took the CISSP

I took the CISSP exam yesterday. I'd been studying on and off for a while now but because of classes and other endeavors I just haven't had the time to prepare myself to actually take it. With classes starting up next week I saw an open seat and thought I'd give it a shot.

- about an hour into the exam I realized the strategy of taking a shot at the exam and then just retaking it if I fail is a horrible idea, the CISSP is a grueling experience and I wouldn't want to go through it again.

- The Clement Dupuis guy preaches that the top 5 must know domains are Infosec management/governance, app sec, bcp/drp, telecomm/network sec, and acc control and he is right on. Master these and you will master this exam.

- I also had a lot of crypto and physical sec questions which is fine by me. Also lots of malware attack questions which were a nice break from the sometimes strangely worded management and legal questions.

- all of the questions were relatively straightforward, the first run through I felt like shaky but when I checked my answers I felt very confident that I had passed it. btw, I'm a fast test taker and the first time through took me about 3.5 hours and an additional 2 hours to go back over my answers.

I think JD's blog on here is a great place to start, also check out cccure but the gaudy layout of the site kept me away. I liked the AIO, CISM, and the new Syngress study guide released this year. One piece of advice is go through the standards (ISO 27001 et al.) and make sure you know them very well.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

TrainingDaze

and thanks to everyone who has contributed on this site, all of the posts really helped me out and guided me into the right direction. I'd also be happy to help any of those about to take the exam or wondering where to start.

I'm really happy to have this juggernaut out of the way now. It's not the funnest experience but I definitely learned a lot and earning a CISSP is the most marketable cert by and large for us infosec folks.

I'm even MORE happy to be able to move on to the next challenge, my school classes start tomorrow but I'd really like to follow the DoD8570 requirements plan and knock out the CEH at some point this spring.

UnixGuy

Good luck man, I hope you pass

What's your experience background ? I'm thinking of taking it this year, we'll see

TrainingDaze

UnixGuy wrote: »

Good luck man, I hope you pass

What's your experience background ? I'm thinking of taking it this year, we'll see

Thanks Unix Guy

I'm pretty confident that I passed but will have to enjoy several weeks wait for the confirmation.

I've served several information assurance roles with the DoD, but for taking the CISSP the best preparation were the classes that I've taken that went a mile deep and an inch wide into cryptography, access control, bcp and security management. If you don't have an extended background in security it by no means dictates your level of success with this exam, in fact a buddy of mine at the state department told me that he's noticed that the people with less experience who depend more on learning the material "from the book" do much better than those with a lot of experience who depend on their experience for reaching the correct answers.

Also a great piece of advice when preparing is to take a LOT of practice exams but it's not that important to answer the questions right or wrong, but to be able to run through each optional answer and provide reasons why they are (or are not) the correct answers. Doing this is tedious but it gets you results fast!

Of course, this may also lead to occasionally flipping to the "author bio" pic on the back of the book followed by a disapproving head nod when you realize that the author's provided solution was incorrect..

[Deleted User]

No formatter is installed for the format not-found

TrainingDaze

sabooher wrote: »

There were many areas which I focused on, only to wind up with maybe one or two questions on the exam. Then there were other areas I focused where there were no questions at all.

Absolutely! I can't tell you how many times I read that "the only guaranteed question that one will be asked on the CISSP is a question regarding the ISC2 code of ethics" and, of course, there were 0 questions about the ISC2 code of ethics

ibcritn

TrainingDaze wrote: »

Absolutely! I can't tell you how many times I read that "the only guaranteed question that one will be asked on the CISSP is a question regarding the ISC2 code of ethics" and, of course, there were 0 questions about the ISC2 code of ethics

Good luck, I hope you passed.

I recently took the exam myself....and yes a grueling process from which I hope I don't have to repeat.

TrainingDaze

ibcritn wrote: »

Good luck, I hope you passed.

I recently took the exam myself....and yes a grueling process from which I hope I don't have to repeat.

Thanks bud, good luck to you too. I hope you get a pass email sometime soon.

I see you're doing the MS with certs on the side also, it's pretty crazy trying to juggle all of the classes and going for certs. Are you doing the gcih with the live online class or just studying the material on your own? I've gone over some of the coursework and hope to address it sometime after ceh but not sure just yet

TrainingDaze

hey so I just got the congratulatory email from ISC^2, less than 2 weeks from when I sat for it on 1/22 in Reston.

I'm really relieved that I don't have to take it again and I can continue moving on and learning new things.

TrainingDaze

Does anyone know if you can find out your actual numeric score? maybe if I emailed isc^2?

rwmidl

TrainingDaze wrote: »

hey so I just got the congratulatory email from ISC^2, less than 2 weeks from when I sat for it on 1/22 in Reston.

I'm really relieved that I don't have to take it again and I can continue moving on and learning new things.

Congrats! I'm up for the test on March 19th!

ibcritn

TrainingDaze wrote: »

hey so I just got the congratulatory email from ISC^2, less than 2 weeks from when I sat for it on 1/22 in Reston.

I'm really relieved that I don't have to take it again and I can continue moving on and learning new things.

Great job! Based on your responses to previous posts I fully expected you to pass.

-Addressing your question earlier I am self-studying for GCIH. I MAY actually pay for a SANS course, but it will be later as my M.S. classes eat up my training budget very quickly. It is never easy to juggle certs/classes... can be quite challenging indeed.

security tech

I love your confidence, I cannot wait to hear that you passed the exam.

I am just now starting out studying for the CISSP. I am going to purchase the AIO by Shon Harris. Read and study that. Then I plan to purchase the IC2. Read and study that. ccure.org (study as well). Can you provide any other tips and techniques that you found helpful. I plan to take the exam Fall of 2011.

TrainingDaze

@rwmidl: thanks! best of luck to you as well, a month out from the exam date just try to pace yourself and hone in on where your weak areas are and spend some time there. I'm sure you'll do great

@ibcritn: yeah I totally agree with you, luckily a lot of the class work overlaps or at least provides good fundamentals for the cert exams. I'm probably going to put off CEH for later the summer just because the classes are so intense right now.

@security tech: I think the AIO will serve you well, especially so far out from the actual exam. Be sure to schedule the exam early because spots fill up fast and it's really good incentive to stay on track with your studies and not put them off.

I also liked the eric conrad study guides for CISSP. They were really concise and got right to the point on what I really needed to know. Download this (http://home.cogeco.ca/~ericallaire/Document/CISSP%20aide%20memoire%20(e)%20v4.pdf) and run through it regularly.

Also I have a big whiteboard in my room and I wrote up there some of the concepts that I was really slow to pick up such as the BCP process in depth, the ISO standards and the OSI chart of what firewalls and technolgies operate in which layer. It really helped A LOT to actually look over and see all of these things and I was pretty surprised to find how fast I memorized them just by putting them up on my wall.

Overall just set the exam date and don't get discouraged, it's a lot of information but if you keep chipping away at it you will be shocked come fall at how much information you have learned and how easy the exam will be.