same course as myself! but where do you even find the time lol are you F/T or have kids ? I try in fit mine in and around my lunch and a few hours when everyone is asleep im only on chapter 3 and they are dull as hell so so dry

SteveLavoie

wayne_wonder wrote: »

You've really motored well done mate always good to see a fellow UK native on the same course as myself! but where do you even find the time lol are you F/T or have kids ? I try in fit mine in and around my lunch and a few hours when everyone is asleep im only on chapter 3 and they are dull as hell so so dry

Time is always a hard resource to manage... I can easily manage to study for CISSP or other certifications (I did 4 last year), with a 55h hour work week, 1 SO and 1 child (10 y old). It is a matter of choice. I don't have much hobby, friends , and I don't watch a lot of TV, so I can find about 8-10 hours a week without my making my SO angry

And when I am on the last weeks before an exam, I can do 20 hours a week.

Time is always based on choice.

CyberCop123

wayne_wonder wrote: »

You've really motored well done mate always good to see a fellow UK native on the same course as myself! but where do you even find the time lol are you F/T or have kids ? I try in fit mine in and around my lunch and a few hours when everyone is asleep im only on chapter 3 and they are dull as hell so so dry

Haha, thank you! I don't have kids, just a partner. We are in the process of trying to sell our home but that's not having much impact. I'm keen to try to finish all of this before we actually do have to start moving, then studying will have to be put to one side.

I finish work at about 330 which is good - and I can get home and study for about 430. I also try to take half a day off per week for studying, or sometimes a full day off, although that can be less productive as I feel more burned out doing that.

I do think less is more... as in it's better to do 90 minutes per day, rather than 6 hours twice a week.

Also I can sneakily do a bit of reading from a PDF version of Sybex I have in work. Then people think I'm just reading a work document... but actually I am studying a bit

SteveLavoie wrote: »

Time is always a hard resource to manage... I can easily manage to study for CISSP or other certifications (I did 4 last year), with a 55h hour work week, 1 SO and 1 child (10 y old). It is a matter of choice. I don't have much hobby, friends , and I don't watch a lot of TV, so I can find about 8-10 hours a week without my making my SO angry And when I am on the last weeks before an exam, I can do 20 hours a week.

Time is always based on choice.

Yea it is hard. My social life has taken a bit of a backseat. I cancelled the Sports channels on my TV and that's meant that I'm now unable to spend all day just watching sport and not doing anything productive.

My partner works evenings sometimes, so that's good for studying as I can just sit at the desk and read for a few hours.

CyberCop123

UPDATE #4 - END OF WEEK 4

Chapter: 10
Current Page Number: 390
Confidence Level: 36.8%

Well, been a difficult couple of weeks and for the first time I fell behind. That was due to some sleep issues I was having, but also because Chapters 8+9 were just so long and mind numbingly boring. As a result, I spent two weeks covering 8+9 rather than just one week. I was also getting quite distracted by some other personal projects i've got going on. I've had to really stay disciplined and force myself to get back to studying. Once I do this, I'm fine and I can carry on without too many issues.

So Chapter 8+9 were about securing assets such as Mobile Phones, looking at the rings of security, BYOD policy, multiprocessors/multithreading, etc.... a lot of very random subjects I felt. Quite hard to read as there was a lot of different content, every two pages it seemed to jump to another category.

Plans for this week

Chapter 10

> 36 pages
Chapter 11

> 70 Pages
= 106 pages

I have today off work so hoping to try to read through about 50+ pages and highlight important bits. I will re-read the highlighted bits later in the week when I write out all the key bits into a notebook. I will also do questions on top to try to cover all topics covered so far especially ones in the coming week.

Days until Proposed Exam Day: 55 days

Falcon56

Chapter 9 is brutal.....It took me so long I was pretty sure I had a birthday and missed it.....LOL

I think you are doing well.....setbacks and such are to be expected. A lot of info coming up in the Communications and Network Security sections so be ready.....not a bad section, just a lot to take on.

Keep up the good work and stay with your plan!

CyberCop123

Falcon56 wrote: »

Chapter 9 is brutal.....It took me so long I was pretty sure I had a birthday and missed it.....LOL

I think you are doing well.....setbacks and such are to be expected. A lot of info coming up in the Communications and Network Security sections so be ready.....not a bad section, just a lot to take on.

Keep up the good work and stay with your plan!

Thank you!

I started Chapter 11 last night - all about the OSI model, network hardware and devices. I know a lot of this, so it's familiar, but still some things i had forgotten. I should be ok with the majority of it.... although I thought that on Cryptography and then was blown away by numbers and other ciphers I hadn't even heard of!

I did 50 questions last night over 3 different domains. No real structure, just testing myself as I go along to help re-enforce certain topics and knowledge areas.

