CISSP Passed ( Detailed Process & Tips )
So I generally don’t do make post like this but I thought Id document my process in hopes that it'll help someone interested in the certification. After obtaining my CEH earlier this year I decided to tackle my CISSP. Conducted some basic research and found a lot of useful resources on reddit.com/r/CISSP and these forums. Ill break down my preparation into 3 phases. Feel free to ask me questions, understanding that I will NOT answer exam specific questions.
STUDY DURATION: 3 months
STUDY DURATION: 3 months
- Cybrary.it: Kelly did an awesome job explaining things and her videos really help you pin point areas to focus on. It was also quite entertaining I’ll probably never forget the Clark Wilson model. ( Keep users out of your stuff or they'll break it ) A lot of the analogies she makes simples otherwise complicated topics.
- Sybex Official Study Guide: This book was literally over 1,000 pages I wouldn’t suggest any one read through the entire book. Its long and incredible boring but it does provide you with a few general tips. First thing that comes to mind would be the acronym for SW-CMM & IDEAL ( II DR ED AM LO ) I thought that was pretty cool. After reading each chapter I took the practice exam, and documented my performance and the topics I needed to review. I read the book front to back taking the practice exams documenting my weaknesses. The second time around I downloaded the PDF, and used OneNote and the snipping tool to highlight and copy key things I wanted to review. I did this again for each chapter reviewing topics and questions I missed in detail until I felt satisfied.
- Random TIP: OneNote for iOS/Andriod is free and saved notes can be reviewed when you have downtime.
After reviewing each chapter I felt I needed to obtain a baseline to help determine the areas I needed to focus one. The Sybex test engine was OK, the questions were decent but to be honest they do nothing to prepare you for the exam. They asked a lot of cut and dry questions, the answers in my opinion were more or less a) 10% b) 10% c) 50% d) 30%.Not sure if that made sense but most the questions had “blatantly” obvious answers you either knew the answer or you didn’t. You weren’t forced to question yourself something I ended up doing on the real exam. Not to mention the test engine would time out after 5 minutes of inactivity and did not show you areas you needed to improve on. I spent way too long here, my advice would be to move on to CCCure immediately.
CCCure was awesome, the Pro mode questions were well written and it provided users with well written explanations. I was able to more or less spend the remainder of my study time taking practice test in preparation.
PHASE 3 :
Leading up to the exam I was getting a bit burned out so I dialed back a bit, I stopped taking 250 question practice exams and only did 125. I also spent a lot of the time listening to Cybrary’s audio mp3, and really tightening the knowledge that I obtained. I used this time to create acronyms as a memory aid and casually used the flash card system on the Sybex site.
I feel like this is getting too long so Ill wrap this up all in all on the day of the exam make sure you get enough sleep and come up with a plan of attack. Figure out how you’d like to spend your 6 hours, personally I took a break mid way through the exam and again towards the end. Stay positive during the exam. Keep in mind the test includes BETA questions so not understanding a concept or something being asked is to be expected. Don't let it put you on tilt, just keep chipping at it and you'll be good to go.