CISSP study plan

billyr2009

Hi all,
This is actually my first time posting. I work in the IS field currently and have been for about a few years now. I am attempting the CISSP, I already have the Security+ and ITIL v3 certs. I know the CISSP will be much tougher. Here is my game plan as far as study materials.

1) Eric Conrad - CISSP Study Guide 2nd edition
2) Shon Harris CISSP AIO Exam Guide 6th edition
3) Eleventh Hour CISSP: Study Guide by Eric Conrad - Syngress
4) CISSP Practice Exams by Shon Harris

My question is, how do you guys feel this will help me? I know on this forum that people say the Shon Harris CISSP AIO is verbose, so should I use options 1 and go over the Shon Harris books on topics I dont feel as strong about? Then once Im done with the Eric Conrad book, I plan to go through the 11th hour book and through practice exams. Do you guys think thats a solid way to go about studying, or is their anything I may need more? Let me know your thoughts on my game plan.

Bundiman

That is a great list the only thing I would add is once you have covered the material in the books you listed I would follow up with some pratice test from cccure.org.

cyberguypr

And don't forget the SANS webcast.

billyr2009

Thanks for your replies so far guys I was wondering, whats the SANS webcast?

paul78

This is the SANS webcast

https://www.sans.org/webcasts/successful-passing-cissp-95594

billyr2009

THanks Paul78! Wow this site really is a wealth of knowledge. Anyone else have any opinions on my study plan ?

paul78

You're welcome. And welcome to TE forums.

I think you have a solid study plan. If you wanted to read the actual ISC2 CBK you may find it interesting.

I used this Q&A book as well:

CISSP Exam Prep - Questions, Answers & Explanations - SSI Logic Publishing

I also had the Shon Harris Practice Exams and AIO - one of these days I may even open them If you have the AIO - you can download the recordings from the live training which you may find useful.

I did browse the Eric Conrad Study guide - I really liked it.

For myself, I ultimately splurge on getting the SANS OnDemand 414 CISSP Course as my main preparation because I had a short window for study.

wes allen

I just used the Conrad guide, the cccure.org docs and tests. Read, take notes, and do book questions until you are a couple weeks out, then start with 200+ question practice tests on cccure.org in study mode, so you can learn why you were right or wrong. Review notes and the summery docs along with daily 250 question quizzes up to test day.

t17hha

billyr2009, your study guide sounds pretty much the same as mine, I used the CCCURE website for practice tests along with those from the Eric Conrad book and also used the following exams: McGraw-Hill Education | CISSP Practice Exams, I downloaded the audio and listened to it in the evening's before going to sleep.

I agree with wes allen about taking notes, I took a lot of notes and then in the final month or so I wrote a number of flash cards. Good luck.

billyr2009

Thanks again for your responses guys I have more questions also though if you do not mind. How long did it take for you guys to study through self study? How many hours per day/week were you putting in before the exam?

paul78

The exam prep effort is largely going to be dependent on your background and experience. I suspect it varies for most people. For me, I spent about 5 or 6 weeks duration and a total of about 45 hours including the time spend on the SANS online materials. The last 16 hours of prep came in the 3 days leading to the exam. I had about 23 years of IT prior to sitting for the exam.

RanMic

billyr2009 wrote: »

Thanks again for your responses guys I have more questions also though if you do not mind. How long did it take for you guys to study through self study? How many hours per day/week were you putting in before the exam?

I only used the ISC Official CBK book and only opened the Shon Harris book to get the CD out. I used the CD for most of my test questions. As far as hours per day studying I averaged a bout 4 per day (5 days a week) for a bout three months and the final two weeks before my exam I studied EVERY day about 5 hours and reviewed all domains from first to last. Each person learns different with different materials, so good luck with your studying and your test.

Also Paul is dead on it. Depends on your years of experience and how much you already know. Access Control, BCP, Crypto and Law was something I already knew a lot about but the other domains was where I really had to focus. Also, I have almost 15 years in IT at the moment.

