12-APR-2013. CISSP Exam Experience. 1st Attempt. Passed!

I sat the CBT version of the CISSP exam and passed on the first attempt last Monday. It was an interesting exam so I'd like to share my experience and how I went for studying this exam. I've never studied *this hard* for a test since I finished college 3 years ago so this was definitely a different exam than all the other certs I've taken before.

My Background:
Finished college specializing in Cisco networking. 6 years of some help desk support. I finished the SSCP in September 2012. Minimal security experience, I started my first IT Security job in October 2012 so its a relatively new area for me.
Existing certs: SSCP, CCNA-Security, MCITP, MCSA, A+, Network+.

Success toolbox:
=================
* Eric Conrad CISSP Study Guide 2E - Excellent. Kindle Edition. $35
The reason why this is my primary resource is because EC writes things TO THE POINT. No frills.
The more precise a text, the clearer the main ideas and concepts, and the easier you will understand them.
Mind you though I did not completely understood everything 100% crystal clear that was presented by the book, the hard-to-get concepts (especially ones in the LAWS and REGULATIONS domain). That's what google is for - the difficult stuff.

* Google/Wikipedia - Excellent.
Google is my wife, and Wikipedia is my mistress.

* IETF RFC Editor - RFC-Editor Webpage - Excellent.
This site is excellent for learning how technical protocols work. You won't need to know every detail in the RFC, just what the protocol is used for, and related security issues. I.E.: Security issues with IPv4 networks, etc. Get the main idea of why such mechanisms or protocols exist. No need to go into detail.

* Expert advice from team and manager - Excellent
Preparation for the CISSP is easier if you have real-world experience. I don't have that much experience, so I ask my boss and team members LOTS OF QUESTIONS. Why does the company choose this architecture? How did you write the policies? How is seggregation of duties enforced? Why/How do we perform an audit? How do we perform an access review? Boss, if you approve my request, then who approves YOUR requests? What is governance and how is it different from management? How come we have to interface with legal and HR all the time? How come we can create policies but the server team gets to put the settings into the system (Separation of duties)? what are you doing? (really! I ask that!), and lots lots lots lots lots lots more questions....

* Microsoft One-Note - for taking notes
If you would like a copy of the notes I took from Conrad's CISSP study guide 2E, please let me know. They're my primary study resource.

* Apple iPad - for reading notes.
I export the notes to PDF format then emailed myself because I don't allow iTunes to be installed on my PC. It's a poorly-written software. Then read my notes on the ipad

* Practice Exams / Mock Exams - Good to get concept and definitions.
You will most likely never ever see an exact question on the real exam. If you do, then you've just purchased an Exam **** and you've just cheated and de-vauled the certification for yourself an everyone else. Practice exams are good for quick verification that you absorbed the main ideas of a chapter. Practicers contain straightforward questions you WILL NOT see on the exam, but good to use for checking your understanding of main concepts.
- Sample CISSP Exam - Free
- CCCure.org quizzer - Free
- LearnSmart Systems - $139

* Boss/team mates/coaching - good to get a picture of how concepts are applied in "real world" environment.

Other reading materials I came across but did not use:
* Official Guide to the CISSP CBK 3E - "official guide to confusion and failure". Kindle Edition.
* Shon Harris' CISSP AIO 6E - "Comedian's guide to CISSP". PDF.

Time spent preparing:
=====================
Started studying 3-FEB-2013. Took the exam 12-APR-2013. So overall about 2-3 months.

Studying Method:
================
A right mindset is important. It shapes how you study and approach the questions. So please repeat to yourself -
***CISSP is not about memorizing. I will not ****. I will not ****. I have integrity. I will understand the material.***
***I will think like a manager and not as a techie. I manage risk, not operate it. I make decisions, not implement it. I am accountable.***

....and now for the (fun) journey:

* Started reading first 50 pages of Official Guide to CISSP CBK guide. Threw book away. Too hard to read.
* Started reading first 4 chapters of Shon Harris CISSP AIO 6E. Threw book away. Too many stories. Too many comics.
* Started reading Eric Conrad CISSP Study Guide 2E. Hooked! Read from cover to cover including glossary (important: it has all the definitions and terms you need to know!). 2 weeks to read through entire thing.
* 2nd Read-through: Took important concept notes for each domain onto MS OneNote. These are detailed notes. Please PM me if you want the file!

