Passed CISSP!!!

cyberguyprcyberguypr Senior MemberMod Posts: 6,909 Mod
Just passed!

I'm on the train back home fighting a headache but will post my impression later.

Edit: Here's the good stuff:

My background:

Windows Sys Admin. My expertise regarding the CBK revolves around Telecom+Network, BCP/DRP, Access Control. Also a bit of Ops Sec and Physical Sec. See my certs on the left.

I always wanted to take this test but refused to do the paper test. Could never understand why there wasn't a computer test.Higher gods listened and brought the CBT which means I ran out of excuses.


Since I finished my BS in May, timing was perfect. I officially started studying for the CISSP in June. Bought the AIO and started banging at it. Found it overly verbose and switched to Eric Conrad's study guide as my primary source. My plan was to start with my familiar areas as specified above. My logic was that If I hit something else unfamiliar first I could get frustrated. I ended up following this order: Telecom > BCP > Access Control > Physical Sec > Op Sec > Gov and Risk Mgmt > Legal > Sec Arch + Design > Crypto > Software Dev Sec. This allowed me to get the easier stuff out of the way and spend more time on my weaker areas. Even though I started my studies in the summer, I did not commit to paying for the test until November. The main reason was some projects at work that could've delayed the test. When the projects were out of the way, I proceeded to pay the test and committed to the December date.

I say the plan worked as I never lost momentum. That was one of my main goals.


- CISSP Study Guide, Second Edition by Eric Conrad. This was my main resource.
- 11th Hour CISSP: Study Guide
- Official (ISC)2 Guide to the CISSP CBK. Read close to 80%.
- Shon Harris AIO 5th edition (6th is out now.) Did not read the whole thing as it is overly verbose. Mostly for reference on my weak areas. The included disk with practice questions was very useful.
- Dr. Eric Cole's SANS MP3s. One fo the most useful resources.
- Clement Dupuis bootcamp videos. Just as Dr Cole, he's been doing this for a long time and knows this stuff inside out.
- NIST documents. In particular 800-30, 800-34, 800-100
- Countless CISSP related posts here on TechExams
- - Used the paid questions. Some material is definitely outdated but still a very good resource. I took close to 4,500 questions
- Test questions from
- More practice at McGraw-Hill Education | CISSP Practice Exams
- My CISSP Experience - A Study Plan Memoir
- Mind maps: Index of /resources

The night before:

ZERO review. Always have been a big believer in not studying the day before. I stayed at a hotel in Downtown Chicago close to the testing center to relax.
Ordered room service (deep dish + tiramisu) and watched a couple of movies. Achieved nirvana thanks to the deep dish and by not grabbing review material. Went to bed at 10pm with my mind completely clear.

Test day:

Woke up at 7am. Started with a nice Anaheim Panini and a caramel latte form Corner Bakery a block away from the testing center. Right after, I got to a nice start when I walked into the Pearson Vue center and saw a plethora of great looking girls in line for other exams. I chit chatted with a couple of them for a few minutes. My wife had a blast when I told her this.

Before I started I established checkpoints in my mind (100 questions, 150, 200) were I would evaluate if I needed to stretch, eat, bathroom, etc. I was so pumped that decided t0 keep pushing and ended up not taking a break at all.

General impressions:

- Fair test. Covered the CBK well. Saw a bit of everything.
- I got some questions that I am positive had no valid answer listed
- Lots of semantics games. I remember reading about this here on TE. They will refer to things with other names
- I was surprised to see many questions were one liners, similar to study material. I was expecting way more convoluted scenarios
- By question 41 I started to freak out because I thought I was taking too long answering. Relaxed a bit and didn't let that get to me
- Freaked out a bit again near question 150. Again, calmed myself down. Collapsing the clock and question number helped me a bit
- Answered all questions by the 3 hour mark. Ended up with 100 questions marked for review.
- Did a first pass of items to review. Went through all 100 questions but left 20 for a second pass. Some of them you couldn't even figure out what the heck they were asking. Here is were Eric Cole's advice came in handy. I deconstructed those questions like never before. and applied the four steps: 1. Look for
distractors, 2. look for the most correct answer, 3.look for the most inclusive answer, 4. If everything else fails, GUESS! I only has to guess on a few questions
- After reviewing the last 20, finished test with 37 minutes left on the clock - When I got my score sheet It was like looking at a blank paper. I could not see if I passed or not. Took me a solid 30 seconds to see it - Absolutely hate that you don't know how you did. But again, as Toretto said: "It doesn't matter if you win by an inch or a mile; winning's winning."

