My CISSP Study Plan - Thoughts or Critiques?

JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
I just passed my Security+ a week ago which I took as a sort of primer to get me ready for studying for the CISSP. Now on to the real deal. I've read many threads here and I've also read the blog here about CISSP. Here is my course of action in prepping for the CISSP, which I'm aggressively pursuing for the exam date in the middle of December this year.

Materials:

CISSP Study Guide - Eric Conrad
CISSP All in One Boxed Set - Shon Harris
CISSP Study Guide 11th Hour - Eric Conrad
CISSP CBT Nuggets
SkillSoft Training Videos and Practice Exams

Plan:

I was originally going to use the CISSP AIO as my primary study but after seeing how huge and unweildly it is and reading a lot of feedback on the Conrad Study Guide, I decided to use it as my primary.

1. Read the Conrad Study Guide.
2. Take the practice exam from the accompanying web site for the Conrad Study Guide.
3. Read the Conrad Study Guide again and use the AIO as a cross reference for each domain to fill in details or add to what I'm reading in the Conrad guide.
4. Take the AIO practice exams that come with the AIO.
5. Watch the CISSP CBT Nuggets.
6. Take a SkillSoft practice exam and take another one of the practice exams from the AIO.
7. If time permits, read the Conrad Study Guide again. If not go to number 8.
8. Read the Conrad 11th Hour Study Guide.
9. Practice Exams, Practice Exams and more Practice Exams (SkillSoft plus other various ones from the reputable places listed elsewhere on these forums).
10. At this point I would expect I should be hitting 90%+ on practice exams. Take the real exam.

This might seem overkill and such a short time to do this but I actually read 1 chapter of the Conrad Study Guide per day. I work from home and work is extremely slow so I have A LOT of time during the day to dedicate to studying. Ive got just under two months from now until the December CISSP exam.

Thoughts or suggestions?
Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up:​ OSCP
Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework

Comments

  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Every certification study plan should begin with what you already know about the exam's objectives. What is your background in the ten CISSP CBK domains?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    JDMurray wrote: »
    Every certification study plan should begin with what you already know about the exam's objectives. What is your background in the ten CISSP CBK domains?

    I've got almost 5 years of total InfoSec experience including the last 3.5 straight. I have experience in the following domains, in order from greatest to least:

    Lots of experience:
    2. Access Control
    1. Information Security Governance and Risk Management
    6. Business Continuity and Disaster Recovery Planning

    A good amount of experience:
    5. Security Architecture and Design
    9. Operations Security
    7. Telecommunications and Network Security
    10. Legal, Regulations, Investigations and Compliance
    4. Physical (Environmental Security)

    No experience:
    3. Cryptography
    8. Application Development Security

    In testing that I've done, Cryptography is pretty weak for me so I will have to dedicate extra time to that domain for sure.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    It's very common for a CISSP candidate to have very little knowledge and experience with crypto and AppSec, so you are in good company. Those were two of my favorite domains, so I'm little nearer to the lip of the Bell curve there.

    The only thing that concerns me about your study plan--besides you having the time to actually digest all of the study materials you've chosen to use--is that you aren't using the actual (ISC)2 study guide for the CISSP CBK. You really should always read the book(s) written by the people who created the cert exam.
  • badrottiebadrottie Member Posts: 116
    I have not read Conrad's book, but it has been rated favourably by other people that are preparing for the exam. The AIO is a lot to digest, but it is also very comprehensive in its coverage of the material. I used the AIO as the primary study guide, and OIG for occasional reference, and that is the path that many others have successfully used. YMMV.

    The quizzes in the AIO are not representative of the questions that you will face on the exam. Forgo them. If I had one suggestion is to use https://www.freepracticetests.org/quiz/index.php . I have not used SkillSoft, but CCCure's questions are the closest to the actual questions found on the exam, and this sentiment is held by many. Pay the money to get full-access to all questions and practice, practice and practice some more.

    Please bear in mind that the CISSP is not an easy exam, and your conceptual understanding of the material will be tested, which is my way of saying that you cannot cram for it. Your study plan at first glance appears to more "cram" than "learn". The more you prepare, the better your understanding of the theory, concepts and technical aspects of information security, the greater your likelihood is of passing.

    Best of luck!
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    JDMurray wrote: »
    The only thing that concerns me about your study plan--besides you having the time to actually digest all of the study materials you've chosen to use--is that you aren't using the actual (ISC)2 study guide for the CISSP CBK. You really should always read the book(s) written by the people who created the cert exam.

    I generally agree however in this case almost every review I've read of the books and reading posts by people who passed, they didn't find the official ISC2 guide necessary. I do however think that if I'd known just how huge and fluff filled the AIO guide was I would have just bought the ISC2 guide instead. If for some reason I don't pass first go round, I will pick up the official ISC2 guide and make sure I go through it thoroughly and completely.

    badrottie wrote: »
    I have not read Conrad's book, but it has been rated favourably by other people that are preparing for the exam. The AIO is a lot to digest, but it is also very comprehensive in its coverage of the material. I used the AIO as the primary study guide, and OIG for occasional reference, and that is the path that many others have successfully used. YMMV.

