How I passed the CISSP
I thought I'd just share my experiences with taking the CISSP.
I hadn’t taken a test in a long time but I’ve always gotten by on my cleverness and good looks (okay, maybe not good looks). I’ve been in IT for 9+ years, 6 or so of that in a security field and was getting pretty good at using google to solve a lot of computer problems.
My plan for the CISSP was as follows:
Week 1: Read the Eric Conrad Book
Week 2: Take PTO at work and make notecards from the Conrad book and study them
Week 3: Take a bootcamp. The bootcamp wasn’t necessarily tell me new stuff but rather give me test taking tips. My exam was scheduled for the Monday after the bootcamp.
Unfortunately for me, during Week 2, the new Simcity came out and that had an impact on my study time. Instead of the 12 or so hours that I had planned to study, I was probably clocking in at 6 or so. 12 hours was pretty unrealistic anyway since I’m always a click away from the internet, I would be distracted easily.
So, during the bootcamp, the instructor discussed it and decided that it would be better to have more time between the end of the bootcamp and the exam, so I just went online and pushed my exam back a week. Easy. Overall the bootcamp helped me because it helped reduce the information I thought I needed to know.
During the bootcamp, even though the notecards really helped, I was probably scoring in the high 60s, low 70s on the course questions and Shon Harris CD questions. The things that would get me are new terms and I felt pretty uncomfortable. I refused to read the AIO, but I was a little afraid that there was a lot of information in there that wasn’t in the Conrad book.
During the week after the boot camp, I picked up the CISSP Certified Information Systems Security Professional Study Guide by Darril Gibson, Mike Chapple, and James Stewart. It seem to rate pretty well on Amazon and it wasn’t the AIO, which I already owned. I was probably scoring in the low 70s, but it’s pretty discouraging since after a few weeks of study, I’ve only managed to move the needle a few points. My weakest spots were probably BCP and Legal
I also decided to push my test back another 2 weeks (so it would be 3 weeks after my bootcamp). For the next 3 weeks, I read through the book. It felt pretty good because I knew most of the terms and concepts and when there was something new, it wasn’t overwhelming as it was before when I knew nothing. I also listed to Shon Harris on audio when I had some free time.
After I finished the new CISSP study guide, I skimmed through it again looking for things that I couldn’t quite remember. I finished that up a couple of days before the exam. I was probably scoring in the high 70s, low 80s at this point and have gone through about 500 questions on cccure. What the exams did for me was that when I missed a question, it would slightly burn into my brain so that when I was rereading a section and came upon a term in a question I go wrong, I paid it a bit more attention. On the night before the exam, I watched the movie Hackers (which discusses the Orange book, social engineering, phreaking, dumpster diving, and hacking the Gibson). That got me in the right mood and ready for the next day. I had planned on reading the 11th hour by Eric Conrad during that morning, but after going through a few chapters, it didn’t feel necessary (since most of it was in Eric Conrad Study Guide proper). I just went and had a good lunch, and took the test.
The test was harder than I expected. During my first pass, I took 5 hours. I had one break (I had planned to take more but after seeing how I was a little behind, I just took the one). In the last hour, I had probably reviewed half the exam when I was out of time.
Next thing I know, I’m getting a printout saying Congratulations.
So, I know this is probably pretty long winded so I’ll sum up:
Tl;DR
I think notecards really helped me, especially for Networking and Encryption. I would recommend that if you feel that you may struggle with those two domains, I would make notecards. I think they helped me for all the domains, but they didn’t seem as effective for BCP and Legal (because most of the terms there are terms that you already know, you just need to know them in a specific way or they had long lists).
At first I didn’t really think practice exams would help, but taking them through the course of the study did help. For the questions that you get wrong, when you see it in the next pass of your material, it’ll make more of an impression.
The Eric Conrad book is good, but I didn’t feel comfortable with it as my only source. I passed using the Eric Conrad book and the CISSP book by Darril Gibson, Mike Chapple, and James Stewart.
For sample exam questions, I used CCCure.org exams (about 500 questions) and Shon Harris AIO CD questions (about 300). I also did 80 questions from “CISSP Exam Prep: Questions, Answers & Explanations” which I thought were very good (better than CCCure). I would have done more of them but I found out about it on the last day.
