Passed CISSP First Attempt!
Experience
I don't have a lot of traditional IS experience, I've been doing digital forensics for 4 years and have been in the military for 6 years (not an IT MOS), so I'm not coming at this with a ton of experience. I am fairly good at studying and have a decent memory. I have passed GCFE, SEC+, CEH, and RHCSA this year and I would say that there were things I learned in all of those that helped me with this exam.
Resources (Best to worst)
I read the Conrad Study guide cover to cover a few months ago, and then again when I had an expected testing date. I bought the Boson test engines and went through almost all of the questions. I then was given the opportunity to go to a boot camp which was an awesome way for me to fill in the gaps that the Conrad book didn't go through. I feel like I was pretty solid before the boot camp, so I'm not sure what would have happened if I would have braved the test without it. The company paid for us to have 30 days of CCCure test engines (over 2000 questions) and I religiously did about 250 new questions every day from the end of the boot camp to today. A few days ago someone on here (or reddit, can't remember) mentioned that the Sybex test engine's questions were the closest to the actual test, so since those books were the ones that came with my course, I got the ones form the test questions book online. Those questions were a bit over-deep at times, but they are extremely close to the same type of questions (i.e. story based questions). I went through about 600 of those over the last 3 days. Throughout the whole process start to finish I had Kelly Handerhan's Cybrary MP3's loaded on my phone and I would listen to them on commutes, during workouts or when I was just sitting around.
Test Day
I got to the location about 30 minutes early and decided to skim through all of my notes from the boot camp and talk my self through some of the things I struggled with (BCP, SDLC, etc) Then I went in to the test. Before I started the test I wrote down everything that I could think of, mnemonics, OSI Model, protocols, important words that I struggle with (i.e. certification/accreditation, Verification/Validation, etc) and things like that. All that said, I referenced my notes like 2 times...
Exam
The strategy I used was a 3 pass method I went through all 250 questions, then the questions I skipped (too long, or looked difficult), then the flagged questions (ones I wanted to spend some extra time thinking through). One thing I found helpful was to use the test against itself. There are obviously going to multiple questions on the same topics and you might be able to use one question to fill in blanks for another, which helps with both questions (Irrelevant with a CAT test). Other than that, I took one 10 minute break and finished the test in 4 hours and 30 minutes.
Lessons Learned
I don't have a lot of traditional IS experience, I've been doing digital forensics for 4 years and have been in the military for 6 years (not an IT MOS), so I'm not coming at this with a ton of experience. I am fairly good at studying and have a decent memory. I have passed GCFE, SEC+, CEH, and RHCSA this year and I would say that there were things I learned in all of those that helped me with this exam.
Resources (Best to worst)
- YOU ALL
- Conrad Study guide and 11th hour
- Kelly Handerhan Cybrary
- CCCure test engines
- Boson test engines
- Sybex test engines
I read the Conrad Study guide cover to cover a few months ago, and then again when I had an expected testing date. I bought the Boson test engines and went through almost all of the questions. I then was given the opportunity to go to a boot camp which was an awesome way for me to fill in the gaps that the Conrad book didn't go through. I feel like I was pretty solid before the boot camp, so I'm not sure what would have happened if I would have braved the test without it. The company paid for us to have 30 days of CCCure test engines (over 2000 questions) and I religiously did about 250 new questions every day from the end of the boot camp to today. A few days ago someone on here (or reddit, can't remember) mentioned that the Sybex test engine's questions were the closest to the actual test, so since those books were the ones that came with my course, I got the ones form the test questions book online. Those questions were a bit over-deep at times, but they are extremely close to the same type of questions (i.e. story based questions). I went through about 600 of those over the last 3 days. Throughout the whole process start to finish I had Kelly Handerhan's Cybrary MP3's loaded on my phone and I would listen to them on commutes, during workouts or when I was just sitting around.
Test Day
I got to the location about 30 minutes early and decided to skim through all of my notes from the boot camp and talk my self through some of the things I struggled with (BCP, SDLC, etc) Then I went in to the test. Before I started the test I wrote down everything that I could think of, mnemonics, OSI Model, protocols, important words that I struggle with (i.e. certification/accreditation, Verification/Validation, etc) and things like that. All that said, I referenced my notes like 2 times...
Exam
The strategy I used was a 3 pass method I went through all 250 questions, then the questions I skipped (too long, or looked difficult), then the flagged questions (ones I wanted to spend some extra time thinking through). One thing I found helpful was to use the test against itself. There are obviously going to multiple questions on the same topics and you might be able to use one question to fill in blanks for another, which helps with both questions (Irrelevant with a CAT test). Other than that, I took one 10 minute break and finished the test in 4 hours and 30 minutes.
Lessons Learned
- Once you start studying for this test DO NOT STOP. It is a huge test with lots of things and it will be like starting over every time.
- The more UNIQUE practice test questions you can see and take notes on, the better off you will be. I learned a TON of new information reading the explanations to various practice test questions
- If you find yourself reading the Wikipedia page or some high level website to research a specific law, protocol, framework, etc. STOP! There are very few times where you need that level of information on anything. Make a one sentence definition of each thing that you can remember, and for the most part that will be plenty.
- If I could go back, I don't think I would do many things different. I would probably watch all of Kelly's videos at least once instead of just listening to them on my MP3 player because her slides showed a lot of info that I didn't get with just listening, but that's about it.
- Don't catastrophize! You WILL be weak in certain domains, NOBODY is an expert in everything. This is why you only need 700 out of 1000 to pass. Make sure that you focus on your weakness, but don't forget to keep your strong domains strong, this way you won't miss anything. Also, remember that getting a 700 on this test gives you the same result as a 1000 would. A PASS! And you won't even know which one you got, so don't beat yourself up over certain domains.
- You all are a big part of my success over the past year, I would say that I wouldn't have done as well as I have on any of the tests I've taken if it weren't for your insights and help. THANK YOU ALL!!
Comments
-
moyondizvo
Member Posts: 155
Really good stuff and great write up, congrats
I've always said this, the insights on Techexams are just invaluable. -
shoey
Member Posts: 111 ■■■□□□□□□□
Congrats! I think you're spot on with Lessons Learned #1 "Once you start studying for this test DO NOT STOP""I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan -
DZA_
Member Posts: 467 ■■■■■■■□□□
Congratulations and well done. You pretty much summarized the way I did it the second time around and I also used a few other additional resources in the process e.g. Shon Harris AIO. -
laurieH
Member Posts: 109 ■■■□□□□□□□
Well done. I particularly like your suggestion of once you start don't stop. You have to keep the momentum going otherwise by the time you've got to the end of the material you've probably completely forgotten what was at the beginning. I found that having a target date for the exam helped with that. -
mattster79
Member Posts: 135 ■■□□□□□□□□
Well done. I particularly like your suggestion of once you start don't stop. You have to keep the momentum going otherwise by the time you've got to the end of the material you've probably completely forgotten what was at the beginning. I found that having a target date for the exam helped with that.
Too true. A couple of colleagues of mine have been ‘studying’ on and off for years. You need to commit to an exam date to ensure your studies are affective.CISSP
CISM -
SteveLavoie
Member Posts: 1,133 ■■■■■■■■■□
Yes. the non-stop tip is very valuable. I studied on-off for some sec cert 2-3 years, before taking the bull by the horn and completed my SSCP and CISSP in 2017 (March and Nov). -
cisumworld
Member Posts: 18 ■□□□□□□□□□
Congratulations and thank you for elaborating the experience.