    The quizzes in the AIO are not representative of the questions that you will face on the exam. Forgo them. If I had one suggestion is to use https://www.freepracticetests.org/quiz/index.php . I have not used SkillSoft, but CCCure's questions are the closest to the actual questions found on the exam, and this sentiment is held by many. Pay the money to get full-access to all questions and practice, practice and practice some more.

    Please bear in mind that the CISSP is not an easy exam, and your conceptual understanding of the material will be tested, which is my way of saying that you cannot cram for it. Your study plan at first glance appears to more "cram" than "learn". The more you prepare, the better your understanding of the theory, concepts and technical aspects of information security, the greater your likelihood is of passing.

    Best of luck!

    Thanks. I do understand about making sure I understand the material and not "cramming". I save the cramming for my classes for my Bachelors degree because that's what the classes are, read and be tested on what you remember.

    I do have a good understanding of most all of the CISSP CBK domains and when I study, I visualize myself applying what I'm reading. I make sure I understand completely how the material is applied in real life, as I believe thats important. Also just perusing the Conrad guide, I see he uses a lot of imagery and illustrations so that will only help me visualize myself applying what I'm reading. The reason I emphasize my study of the practice exams is because I find it helps reinforces concepts by reading the explanation of why a particular answer is correct.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    badrottie wrote: »
    I have not used SkillSoft, but CCCure's questions are the closest to the actual questions found on the exam, and this sentiment is held by many.
    The (ISC)2's studISCope practice exams are actually the closest to the actual exams. Posted reviews on the studISCope produce are rare, so people don't know this.
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    JoJoCal19 wrote: »
    I just passed my Security+ a week ago which I took as a sort of primer to get me ready for studying for the CISSP. Now on to the real deal. I've read many threads here and I've also read the blog here about CISSP. Here is my course of action in prepping for the CISSP, which I'm aggressively pursuing for the exam date in the middle of December this year.

    Materials:

    CISSP Study Guide - Eric Conrad
    CISSP All in One Boxed Set - Shon Harris
    CISSP Study Guide 11th Hour - Eric Conrad
    CISSP CBT Nuggets
    SkillSoft Training Videos and Practice Exams

    Plan:

    I was originally going to use the CISSP AIO as my primary study but after seeing how huge and unweildly it is and reading a lot of feedback on the Conrad Study Guide, I decided to use it as my primary.

    1. Read the Conrad Study Guide.
    2. Take the practice exam from the accompanying web site for the Conrad Study Guide.
    3. Read the Conrad Study Guide again and use the AIO as a cross reference for each domain to fill in details or add to what I'm reading in the Conrad guide.
    4. Take the AIO practice exams that come with the AIO.
    5. Watch the CISSP CBT Nuggets.
    6. Take a SkillSoft practice exam and take another one of the practice exams from the AIO.
    7. If time permits, read the Conrad Study Guide again. If not go to number 8.
    8. Read the Conrad 11th Hour Study Guide.
    9. Practice Exams, Practice Exams and more Practice Exams (SkillSoft plus other various ones from the reputable places listed elsewhere on these forums).
    10. At this point I would expect I should be hitting 90%+ on practice exams. Take the real exam.

    This might seem overkill and such a short time to do this but I actually read 1 chapter of the Conrad Study Guide per day. I work from home and work is extremely slow so I have A LOT of time during the day to dedicate to studying. Ive got just under two months from now until the December CISSP exam.

    Thoughts or suggestions?

    You seem to be in a bit of a hurry to clear this exam. Is there a reason? The CISSP covers a lot of material and you might be better off from a learning experience taking longer over it. That said, there are people who pass this exam in a matter of a few intense weeks if that is basically all you do for a while.
  • badrottiebadrottie Member Posts: 116
    JDMurray wrote: »
    The (ISC)2's studISCope practice exams are actually the closest to the actual exams. Posted reviews on the studISCope produce are rare, so people don't know this.

    Mea culpa. The cost does seem to be an order of magnitude higher, but if you want the most representative questions, based on what JD has said, this would be the first choice.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Turgon wrote: »
    You seem to be in a bit of a hurry to clear this exam. Is there a reason? The CISSP covers a lot of material and you might be better off from a learning experience taking longer over it. That said, there are people who pass this exam in a matter of a few intense weeks if that is basically all you do for a while.

    For a couple of reasons. Number one being that even though from my comparison of the CIB for the current exam and 2012 changes shows that the changes are minimal and that I could just study longer and still most likely pass, I'd rather take the current version of the exam if at all possible. The other big reason is that I am going to be taking full-time college courses (Bachelors level at University of Florida *TOUGH*) next term in January in order to be able to graduate in August, and study time for certs will be much lower than what I have now. Lastly, I anticipate pursuing new employment after the beginning of the year and would lose a lot of study time.

    Given my current work arrangements, I basically have 8 hours to just sit here and study (lucky me), in addition to the time I can devote after work hours. I want to take advantage of things now.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    JoJoCal19 wrote: »
    The other big reason is that I am going to be taking full-time college courses (Bachelors level at University of Florida *TOUGH*) next term in January in order to be able to graduate in August, and study time for certs will be much lower than what I have now.
    Good deal with trying it now while you have the time. Education before certification.
Sign In or Register to comment.