Anyhow, Good luck to all you future CISSPs
I hadn’t taken a test in a long time but I’ve always gotten by on my cleverness and good looks (okay, maybe not good looks). I’ve been in IT for 9+ years, 6 or so of that in a security field and was getting pretty good at using google to solve a lot of computer problems.
My plan for the CISSP was as follows:
Week 1: Read the Eric Conrad Book
Week 2: Take PTO at work and make notecards from the Conrad book and study them
Week 3: Take a bootcamp. The bootcamp wasn’t necessarily tell me new stuff but rather give me test taking tips. My exam was scheduled for the Monday after the bootcamp.
Unfortunately for me, during Week 2, the new Simcity came out and that had an impact on my study time. Instead of the 12 or so hours that I had planned to study, I was probably clocking in at 6 or so. 12 hours was pretty unrealistic anyway since I’m always a click away from the internet, I would be distracted easily.
So, during the bootcamp, the instructor discussed it and decided that it would be better to have more time between the end of the bootcamp and the exam, so I just went online and pushed my exam back a week. Easy. Overall the bootcamp helped me because it helped reduce the information I thought I needed to know.
During the bootcamp, even though the notecards really helped, I was probably scoring in the high 60s, low 70s on the course questions and Shon Harris CD questions. The things that would get me are new terms and I felt pretty uncomfortable. I refused to read the AIO, but I was a little afraid that there was a lot of information in there that wasn’t in the Conrad book.
During the week after the boot camp, I picked up the CISSP Certified Information Systems Security Professional Study Guide by Darril Gibson, Mike Chapple, and James Stewart. It seem to rate pretty well on Amazon and it wasn’t the AIO, which I already owned. I was probably scoring in the low 70s, but it’s pretty discouraging since after a few weeks of study, I’ve only managed to move the needle a few points. My weakest spots were probably BCP and Legal
I also decided to push my test back another 2 weeks (so it would be 3 weeks after my bootcamp). For the next 3 weeks, I read through the book. It felt pretty good because I knew most of the terms and concepts and when there was something new, it wasn’t overwhelming as it was before when I knew nothing. I also listed to Shon Harris on audio when I had some free time.
After I finished the new CISSP study guide, I skimmed through it again looking for things that I couldn’t quite remember. I finished that up a couple of days before the exam. I was probably scoring in the high 70s, low 80s at this point and have gone through about 500 questions on cccure. What the exams did for me was that when I missed a question, it would slightly burn into my brain so that when I was rereading a section and came upon a term in a question I go wrong, I paid it a bit more attention. On the night before the exam, I watched the movie Hackers (which discusses the Orange book, social engineering, phreaking, dumpster diving, and hacking the Gibson). That got me in the right mood and ready for the next day. I had planned on reading the 11th hour by Eric Conrad during that morning, but after going through a few chapters, it didn’t feel necessary (since most of it was in Eric Conrad Study Guide proper). I just went and had a good lunch, and took the test.
The test was harder than I expected. During my first pass, I took 5 hours. I had one break (I had planned to take more but after seeing how I was a little behind, I just took the one). In the last hour, I had probably reviewed half the exam when I was out of time.
Next thing I know, I’m getting a printout saying Congratulations.
So, I know this is probably pretty long winded so I’ll sum up:
Tl;DR
I think notecards really helped me, especially for Networking and Encryption. I would recommend that if you feel that you may struggle with those two domains, I would make notecards. I think they helped me for all the domains, but they didn’t seem as effective for BCP and Legal (because most of the terms there are terms that you already know, you just need to know them in a specific way or they had long lists).
At first I didn’t really think practice exams would help, but taking them through the course of the study did help. For the questions that you get wrong, when you see it in the next pass of your material, it’ll make more of an impression.
The Eric Conrad book is good, but I didn’t feel comfortable with it as my only source. I passed using the Eric Conrad book and the CISSP book by Darril Gibson, Mike Chapple, and James Stewart.
For sample exam questions, I used CCCure.org exams (about 500 questions) and Shon Harris AIO CD questions (about 300). I also did 80 questions from “CISSP Exam Prep: Questions, Answers & Explanations” which I thought were very good (better than CCCure). I would have done more of them but I found out about it on the last day.
Anyhow, Good luck to all you future CISSPs