I'm hopefully still on track to finish the book in about 4 weeks time. Will then do the exact same process with the Conrad book. Then do videos, hundreds of test questions and tidying up of some of the weaker areas. Then exam!

K-9

If you aren't familiar with cryptography, it can be difficult to learn. I have no idea how the newer CISSP handles cryptography questions.

Cryptography is like subnetting and OSI model and TCP headers. Once you learn it, it seems that every relevant certification exam will ask something related to what you learned. Focus on it and learn and drill. It is important to truly understand what is going on. The time you spend will pay off for years to come.

Falcon56

You doing OK CyberCop123? I ran into three small projects, at work, and have made very little progress myself. In heavy review with Boson and the Official Study Guide practice exams right now. How did chapters 11-12 go?

PersianImmortal

I'm actually in a similar position. Have my exam scheduled for Mar 26th... I've been studying off and on since last September, but life and work seems to get in the way. That and I'm also writing my dissertation... I wanted to take the CISSP before the end of 2017, but so many things got in the way. I got tired of procrastinating so I finally just broke down and scheduled for the 26th...

I've found the Sybex book to be by far the most informative, but it's also too much information... Every time I start reading a chapter I almost get bored half way through because it contains just so much fluff information that you don't really need to get the concept..

I also have the 11th hour book which is far more manageable that then Sybex text, but it seems a bit watered down. I wish there was a text that was in-between the Sybex and the 11th hour. I sat for and passed the CASP last year so a lot of what I've been studying for the CISSP seems like review, which may be why I find the endless Sybex text a bit boring. As far as I understand it the CISSP is non-technical, while the CASP did challenge my technical knowledge, so I guess I'm just taking this exam slightly less serious due to the non-technical nature - Which is why I'm a bit worried because I know this exam isn't going to be easy....

I guess I just need to crack down and study hard before the finish line...

Wondering if anyone has also sort of experienced the false sense of security (no-pun intended) when prepping for this exam? (i.e. "I know this concept already, don't need to review it".)

Falcon56

PersianImmortal, I'm right there with you. Keep getting hit with 'life' and it is becoming tough to set aside study time each day. However, no matter what my tiny trials and tribulations are, I'm not working on a dissertation as well.

As for the material [and this is just a suggestion], I think you need Conrad's 3rd edition CISSP Study Guide. I know you only have about 3 weeks....if you can read that and then review with the 11th hour, you should be in good shape. Even though you think you have some concepts down, I'd still review the end-of-chapter summaries in the Sybex 7th edition and go over any weak areas again. Please keep in mind, I have NOT passed the exam so someone else may provide some better insight. And I'm sorry, I love IT and have learned a LOT studying for this exam....that 9th chapter, in the Sybex book, even got my mind wandering elsewhere....it seemed like it took me days to read that thing.

I wish you the best of luck on your dissertation and the exam. Quite impressive!

PersianImmortal

Hi Falcon,

Thanks for the advice, I really appreciate it. I'll look into giving Conrad's 3rd edition book a quick read. Yeah I'm actually going back through the 11th hour book one more time right now. I was thinking of going through my notes for the Sybex book (nearly 100 pages), but going over the chapter summaries is a good strategy too. The Cybrary videos are also pretty amazing too, I plan to go over those in the week before the exam just as a nice final recap.

And I totally agree on the Sybex book! Chapter 9 was rough. I actually found Chapters 4 and 8 to be the most dull, I found myself snoozing during those readthroughs.

Thanks again, and good luck to you too on your attempt!

P.S. Writing a dissertation isn't really difficult, its just time consuming.. I can say with certainty that it's probably one of the few things in life that has no shortcuts. It's just a long, drawn out process...

SteveLavoie

Conrad's book was definitely for me a winner. I have studied on and off for many month with Sybex, but as soon as I took Conrad's book, it was the thing missing for me.

ITSec14

Just a little advice for those who are attempting this exam soon or in the future...

During your studies, if you find yourself getting into the weeds. STOP. This is not a highly technical exam. Just know the concepts and be able to apply them to a given scenario. Think high level and how a manager/adviser would approach the situation.

Think policy, controls and processes. Not specific technology (very hard for most of us). Kelly H's videos on Cybrary really helped me get in the right mindset before I took the exam.

Rinzler

Thanks for this reminder, ITSec14.

Just finished Chapter 8. Onto Chapter 9.

I need to continue this path. As my peers would remind me, CISSP = Gold Standard Certification in Information Security field.

csjohnng

Using the Sybex book and taking a week intensive study with no other material.

Just finish the exam this morning and got pass in the first attempt.
the Book should cover 80-90% if you understand the content correctly, rest I guess is experience and common sense.

