Passed the CISSP Exam / 2 Weeks Studying

Just wanted to post here and say thanks to those for all the comments made over time. The key thing that got me through today was that I read this over and over again in many areas throughout this forum:

"I felt like I failed and I had to keep pushing through it" or words to that effect. I honestly felt like that too... but I kept pushing away. There is nothing... like close to nothing that you can just pick up and just ACE the test.

Here is what I did in this order and nothing else.

1. Watched the CBT Nugget CISSP Videos (All of them)
2. Read the 11th Hour Book (this was to get a better understanding of how this was going to be broken down)
3. Purchased a 20 Pack of 5 Hour Energy's and a continuous 3/4 hours sleep a day.
4. Listened to all of the audio's (YES, in your CAR... when eating... in the shower)
OFFICIAL FREE MP3 DOWNLOAD (THANK DANIELM7) - DL each Chapter's MP3s: McGraw-Hill Education | CISSP Practice Exams

5. Read Shon Harris Book ALONG with her VIDEO. Yes, I had her video on the big screen and wrote in the book.
6. Every-time I finished a video series, I read the rest of the chapter and finished up.
7. No/Very little use of CCC and No VCEs. I just did the questions in her book and in the 11th hour book.

TIP: Doing the questions will let you know if you understand what you read, but by no far... will any of these questions ...anywhere match the level on the exam. The method on you how you study and comprehend the information is what matter most; not how much you just read and watch.

TIP2: If you feel very very weak on switches and routers, watch the CBT Nuggets CCNA series. You can dwell a-bit into CCNA security, but I would advise this if you have the time to squeeze this in. If you watch the videos on just the concepts, not the configs, you can get most of it done in about 3/4 days.

TIP3: Ok, another point I can make. I read stuff out of order... and even the book is not setup in a good order. Another thing I realized is that I made the mistake of attacking this with a SEC+ mindset.

TIP4: Another point... do not get overly technical. You need to focus on the business aspect and channel the information that you know in order to relate. For example, the Shon Harris book is long winded. If you read about RAM, she goes on about the DDR and several other types. Do you need to go this far into the weeds? No, but be comfortable to observe what RAM generally is if that makes sense. I would only squeeze in the EXTRA, when you have the left over time to do so. Do you need to know your protocols... yes... but do you need to be knees deep in it? NO. Do you know the difference between the protocols? Then yes. I'm not going to lie, I still went overboard and went too deep myself.

TIP5: So how well do you have to understand the life cycle, disaster recovery, business continuity, and risk management. You need to understand and study the heck out of it. Shon Harris did say in her video that students overlook the chapter. Most of these chapters are smaller, so do not let it fool you. Since you have to THINK LIKE A MANAGER, you have to apply what you learned from these chapters. You'll find yourself facing questions as a manager and have to know at what step you are sitting at or make a decision based on risk factors (which include the tech crap). You do not have to memorize the words heart by heart, but understand how they all flow. Such as where do you emphasize safety at which of planning (which is on cccure)? If your servers go down, do you fix it yourself? put in through change request? investigate with a team?

The order I would recommend is to Watch/Read:
1. Access Controls
2. Sec Architecture and Design
3. Software Development Sec
4. Crypto
5. Telecommunications Security
6. Physical Security
7. Ops Security
8. Info Sec & Risk Management
9. Business BCP / DRP
10. Legal

So why this order? Well, I read what was comfortable first... but that's a bad way to start. What I realized after reading this entire book is the whole point is to SECURE GENERATED DATA that SERVES a PURPOSE. So if you understand how data is first generated, how it moves in a cpu, then how it coded... then you understand how to encrypt it... and then security it through telecommunications. Steps 6 - 10 provide a better in how to tackle it in a business aspect.

SUMMARY: Study your heart out and care about why you want to take this test. DO NOT JUST take practice exams! Do the READING! What's the point? Every time I read or watched a video, I learned something.