Other thoughts:

- There are 3 ways to do things: The right way, the wrong way, and they ISC2 way. Again, Eric Cole stresses this. It doesn't matter what your experience is or what you have done. What ISC2 says is what counts. If they say fences must be painted pink, pink it is. It doesn't matter that many fences are other colors in the practice
- Don't memorize stuff, make sure you understand the concepts. This has been said here many many times. Example: some people try to strictly categorize controls as deterrent, preventive, etc. It doesn't work that way. Many controls change depending on the context of the implementation. Although some are black and white, other aren't. If you understand this you will have no issues
- Be flexible, both with your studies and during the test. You may need to adjust your plan on the fly
- Ask questions! If you don't know or understand something post here. We'll be more than happy to clarify

Finally, thanks to all of you who answered my questions, posted material reviews, exam impressions, etc. Those were extremely valuable.

On to endorsement now and then full sail ahead for GCWN.


  • lsud00dlsud00d Member Posts: 1,571
    Congrats cyberguy! icon_cheers.gif
  • mikearamamikearama Member Posts: 749
    Hey, well done. Congrats.

    And the sweet boozes will not only aid in losing the headache, but are killer for celebrating too!
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
  • IvanjamIvanjam Member Posts: 978 ■■■■□□□□□□
    @cyberguypr - congrats on passing the CISSP icon_thumright.gif

    @mikearama - totally valid philosophical position!
    Fall 2014: Start MA in Mathematics [X]
    Fall 2016: Start PhD in Mathematics [X]
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□

    I believe my facebook status was: "Passed CISSP. Now beer."
  • ThistlebackThistleback Member Posts: 151
    Congrats cyberguypr! How's the headache now?
    Feel the fear, and do it anyway!
  • itsgonnahappenitsgonnahappen Member Posts: 95 ■■■□□□□□□□
    Awesome news! Congrats man! Looking forward to hearing the impressions.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    See update above with full details.
  • zxshockaxzzxshockaxz Member Posts: 108
    cyberguypr wrote: »
    saw a plethora of great looking girls in line for other exams. I chit chatted with a couple of them for a few minutes. My wife had a blast when I told her this.

    haha this cracked me up! Congrats man! I enjoyed the review!
  • odog007odog007 Member Posts: 12 ■□□□□□□□□□
    Congrats on the pass dude!! Where did you find the Dr. Eric Cole's SANS MP3s??
  • pgriffin7pgriffin7 Member Posts: 14 ■□□□□□□□□□
    Great writeup thank you!
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    Although he never took the test my coworker attended company sponsored SANS CISSP training and got them.
  • spicy ahispicy ahi Member Posts: 413 ■■□□□□□□□□
    Congrats on the pass! icon_cheers.gificon_cheers.gificon_cheers.gif
    Spicy :cool: Mentor the future! Be a CyberPatriot!
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    Thanks to all!
  • PaperlanternPaperlantern Member Posts: 352
    Few days late but I havent been on the forums much. Better late than never. Congrats cyberguypr! Hope you arent too hung over from partying it up in celebration.
  • holysheetmanholysheetman Member Posts: 114 ■■■□□□□□□□
    congrats man! I also passed on Dec 22nd, early xmas present as well! Happy Holidays!
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    Submitted endorsement on 12/19, got an email on 12/20 saying I forgot to attach the resume (dumb me, I was too excited.) Resubmitted on 12/20.

    Got official designation TODAY! WooHoo!
  • jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
    So about 5 weeks waiting?
  • Jake007Jake007 Member Posts: 65 ■■□□□□□□□□
    Good info, im waiting on mine to come back also. i sent it off 2 Jan.... looks like ill be waiting for mine about 30 Jan then....
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
  • ThistlebackThistleback Member Posts: 151
    Nice to finally have those coveted letters after your name, yeah?
    Feel the fear, and do it anyway!
  • keri2000keri2000 Registered Users Posts: 4 ■□□□□□□□□□
    Hi, I know this is a bit after you passed but I had a quick question about the Eric Cole mp3s. My friend gave me his and I started listening to them but I believe they are from the 2007-2008 timeframe. Do you think that I should continue to even bother? Eric Cole is very easy to listen to and I think I could retain a lot from him, but if they are that old will it do me any good to continue? If not, I will go ahead and just read the AIO 6th edition.

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,893 Admin
    If you are referring to the MP3 files from Dr. Eric Cole's SANS 401 class, that is not the same thing as the CISSP CBK domains. That information will be of little help in passing the CISSP exam.

    And your friend violated his SANS/GIAC Non-Disclosure Agreement by giving you those MP3 files.
Sign In or Register to comment.