Those who have passed the CISSP, please give your advice for what worked best

JasonX

I have read through numerous threads here and have both Eric Conrad's study guide, and Shon Harris' All-In-One. From looking at how thick the book is and reading many users posts, it appears the AiO is very wordy and Conrad gets to the point.

Just curious if you guys believe Conrad's Study Guide combined with his 11th hour Study Guide and questions from CCCure would be enough. The All-in-One has well over 2x the pages from Conrad's and if it's just wordy and confusing, it might be a bigger detriment trying to understand Shon Harris than do me any good.

Cliffs:
What worked for you? Am I good to go with Conrad's Study Guide and 11th Hour Study Guide + CCCUre questions or do I need Harris' All-In-One.

n3twork3r

I was able to pass the exam after reading Eric Conrad's book and taking some exams on CCCure.

JasonX

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Nice, that was it?

Think I should be good than too if I'm also going to read Conrad's 11th hour Study Guide. I'm just dreading reading 1500+ pages from the AiO if Conrad's book gets to the point and is an easier read.

cyberguypr

Conrad's guide 2nd edition was my main source. I used the AIO for my weakest domains (crypto, app sec). I also used 11th hour to a lesser degree. Make sure you watch the Eric Cole's SANS webcast as well as the Clement Dupuis one. Another very helpful tool was the CBT course by Clement. I was lucky enough to help him out with something and he gave me access to the course. Very good stuff.

joebanny

Though, I didn't use the Eric Conrad book (but heard good stuff about it), but used the Shon Harris, in my opinion, it is not that bad, especially if you can just sync up the PDFs version to an E-reader (Ipad, Kindle, whatever) hence you avoid taking the bulky stuff all around. If you want to avoid the Shon's book however, I will suggest you at least take the test at the end of the chapters, I think those will enrich and prep you further for the exam. Good luck to you!

f0rgiv3n

I used the Eric Conrad book, CCCure and the 11th hour guide. I would recommend also getting one other source for training material. That can be computer based training or a class. I took the SANS MGM414 course with Eric Conrad and it was great, but expensive.

da_vato

I read Shon Harris' book and went to a boot camp with training camp. I would warn that the AIO is a great source of info but it is a chore to read. I found Shon's humor to be dry and distracting. Personally I would recommend a boot camp if you can afford it but if you choose the self study route absolutely get multiple sources.

Akther

If you have enough experience in infosec then Eric Conard is the right one. Otherwise AIO will be best choice.

kalkan999

Conrad is good. AIO is good if you cannot understand what is being shared with you in Conrad's or Tipton's CISSP book. 11th hour should be used then and only then. DON'T use 11th hour as a main source, in my opinion! I have known more than a few people who used 11th hour and CISSP for Dummies thinking that would be enough. There are a couple of exceptions who passed, but most who went that route FAILED.

tony71

I would steer away from AIO. When I finished the book I was really burned out and when I bought Eric Conrad I wish I had bought it as my main source of information.

Humbe

Let me remember you that the 11th hour CISSP book is just a recap of some of the information you need to have in mind when walking to the CISSP exam. You need much more information that just that. Eric Conrad book feels easier to read for me than the Harris book but I ended up reading both of them.

Just my two cents.

badrottie

Study. Yes, study. In fact, study hard. It used to be the AIO or OIG, but Eric Conrad's books have been receiving favourable reviews. Do not rely upon just one source for material. There is no substitute for this. Give yourself enough time to know the material, but do not memorize all of it.

Practice. By this, either use the quiz banks at cccure.org, or purchase them from another reputable vendor and practice writing the exam. At a minimum, do 100 questions at a time. Use your results to determine which areas need the greatest concentration. Also, it helps determine what your pace of taking the exam. Are you lightning fast? Glacially slow? Try to get an idea of how you to pace yourself in the exam, and remember that writing the actual exam is harder (which will very likely slow you down).

"Think like a manager" is frequently used as advice. I like to (jokingly) question this advice, as do we really want prospective CISSPs to turn their brains off? In actuality, it is better to understand the CISSP CBK from the perspective of the business, rather than the technical aspects. From the ISC2's perspective (from what I have been able to discern), theory > practice. Theoretical understanding of information security will outlive technical implementations thereof. Once you understand discretionary access vs. mandatory access, how LDAP works, what the evil-bit does in TCP packet header, etc. you are better off than knowing how to configure firewall product X properly.

There is a lot of other advice floating around TE, so I would honestly suggest taking the time to review some of it. There are exam writing strategies, specific information on the CBK, etc. The search function is your friend.

And...good luck with your studies and may you pass it the first time!