Find more posts tagged with

Comments

beads

And looking at the number of previous certs, etc. You appear to be quite comfortable taking tests by now, right? That alone is probably the second largest determining factor in successfully taking the exam. Don't kid yourself.

Most people who are failing really haven't had much in the way of exam time since college let alone commercial exams. Two different animals.

- b/eads

mjsinhsv

beads wrote: »

And looking at the number of previous certs, etc. You appear to be quite comfortable taking tests by now, right? That alone is probably the second largest determining factor in successfully taking the exam. Don't kid yourself.

Most people who are failing really haven't had much in the way of exam time since college let alone commercial exams. Two different animals.

- b/eads

I would also wager with all of his certs that he has a bit of real world experience which makes a BIG difference on this test.

jvrlopez

beads wrote: »

And looking at the number of previous certs, etc. You appear to be quite comfortable taking tests by now, right? That alone is probably the second largest determining factor in successfully taking the exam. Don't kid yourself.

Most people who are failing really haven't had much in the way of exam time since college let alone commercial exams. Two different animals.

- b/eads

This. I always thought the years of practice assessments and state mandated tests in Texas public schools helped me with test taking and the CISSP.

papadoc

beads wrote: »

And looking at the number of previous certs, etc. You appear to be quite comfortable taking tests by now, right? That alone is probably the second largest determining factor in successfully taking the exam. Don't kid yourself.

Most people who are failing really haven't had much in the way of exam time since college let alone commercial exams. Two different animals.

- b/eads

Watch the video below. More people fail because they have a ton of security experience but don't think in the ISC2 "world." The "English major" analogy passing the exam is a good point.

https://www.youtube.com/watch?v=R_gJ8XUHQbs&t=94

kiki162

How long ago did you pass the exam?

colemic

GForce75 wrote: »

I have real world manager experience of IT, but not in the CISSP realm, nor security. When I opened that book, 80% of it was new to me. Sec+, Proj+, and ITIL are what helped a little bit. My point is that I followed an order to pass the exam. I have buddies who took the test and failed because they took nothing but practice test... they did read... but didn't follow a good order on how to pass the exam. Anyways, I'm not here to debate my stuff. I'm just sharing a logical order that I believe is overlooked in studying for this exam.

Based on your statement, you won't qualify to be a CISSP for several years, if you don't have experience in the security realm/domains...

NetworkNewb

colemic wrote: »

Based on your statement, you won't qualify to be a CISSP for several years, if you don't have experience in the security realm/domains...

Can't you still take the test and pass it though?

dark3d

NetworkNewb wrote: »

Can't you still take the test and pass it though?

That makes you an 'Associate of ISC2'. Step 2 is validation and authentication of work experience.

Putting anything on your resume before you obtain the email will only delay the process. I would also recommend not updating your profile with that credential until you have it.

dark3d

I think a few of us are trying to figure out why you have CISSP listed as one of your certifications. If you sat the exam yesterday, then this is not correct.

Danielm7

Which audio files? Have a link?

colemic

PAGING Mr. B/EADS...

AND I'm not not nitpicking. You clearly stated you don't have CISSP-realm experience, or even in security... you just said you had no CISSP-relevant experience, and then said your job in the military covered several domains. I'm not aware of any domains in the CBK that are not related to security.

And dark3d is correct - you shouldn't list it as a cert. You aren't certified.

PAGING Mr. B/EADS...

GForce75 wrote: »

Yes, I qualify. I'm have 14 years in the US Military. My jobs cover several domains. I mean I haven't practiced active security as a manager, but I have with other stuff. i.e., physical, database, and several other aspects. I don't understand why you guys are nit picking here. I'm done with this. I'm providing info. Best of luck!

jvrlopez

Not knocking anyone, but it's funny when people pass and immediately list "CISSP" or "Associate of ISC2 (CISSP)" in their profile. The awarding of the CISSP needs the completion of the endorsement process, and even being awarded the associate level needs a formal declaration to be completed with ISC2.