Good luck.

Falcon56

Apologies to CyberCop123....didn't mean to take your thread and turn it into the TechExams CISSP water cooler.

Appreciate the heads up, SteveLavoie. I am deep into Conrad and Boson exams right now. I still remember one of your early-November posts about being over confident for the exam. I test Monday and can promise you I'm not having that problem. In fact, I read a post on another site where someone stated "when you start missing practice questions, you're ready for the exam." If that is the case, I'm going to ace this thing

Some great insight the last few posts on here. Thanks to everyone who took the time to add to this thread. For someone who is finally getting ready to sit for this thing, it is much appreciated!

SteveLavoie

Good Luck Falcon56.. keep us informed

CyberCop123

UPDATE #5

Chapter: 13
Current Page Number: 670
Confidence Level: 41.320333%

My first post here for weeks. CISSP was put on the backseat for about 3 weeks as I was applying for a job and had two telephone interviews and a face-to-face interview so it was a lot of preperation and time spent on that. I didn't get the job though so that was a bit gutting.

I then struggled with motivation to get back into it, but I am back now. Some chapters in the book are a real real slog. Like chapter 11 and 12 which is all about TCP/IP, protocols, networking - things that I am very familiar with but still a lot to learn and things I didn't know.

I have no idea when I will be exam ready. My aim is simply to finish this book and then maybe do the Conrad one or just start doing tons of test questions.

I'm concerned about how much of the earlier chapters I remember. I guess I won't know how much I've retained until I do more test questions and the weak areas start to show up.

Plans for the coming week

Chapter 13 -> 34 Pages
Chapter 14 -> 32 Pages
Total = 66 pages

Days until Proposed Exam Day: no idea... will have to pick a new date to aim for. Probably in June now.

Falcon56

Welcome back CyberCop123. First and foremost, very sorry to hear about the potential new job not working out. To have that happen and then go back to the networking chapters is almost double punishment. Then to have networking protocols and things you aren't familiar with, staring you in the face, is another "stick in the eye."

Coming from someone who put the test off numerous times, I totally get it. Keep powering thru the book and note your weak areas. After that, start taking both sets of practice exams [the actual book end of chapter tests & practice exams along with the Official Practice Tests exams too]. After reading the book and going thru those tests, you *should* be more than prepared.

Sounds like you are bit off your game at the moment. Get back to your routine and stay the course. You've got this!!! Once you get past the networking chapters, it is not bad. Heck, the Security Operations chapters are mostly subjects you've already seen. You'll get slowed down a bit by the software development security stuff but most of us do/did. You've got about 400 pages to go so you are getting there. Best of luck and keep us updated!

K-9

Rejection during the job search is the worst part of getting a new job. Remember that it won't go on forever and that we all go through it. Don't let it tear you down. I know it is easy for me to say that. The blow to your gut is something I have felt and there is nothing I can say. I implore you to keep applying and keep studying.

I cannot tell you how many times I read and re-read the same books for those tough exams. The second or third time through the books/videos are when it all starts to make sense. Personally, I took some lower-tier cert exams to make sure I understood parts of the whole CISSP BOK. It helped me to get those small wins. Do what works for you and think outside the box.

CyberCop123

UPDATE

Well, after my good start earlier in the year, I gradually stopped studying and then numerous personal issues came up and I stopped entirely.

I was studying from the Sybex book, and read about 80% of it.
I've left that now, and have gone to the Eric Conrad book, the larger one which is about 500 pages
I have also booked my exam for 20th December!!!!! Crazy... but I felt I had to force myself to have a date to work to or else I will just coast or drift along

At present I am listening to the Cybrary MP3s - about 90 minutes per day during my commute.

I'm a bit torn about whether I should stop reading as thoroughly in some of the areas I know quite well. For example, networking. I know about 70% of the subject, but I feel like maybe I am going over this material too slowly or in too much detail.

Perhaps I should look more at the stuff like risk, threats and software lifecycles where I am very weak.

I'm going to take about 5-6 days holiday during the next 2 months to study and will also be doing the Boson questions and Sybex questions more and more as I approach exam time.

CONFIDENCE RATING: 39.4%
DAYS TILL EXAM: 71

FSF150

Conrad book is a good choice (at least it was for me). Will be watching this thread and look forward to hearing of your success.

CyberCop123

FSF150 wrote: »

Conrad book is a good choice (at least it was for me). Will be watching this thread and look forward to hearing of your success.

Thanks FSF150... I like the fact it is more condensed and to the point, particularly as I have a good awareness of the material and I'm now just fine tuning and learning some of the core aspects in more detail.

shochan

Maybe this will give you some motivation - https://www.youtube.com/watch?v=whEWE6WC1Ew