My road to CISSP

Hi everyone,

I had learnt a lot from you so I'd like to share my experience about the exam and the preparation.

Exam Date: 31 March 2012, Sydney
Result Date: 9 May, Passed

My Background

Bachelor and Masters in IT
6 years of security experience in software development, system hardening, security assessment, security product implementation.

Exam Preparation

Material

Shon Harris AIO v4, I bought it years ago, but still found it relevant
Practice questions from cccure.com (only the free ones)
A CISSP summay
Wikipedia

Study Plan (3 months)

Read AIO at the rate roughly 1 chapter per week, turning to wikipedia for anything I wanted to learn a bit more. Altogether spent about 2 hours a day.
Then did the AIO practice exams chapter by chapter, scoring from 60% to 90%, and then went back to re-read the stuff I missed. This took about 2 weeks.
Took a few days off work before the exam date and started cramming trivia facts like the distance between light poles (found this effort totally wasted). Did the AIO practice exams again, this time getting close to 95%. Also did the cccure.com questions and got about 80%.

Exam Day

The day before the exam I got so sick of studying I stopped all together. Went to have a great meal, played games and stuff. I made sure I went to bed early and slept well that night.

On the day I brought with me some water, lots of high sugar content snacks. A big shot of coffee right before the exam helped too.

Half an hour into the exam I was thinking "wtf...I was never prepared for this". That's because the questions were so different to the practice questions. All the practice questions focused on only one thing, like "what does class B fire extinguisher cover". But the exam questions had scenarios, covered multiple domains and were often right to the point that if you didn't know exactly how things work in a given topic, you simply won't get it. The good news was there were very few of the trivia/definition questions like "what is HSSI" or confusing questions like "Is availability addressed by encryption".

I went through the questions and filled in the answer sheet as I go, marking the ones I wasn't sure. So I went through all questions in 4 hours with about 40 questions I had to review. Spent the next 2 hours reviewing all of the questions (including the ones I did), and I was probably the last person to walk out. I strongly suggest reviewing your answers as that saved my at least 3 stupid mistakes - every bit counts.

I had a lot of the questions (15 - 20%) that I had never seen in any of the study material. I had to rely on my work experience on those, and that really saved my life. I don't believe these are something one can cram in in a couple of months though.

Something I thought might help with those studying. I was hugely frustrated by the tiny differences in definitions given by the textbooks, such as if the Parallel Test is a partial or a complete DR test, and if it involves taking some production environment down. In this case the AIO and the CISSP for Dummies have totally different definitions. Don't worry about these, but focus on understanding the big picture such as why it should be carried out and under what situations.

Good luck to you all!!

Find more posts tagged with

Comments

Nadzz

congrats mate, i am also start to study Sybex, CISSP 4th edition study guide july 2008, James Michael Stewart, ED Tittel and Mike chappele,
Shon Harris AIO v4, is this covers all the CISSP topics in detail?

Any idea how often the CISSP material changed? sorry for all these questions, i am totally new to CISSP.

Thanks in advance.

YuckTheFankees

Congrats on the pass, I have heard the CISSP is a beast!

dmoore44

Congrats Agent Lithium - sounds like a well earned cert!

Agent Lithium

Nadzz wrote: »

congrats mate, i am also start to study Sybex, CISSP 4th edition study guide july 2008, James Michael Stewart, ED Tittel and Mike chappele,
Shon Harris AIO v4, is this covers all the CISSP topics in detail?

Any idea how often the CISSP material changed? sorry for all these questions, i am totally new to CISSP.

Thanks in advance.

Nadzz, I can't comment on the other ones as I didn't use them, but I'm fairly confident the AIO v4 is still very relevant and has all the hard facts you need to know. That being said I had a look at the v5 and there are something new e.g. cloud computing, VoIP but they are minor topics and you may or may not encounter them at all in the exam. What I would worry about are the "soft" stuff that aren't covered in the books at all, things that require you to use your understanding and experience to make decisions. And you hardly see them in practice exams too. Good luck!

Techronik

Lithium,
I have seen really good things on other posts about the AIO (v5) material (http://www.techexams.net/forums/isc-sscp-cissp/77179-heres-how-pass-cissp.html, and http://www.techexams.net/forums/isc-sscp-cissp/77081-took-cissp-exam.html). I like what you said about "What I would worry about are the "soft" stuff that aren't covered in the books at all, things that require you to use your understanding and experience to make decisions." This seems to be a common thread in a lot of posts. The problem is - where do you find the soft stuff not covered in the books? I've seen references to this kind of questions that "no text can prepare you for." Can you give examples (not the test content of course) of the setup and approach that is common in the test? I've heard that putting on different "hats" for each question (CSO, auditor, etc.) can help - as you try to think of the question from that perspective, and the focus becomes clearer. I've heard the 1" deep analogy many times, but the comments that "I didn't see any of the practice questions I spent hours on" seem to be contradictory to that.
I guess I'm looking for some examples of the formation of the questions so I can know what to look for when I'm reading and studying. The broad, 1" deep perspective seems to point to the need to know how all of the areas of security relate on a surface, but comprehensive level. But many comments from those taking the test seem to point to a need to know all the technical details of each system, application, protocol, and acronym.... Any comments would be appreciated!