Good luck.

billyr2009

Hey folks, I am back seeking more wisdom from you I have been using the last couple of days to go through the Access Control portion of the CISSP. I have gone thru the Eric Conrad 2nd edition and then I went to the Shon Harris version, and noticed that she has some stuff in greater detail. Even the practice questions at the end of her Access control section have some questions that were not covered as in depth in the Eric Conrad version. Has anyone noticed this before?And how does one go by studying both books? I heard someone say that going through the Quick tips helps, but reading the book, word for word is just rough. What strategy did you guys use to get through this, using both books? What did you study from Shon harris and what did you leave out?

paul78

I think that most people would probably suggest that you may want to review the Shon Harris AIO first and then use the Eric Conrad guide for as the secondary review.

wes allen

The AIO put me to sleep within 5 minutes, no way I could have made it a primary source. Depending on your experience, the Conrad book might be all you need. I sorta studied with it off and on for a year and a half - would read a chapter then get distracted with work or something. Couple months later read another chapter or two, only to get sidetracked etc. Finally got serious last fall, ordered Darril's book and did Sec+ after a few days of study for a warm up test. Started focused studying for CISSP again the next day, and probably spent around 10-15 hours a week for the next month or so, with less reading and more quizzing the last week. I have 20 years in IT.

t17hha

For some reason I was able to read the Shon Harris book without it putting me to sleep, not like the ISC2 book, now that was boring!! I did a mix of both but first went through Shon Harris and then used the Eric Conrad book to hit the key points again and introduce a few additions which were not covered in the AIO. I actually, by the end, had probably been through the AIO about 5 times before taking the exam and felt like I knew the material well even though it went into a lot more depth than what was needed.

I have worked in some of the domains for some years but still felt I needed to learn the ISC2 way of those modules, in the last month I probably spent about 6+ hours a day for most the week, but I think in hindsight that was a little overkill but I learnt a lot so not complaining

Oh and sit loads of practice quiz's, I used CCCure mainly which were very useful and then moved onto the Eric Conrad and Shon Harris questions near to the exam.

billyr2009

Hola everyone, thank you for your words of CISSP wisdom. I feel hat the Shon Harris book is tougher to read through than the Eric Conrad. Granted, the Shon Harris AIO has more details. As for my experience, I have 5 years of IT experience and a little over 3 1/2 years in IT Security. For those that used the Eric Conrad book as primary and Shon harris as secondary, how often did you go through their? Did you just go through sections taht were not covered as in depth as the Shon Harris? Also, I heard a mention of Shon Harris videos helping people. Are these free, and if so where can I get these?

paul78

As I recall, they were audio recordings which were available with the AIO book or something like that. You should be able to find it some place in the book or at her web site- Shon Harris, CISSP | CISSP Training Courses, Boot Camps, Resources | CISSP, CISA, CBT Certification Training. It was an actual recording of an entire training session. I am not sure if it's still offered for free though.

I can't vouche for the material. I think Shon is fabolous and she has done a lot to forward the development of the IT security practice. But I only listen to about 5 minutes of the recordings before I got bored out of my skull. She has a bit of a droning voice.

ssehg

Hi
Read Shon Harris and do attempt practice questions at the end of each domain.It is critical to master art of reading the question and the given choices and then answer.

Thistleback

I read through 7 domains in Shon Harris AIO 5, using the practice tests at the chapter ends, and the practice tests on the CD. I didn't pick domains, just started reading three months before my scheduled boot camp, and made it through the first 7 domains. The rest I picked up at boot camp. I have 20 years IT experience, with 10 of those in management, so experience played a large part in successfully passing on the first attempt. Shon's book and the boot camp were my only study resources.

billyr2009

Thanks for the advice everyone. I feel like their is a split between going Eric Conrad 2nd edition or Shon Harris 6th edition.. I think for now, i will go with Eric Conrad, but also scan through Shon Harris to go over confusing parts or parts that are not covered in Eric Conrad. I was wondering, a lot of folks here have said the CCcure site offers lots of free materials like practice exams. there are also paid exams ont he site as well?

f0rgiv3n

Hey Billyr2009, it's hilarious because I just ordered all those books that you listed as well as a CCCure subscription. Good luck to you man, I'll be studying right along side you!

JoJoCal19

I have both the CISSP Study Guide and 11th Hour by Conrad, and the AIO by Shon. I am reading through the CISSP Study guide first, then I will read through the AIO and try to skip past the fluff. Lastly, I will use the Official CBK ISC2 book to study the domains for access control, security architecture, security governance and BCP/DRP as those are the top domains tested from what I've read. I also signed up for CCCure tests and will also be purchasing the ISC2 Studiscope as they have some retired questions and also are modeled after the real exam.

dustervoice

where can i find the Sans webcast it seem as if they removed it from their website.

billyr2009

That is correct, It looks like they remove any webcast content after it gets older than 18 months. I too had been looking for this.

cyberguypr

Yeah, I've been looking for an updated link but haven't found one yet.

maxpowers

Hi There

Just wondering if you had an update for us? How has it been going?

cheers

JoyceN

Hello All,
I am looking for any advise that you may have for someone who does not have as much as 5 years IT experience and Would like to take CISSP certification. I want to take the exam so that I can become an Associate while I continue to work on the experience. What resource (study Books ) would you recommend for someone without much IT experience? Thanks