LOOOONG time lurker here. try 2 years lurker.
I wanted to share my experience with everyone and offer my insights into this beast of an exam. I also wanted to thank everyone here for their invaluable feedback regarding best ways to prepare for this exam. you don't know how much you've helped prepare me for today.
I have been in IT for 10 years. started out as a network admin, moved up into an IT director role, and then into my current role as senior information security analyst. the only cert I had up to this point was the CCNA security and an expired CCNA. For starters, yes, I failed this exam 3 times before passing. first time I got a 637. second time a 692, and third time 696. the 696 was painful. I was discouraged for a few weeks after that fail. this was the original 250 question, 6 hour grind.
Here's where I went wrong. I studied max, 2-3 weeks each time. I simply did not commit the time necessary to learn concepts and really digest everything properly. I was always the type of test taker who who wait until day before and study or weekend before when in college. this approach did not work favorably in to my approach to tackling the CISSP.
first time using only SYBEX, that's it. 2nd and third time was SYBEX with Kelly Handerhahn's videos and taking only the end of chapter quiz's in SYBEX. again, SYBEX was my only resource.
the 4th time around was quite different. I started studying SYBEX 7th edition again, read it twice, did several of the included exams, and then BAM! CAT exam was introduced. I freaked out a bit but figured hey maybe CAT would be easier (spoiler alert: it wasn't). shortly after CAT was put into motion, they updated the content to include IoT, ABAC, audit doc stuff like SSAE16 / SOC1/SOC2/SOC3, and coding security (XSS, XSRF, SQLi, etc). So I had to buy the SYBEX 8th edition. It's amazing btw.
next I bought the LearnZapp Cissp ISC2 app for my IPhone ($9.99). It was instrumental in helping me gauge how well prepared I was or wasn't for each domain. the CISSP practice app by laurie hocking was very helpful too. another resource I used was Luke Ahmed's studynotesandtheory.com. I paid for 2 months membership to get the most of the content offered on his site. I studied for 3 months total using all these resources, primarily. I also watched various youtube videos on kerberos, saml, everything federation, etc.
ok, now on to the good stuff that you guys really want to know. what was the exam like? my exam was scheduled for 5pm. odd I know. I got there 1 hour early and they let me sit for it shortly after I arrived which was nice. With CAT, you cannot go back to review your answers. that was....an adjustment. sometimes I could find answers to later questions using this method in the old exam
first impressions: this is gonna be a tough test.
I got questions on Crypto, Vulnerability and Pentesting, Security Audits, SDLC, BCP/DRP, RBAC/MAC/DAC/ABAC and Incident Response. There were almost always 2 answers I could immediately rule out. I would literally draw 4 circles on my laminated sheet and check off those I knew were incorrect. this helped me out a lot since you can't exactly do that on the computer screen
make it to question 100, then 101. exam does not stop. I start to wonder if I am still on track for passing or what this means.
I proceed to answer each question and the exam stops at 150. it hangs for a while and I go to get my printout. I notice it's only one sheet. I don't get excited just yet and wait until the proctor hands me the sheet. I glance at it and notice "Congratulations!" I absolutely couldn't believe it. I had finally done it.
So how was the exam you might ask? the CAT was harder for me personally. I only felt like maybe 15-30 questions I could answer from SYBEX, and the rest you went with your gut as a manager and I pulled from experience. It was dang hard but if you study SYBEX and get some supplemental testing/quizzing resources you'll nail this thing.
I hope this helps someone out there. until next time, best of luck everyone on your journey to the CISSP!
~ a. greenwood
