My CISSP review

CyberCop123

Hey all,

As some may know, I passed my exam a couple of days ago, on 6th December.  I've documented the whole process in a blog - https://community.infosecinstitute.com/discussion/130887/cybercops-cissp-blog-passed/ - feel free to read through that to hear about my pain, suffering and confusion.  

Short version of this stupidly long post:

• Use resources listed below
• Use Boson questions as a learning resource, not as a guide on how ready you may be or what your scores are - that I think is not a good guide
• Remember you're job in the exam is to report risk, lower threats, identify issues... it is not to fix anything or DO anything
• Book your exam now!  Get it in the diary, have a date to work towards or else you'll just drift on for months and months or even years
• Don't just read the questions, analyse them.  Leo Dregier says that this is an English test which is true to extent.  Understand each word in the question, what exactly is it asking you.
• Analyse the answers too, go through each and compare them to the question asked
• Thanks to everyone - I truly appreciate your support

My Resources

Short answer:

• Sybex Cissp book - 9/10 - very good
• Conrad  book (the bigger one) - 7/10 - good for a second resource
• Conrad 11th Hour - 7/10
• Sybex Question book - 6/10
• Boson Questions - 10/10
• Kelly Handerhan MP3s - 10/10 - I listened to these for months, and in some of them I was finishing off her sentences as I'd listened to them about 3 times over.

Longer answer:

As pictured... if anyone is new to this, then I would focus primarily on the Sybex CISSP book - link HERE - that is a fantastic book as it's not stupidly big, it's very readable and not boring.  My only negative about the book is that the chapters are not domain specific.  E.g. you will find Chapter 14 may cover Domains 4, 6 and 7.  That's really annoying if you're just trying to focus on one weak Domain.  Say you're really bad on Domain 4, you can't just open a chapter and read it.  

After one read through of the Sybex book, I moved on to the Conrad book (the light blue one in the picture).  That is about 500 pages and a very good book.  Quite light weight.  It does not go deep at all so I wouldn't recommend ONLY using this book.  I would recommend it as a secondary resource.  It's particularly nice to start a new book rather than going over the same book twice in my view.  You get a different tone, different explanations.  For example, the Boson book does a FAR better job of explaining BCP and also Data Owner/Custodian.  

I also used the 11th Hour book.  That was also nice as it's 4-5 line explanations on all the topics basically.  I read that on the last week, and I happily skipped a few pages here and there where I was comfortable with the topic area.

Finally, the Practice tests book - that was OK.  I wasn't the biggest fan of the Sybex questions.  They are nothing at all similar to the exam, however that isn't really an issue.  They're more for testing you've learnt the chapter contents properly. I wouldn't say that is essential.  

Boson questions were brilliant.  I made a thread here moaning that I was getting poor scores.  My highest score was 67%.  However, about a week before the exam I realised it doesn't matter what my scores are, the best approach for this is to just read question, answer it, click "Check answer" and then spend time reading what the answer was and why.  Then move on.  So it's not about scores, or about how well you do, it's a tool to learn from.  

Book your exam NOW

Seriously, if you've decided you're studying, and you've bought your books, just stop for a second and book your exam.  If you don't then months will drag on and you'll realise you've been studying on and off for a year and are still telling people "I'm going to do the exam soon".  

I studied January->April.  Then I stopped for about 5 months for personal reasons.  Then studied October->December.  When I started studying again in October I booked the exam that first week.  Initially I booked it for 20th December but moved it forward, either way, I was able to count down each week and some of my blog it says things like "42 days to go", so I had a deadline, an endpoint, I spent £700 ($891) roughly on the exam so I had a really good incentive to work hard at it.  

..... to be continued in next post due to post being too long 

CyberCop123

... continued...

Other Tips

Kelly Handerhan has this good video - https://www.youtube.com/watch?v=-99b1YUFx0A&t=352s  - titled "Why you will pass the CISSP.  She covers some really good points, notably:

• You're not answering as a technical person, you are there to point out risk and to safeguard the company. Any question that has options such as "Fix ABC", or "Change ABC" is probably wrong.  The answer is more likely to be "Notify the change management board of the issue" or something like that
• Any question where human safety is an option is 99% the right answer

READ THE QUESTION - It took me months to realise what this meant which sounds stupid... I would phrase this more as analyse the question.  Read it carefully, things like "what measure is best at preventing..." - keywords BEST and PREVENTING.  So if there are options like "put up a sign saying theres a guard dog" - that is wrong, as that is not a preventative measure, that's a deterrent.  Also analyse the answers.  On the exam itself, I spent 2-3 minutes on some questions studying the answers and really walking through each one in my head.  I swear I passed not because I was really clever, but more because I somehow picked apart the questions and answers.  

 

The Exam

I was incredibly nervous for the days leading up to it.  I booked 4 days off work intending to lock myself away to study hours each day.  In reality I probably did 5-6 hours studying over those days, I just couldn't concentrate, I felt like I couldn't do anymore, I wasn't in the mood, I was just wanting to do the exam to try it.  

The exam day was terrifying.  It was booked for 1530 and I ended up there at 1400 as I got an earlier train.  Luckily the test centre allowed me to take the exam right away.  

All possessions into a locker, ID checked.  They did not take finger prints or palm prints which I had read they do, that was quite odd.

The questions on the exam were very difficult in my view. Out of the 100 questions I did, they broke down as follows:

• About 8 questions I knew the answer, and was 100% sure I was right
• 50 questions where I was sure it was between two different answers but I wasn't sure which one
• 15 questions where I was completely stumped and all four answers seemed right

At question 75 I had a break of about 10 minutes, probably a bit less.  I was getting tired, especially as I didn't sleep too well, was very nervous and was concentrating so hard.

At question 100 the screen paused as I pressed next, and it said "Test over" or something like that.  Got my print out, and thankfully it said I'd passed.  Yay!

What Next?

Well I have two SANS courses coming up:

1. FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response - GNFA which is in January
2. FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - GREM - which is in March
   

So I will prepare for those and hopefully pass the exams.

Other than that, I'm not sure.  I may do the MCSA next.  I will probably have a break from home studying for a while as I feel quite burned out now, and also have let my fitness/weight get out of control as I've just been working mostly and not doing any exercise.

Thank You

A massive thank you to the members of this forum who put up with my moaning of the Boson questions, of my updates in the blog, and for wishing me luck before my exam as well as congratulating me afterwards.

I said on my blog thread that it meant a lot to me.  It's very nice to think that people who don't know me, and just see a username have an interest in how I got on.  

Thanks again
cybercop123