* Googled things I didn't understand. This is where the RFC documents, etc... come into play. They help add detail and granularity to the concepts, which helps reinforce understanding. Added to OneNote "notes"
* Ask the boss, team members, other IT teams about how they apply concepts in the environment, how they monitor and maintain, and how they manage that aspect overall. Quick 5-10 minute chat in the coffee room.
* Watched DEFCON on youtube and visualized how "best practices" presented by the CISSP curriculum could be use to mitigate some of the attacks they used.
* Started practicing on CCCure.org simulator, LearnSmart practice tests, and Yasna. Read the notes quickly.
* Play Far Cry 3 in between study sessions. "Stress Reliever"
* 2 Weeks before the exam - Created "Quick Glance" 1 page notes for definitions, technical terms, and hard concepts from existing notes. I call this the "CISSP Dictionary". Glance quickly for 5-10 minutes every available hour. Practice exams. Play Far Cry 3.
* 1 Week before the exam - Play Far Cry 3. No studying. If at this stage you are still having problems understanding the concepts, I recommend you postpone the exam. You're not ready. Please know the material, not memorize it.

Exam Day:
=========
Had a headache the night before. Did not sleep well. Actually....scratch that - Did not sleep at all. Played Far Cry 3 throughout most of the night before the exam.

Had a light breakfast. Vector meal replacement with 1% skim milk.

I took the CBT at a Vue testing centre.

Exam time - 8.30am.

Exam admission: Sign NDA, sign-in sheet. Verify identity, take palmprints and photo.

Supervisor did not allow anything in the exam room, not even water bottles. My pockets were all empty. No watches. Plan accordingly!

There were 3 other people in the exam room, taking other exams. I think Vue does not allow 2 people to take the CISSP at the same test centre on the same date/time.

I was provided 1 marker, 1 set of ear plugs, 3 sheets of erasable plastic papers, and a tissue box - the test centre gave all their erasers to the other candidates, or I could use it to wipe my tears at the end.

I took 1 bathroom break to answer nature's brief water call.

Sat down, exam starts. Obviously I cannot say what questions they asked, but I can tell you this:
1. The "Congratulations!" at the ending screen = "Congratulations! You completed the exam", NOT "Congratulations, you passed". *facepalm*. You will know your results when the tester gives you the print-out on your way out of the test centre.

2. An email will come from ISC2 to your inbox an hour (maybe a bit more) after you successully pass the exam and and when Vue's behavioral analysis does not detect a "****-style" in your answering patterns. I.e.: if you finish answering 250 hard questions in 15 minutes then something is very wrong.

3. I did a few passes.
- First pass - skipped anything I could not answer right off the bat. 1.5 hour.
- Second pass - answered all the missing items (I had over 100 questions left blank). Skipped anything I could not answer after 1-2 minutes of "thinking". 1 hour.
- Third pass - answered all the hard questions. 1 hour.
- Forth pass - review answered questions. Changed about 5-10 answers after careful consideration. Be prepard to differentiate between "self-doubt" and a "suspected incorrect answer". 2 hours.
- Fifth pass - quick review. 0.5 hour. Read the questions and answers carefully!

**These test engines must be flash or java based. If you select a choice, then click anywhere on a blank portion of the screen below the choices, the radio button Jumps to the last choice. Check your answers!**

4. Submitted test. Got "Congratulations" message. Smiled. Then "wait..what!?" - "CONGRATULATIONS! You finished the exam."

5. Walked out of exam room feeling like I had failed. I hear they call this the "post-traumatic-6-hour-CISSP-stress" syndrome.

6. Signed out. Got results! "Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security Professional (CISSP) (R) Examination." on paper.

7. Drive home to the tune of Taylor Swift and Celebrate! I don't drink. So you can have beer, I had water and orange juice. Also, please don't judge me. A perfectly normal guy can rock out to TSwift.