BlackBeret

What he's saying is that he never had a job as an Information Systems Security Manager, but that most of his jobs for the last 14 years have encompassed various domains. He may not be a security manager, but he's an IT manager. 14 years in the military and you pulled guard/CQ on a rotating basis the whole time? Physical security. You worked with commo equipment on a regular basis? Cryptography. Etc etc.

Someone posts on here outlining the steps he took to pass in a short time in order to provide motivation and maybe some tips for other people and everyone jumps on the fact that he listed a cert in his profile and wants to question his life experience? I come on this forum for tips, advice, etc when it comes to some things since I recently made the switch over to a full time IT job and it's helpful at times. I also seriously think some people need to relax a bit, get off the computer, get a life, learn how to interact with other people, and focus on the important things rather then getting wound up over the dumb stuff.

papadoc

BlackBeret wrote: »

What he's saying is that he never had a job as an Information Systems Security Manager, but that most of his jobs for the last 14 years have encompassed various domains. He may not be a security manager, but he's an IT manager. 14 years in the military and you pulled guard/CQ on a rotating basis the whole time? Physical security. You worked with commo equipment on a regular basis? Cryptography. Etc etc.

Someone posts on here outlining the steps he took to pass in a short time in order to provide motivation and maybe some tips for other people and everyone jumps on the fact that he listed a cert in his profile and wants to question his life experience? I come on this forum for tips, advice, etc when it comes to some things since I recently made the switch over to a full time IT job and it's helpful at times. I also seriously think some people need to relax a bit, get off the computer, get a life, learn how to interact with other people, and focus on the important things rather then getting wound up over the dumb stuff.

Pretty much man. It's some real female nonsense to be worried about what another man is doing, if the dude wants to list his certs after getting them so be it. Why does it concern others? There is so much hate in some of these threads, I find it a turn off. Be positive, "GForce" passed his test, what he lists in his profile whether appropriate or not is between him and the certifying authorities.

Chuzpah

jvrlopez wrote: »

Not knocking anyone, but it's funny when people pass and immediately list "CISSP" or "Associate of ISC2 (CISSP)" in their profile. The awarding of the CISSP needs the completion of the endorsement process, and even being awarded the associate level needs a formal declaration to be completed with ISC2.

What if you can only prove 4 years of security experience, will get you automatically demoted to Associate CISSP?

GForce75

Black Beret and Papa Doc, thank you. I can go back 14 years to cover various domains. I worked in legal departments, PM jobs, crypto keys and etc. I was just pointing out some helpful methods due to crunch time. Thanks again and best of luck everyone!

pFunkSTL314

Thanks for the info and congrats

GForce75

pFunkSTL314 wrote: »

Thanks for the info and congrats

thanks brother. are you taking it before the deadline?

broli720

Congrats on passing the exam. I think it's kind of pathetic the amount of effort some of you are going through to determine if he will meet the experience reqs. That is between him and ISC2. Having an inferiority complex is not a good look and there tends to be a lot of it in this industry.

Chuzpah

Congrats!

Thanks for the great write up, it is appreciated. I'm taking a similar approach but giving myself a month instead. I have the audio MP3s for CBTNuggets I'm listening to when I'm not at my computer and it has been helpful to reinforce knowledge but I will check out your audio links as well.

GForce75

Chuzpah wrote: »

Congrats!

Thanks for the great write up, it is appreciated. I'm taking a similar approach but giving myself a month instead. I have the audio MP3s for CBTNuggets I'm listening to when I'm not at my computer and it has been helpful to reinforce knowledge but I will check out your audio links as well.

No prob man. When are you taking the test. A month is fine, but hopefully your taking by the 14th before it expires. Those audio links are the same audio files you have, so ignore that.

NetworkNewb

broli720 wrote: »

Congrats on passing the exam. I think it's kind of pathetic the amount of effort some of you are going through to determine if he will meet the experience reqs. That is between him and ISC2. Having an inferiority complex is not a good look and there tends to be a lot of it in this industry.

Seriously

Danielm7

Thanks for the update on the MP3s, are the same as these?
McGraw-Hill Education | CISSP Practice Exams

GForce75

Yes, you are spot on! Great you found an official way for people to DL. I'll post the update on the front page.

beads

colemic wrote: »

PAGING Mr. B/EADS...

AND I'm not not nitpicking. You clearly stated you don't have CISSP-realm experience, or even in security... you just said you had no CISSP-relevant experience, and then said your job in the military covered several domains. I'm not aware of any domains in the CBK that are not related to security.

And dark3d is correct - you shouldn't list it as a cert. You aren't certified.

PAGING Mr. B/EADS...

Lets not confuse myself with the original poster. If you'd like to see my full resume' and/or CV, send me a PM and we can discuss it but I've pretty much been in the security field for decades. LOL.

Personally, I've meet many people who don't even come this close to have been a security practitioner of any sort, let alone had a career in IT, yet still become endorsed as CISSPs. How does this work? It doesn't.

Next interview: "I'm studying for the CISSP..." but he sucks at security. Now, give him a high level position for trying hard.

- b/eads (First initial, last name. Tricky!)

beads

papadoc wrote: »

Pretty much man. It's some real female nonsense to be worried about what another man is doing, if the dude wants to list his certs after getting them so be it. Why does it concern others? There is so much hate in some of these threads, I find it a turn off. Be positive, "GForce" passed his test, what he lists in his profile whether appropriate or not is between him and the certifying authorities.

Pardon me while I get in touch with my "female side" as I am more prone to being a masochist-pig myself.

Its not just the certifying body that needs to enforce the rules but the membership at large. Its one of the main requirements for a professional organization: self enforcement. Hence we are a guild of practitioners not professionals. There are other requirements as well that we don't begin to qualify but thats for another thread.

Code of ethics, anyone? Oh no. That would be between the candidate and the certifying body. Employers should likewise turn a blind eye to the lack of ethics as well. Just makes things too complicated otherwise, now doesn't it.

- b/eads

fullcrowmoon

papadoc wrote: »

Pretty much man. It's some real female nonsense to be worried about what another man is doing, if the dude wants to list his certs after getting them so be it. Why does it concern others? There is so much hate in some of these threads, I find it a turn off. Be positive, "GForce" passed his test, what he lists in his profile whether appropriate or not is between him and the certifying authorities.

Seriously? Female nonsense? I agree that the cert stuff is turn-off, but so is your comment about women. Being obnoxious is not a gender-specific skill.

beads

fullcrowmoon wrote: »

Seriously? Female nonsense? I agree that the cert stuff is turn-off, but so is your comment about women. Being obnoxious is not a gender-specific skill.

Where there is skill there is certification in which to prove such. Or feels that way as of late. You got a link to that one, fullcrowmoon?

Why do feel like I have just left a really small car (the CISSP) with other people all wearing impossibly large shoes and red noses - all one after another?

- b/eads

kiki162

beads - Amen

Papadoc - The female comment is obnoxious. Read up on the ISC2 exam process next time.

fullcrowmoon

beads wrote: »

Where there is skill there is certification in which to prove such. Or feels that way as of late. You got a link to that one, fullcrowmoon?

Why do feel like I have just left a really small car (the CISSP) with other people all wearing impossibly large shoes and red noses - all one after another?

- b/eads

Eh, b/eads, you're right about the cert bits. I'm dying to add CISSP to my work sig line after working so hard for it, but I won't until the paperwork goes through. Patience, young Padawan. Or something.

I'm totally doing a Kickstarter to certify people in obnoxity. Which is a word of great relevance which I just made up.