Find more posts tagged with

Comments

JDMurray

Very organized, well planned, and well described! Congratulations!

webgeek

buddyjones wrote: »

* Started reading first 50 pages of Official Guide to CISSP CBK guide. Threw book away. Too hard to read.
* Started reading first 4 chapters of Shon Harris CISSP AIO 6E. Threw book away. Too many stories. Too many comics.
* Started reading Eric Conrad CISSP Study Guide 2E. Hooked! Read from cover to cover including glossary (important: it has all the definitions and terms you need to know!). 2 weeks to read through entire thing.

lol I concur what you said about all 3 books

buddyjones wrote: »

Supervisor did not allow anything in the exam room, not even water bottles. My pockets were all empty. No watches. Plan accordingly!

Yup, nothing, even had me take off my shoes and lift my pant leg up.

buddyjones wrote: »

1. The "Congratulations!" at the ending screen = "Congratulations! You completed the exam", NOT "Congratulations, you passed". *facepalm*. You will know your results when the tester gives you the print-out on your way out of the test centre.

lol

buddyjones wrote: »

7. Drive home to the tune of Taylor Swift and Celebrate! I don't drink. So you can have beer, I had water and orange juice. Also, please don't judge me. A perfectly normal guy can rock out to TSwift.

I’m with you….whatever has a good beat I’ll rock out to. When I passed, I put the windows down and had my music blasting as well.

Congrats to you sir!

wes allen

Nice write up for sure. Congrats on the pass!

da_vato

Congradulations!!

I am officially 1 month out from sitting for this exam and am getting nervous. I am glad you guys are confirming I am not crazy about the AIO book... I am almost done with chapter seven of this book and have been thinking of scrapping it and going with the EC book. An excellent review

!nf0s3cure

Dedication and elimination are your strenghts. I am too at the point of putting SH on zBay. Only way to recover cost! Too much detail. Maybe a good book for reference later on but for exam prep work too much detail!
Congratulations.

bbd3

Congrats Buddy, awesome.

travisssmith

Congrats on passing!!! I started the AIO book and stopped after chapter 3. I have read several other books that are available on books24x7.com. I have found it to be a great resource for the amount of knowledge available located all in one place and the fact that it is all in one place keeps me better organized.

Jasiono

I will go ahead and keep that book written down. Thanks for the breakdown!
I still have to get my SSCP and some experience before I go for this anyway.

Humbe

I was completely sold on the thread until I read the Taylor Swift part... lol

Nonetheless, congratulations !!

danny069

Congrats and how long exactly did you have to wait until you got your pass result? And how did your receive it? email? letter?

f0rgiv3n

Awesome write up

It made me feel like I just took the exam and passed it... Only I haven't yet.

Good info and thanks for the heads up on the false "congratulations". That'll save me some stress at the end. hahaha

As for T Sweezy... good for you man.

moyondizvo

buddyjones wrote: »

A perfectly normal guy can rock out to TSwift.

If you say so buddyjones ...

... Congratulations, great work and a great write up too

ssehg

Congratulations..

no1ali

Congratulations, very well written.. its safe to play fifa 13 i guess

any chance you can inbox me notes ? I don't have sufficient privileges to write you my email address via TE message service

rafu

Your short and to the point post is just what I needed to get started, so thank you! Can you share your notes?

indzhov

Congrats!!! If possible i would like to have a copy of the notes? I'm preparing mine at the moment and would like to take a look at yours. Otherwise i more or less have the same idea:
1. Finish my notes and read 10-15 pages of them every day
2. take practices test at CCCure - 50-100 and ramp up as the times goes. So i have the mental strength to sit for 250 questions.

I plan to take the exam in July.

mister704

Congrats...I would love a copy of your notes. I am starting my study right now for my exam in September. I could not send you a personal message but would love to see what you have.

broli720

Congrats! It's always nice to read one of these stories.

wintermute1

Great and complete listing. I can't PM you yet, but would benefit from a look at your notes. I am waiting for my results from taking the test last week, but really anticipate having to go through this again

.

Thanks

Wintermute1

mjje29

Thanks for sharing you strategy buddyjones. I wouldreally appreciate it if you could share your notes.. I completed the Shon's AIOversion 5 and read through Eric Conrad's CISSP Study Guide 2E. I glanced at AIOversion 6 but really don't want to go there again unless it’s necessary / recommended? I plan to take the test in late May..

susenstoob

Good for you! Thanks for sharing, I actually just passed today myself!

Edizah

Congrats and thanks for sharing. Sitting for mine in July