Give the Acclaim badge above a click to verify I’m not a giant liar and actually a CISSP
This year I decided to invest in some industry certifications to compliment the experience I had gained over my career. After taking part in events ran by the awesome ISC2 North East England chapter and seeing the value that the CISSP and (ISC)2 provides, I decided that the CISSP would compliment and add depth to the CISM which I completed earlier in the year.
This is how I passed the exam and what I think you’ll need to pass too. Note: I will not share any of the exam content, just some great tips and resources that massively helped me. Use these resources and you’ll be able to tell your Bell-LaPadula’s from your Clark-Wilson’s in no time.
Before I get to the good stuff, I thought it’d be a good idea to tell you a little bit about the exam. You’ll have to take it at a local Pearson-Vue test centre and (ISC)2 require some extra security procedures to ensure the integrity of the exam. The exam covers the eight CISSP domains and you have three hours to complete it. There are a maximum of 150 multiple choice questions, but you can pass or fail at 100 – I passed at 100, if you find yourself answering question 101 don’t worry too much as the vast majority of people I’ve spoken to who have taken the test went passed 100. Remember after you’ve taken the exam you’ll need to have five years of infosec work experience endorsed by a current CISSP and agree to the CISSP code of ethics.
I don’t find intense bootcamp courses very helpful, so I decided to use books and online learning resources. A lot of people I’ve spoken to say that ‘sixteen weeks is the sweet spot for home studying’ but I gave myself twelve weeks. I’ve included the list of resources I used complete with affiliate links, In the hope that next year I’ll be writing a post titled ‘How I Bought a Ferrari From CISSP Affiliate Links’
The Official (ISC)2 CISSP Study Guide and Practice Tests – Sybex
The official Sybex study guide contains the entire body of knowledge that you will be tested on. It’s comprehensive and extremely thorough, but it’s dry as hell. This isn’t a book to sit a read on a quiet night, I used it as a reference resource to dive into subjects that I wasn’t clear on. The practice exam book is good to help identify weak points and have someone else test you.
Essential CISSP Exam Guide – Phil Martin
This book is worth its weight in gold. I purchased both the audiobook and the Kindle version. Any time I was in the car I was accompanied by the audiobook with Phil Martin himself reading his clear and easy to digest guide to the body of knowledge. Where the official Sybex book can be quite dry reading, this is a lot more easy going. I listened to the audiobook twice through during commutes and road trips.
Eleventh Hour CISSP: Study Guide – Eric Conrad
This is book is the CISSP equivalent of Homer Simpson’s famous make-up gun – It’s just going to fire all the content at you quickly. It covers the each of the core concepts in the CBK at a very high level and great to use as a resource to identify any weak areas and remind you of little details you may have forgotten. Use this with the Sybex guide to expand on those areas. I read this cover to cover twice in the two weeks leading up to the exam.
CISSP Accelerated Course – ITPRO.TV
http://ssqt.co/m5fBjnL – Sign Up to ITPRO.TV here!
This course takes about thirty-three hours to complete, but it’s quite fun to watch. The material is presented by uber-pro Adam Gordon who’s entertaining nature helps keep you awake. Each episode is around half an hour long which makes them perfect to watch whilst eating lunch at work or during the evening via a smart TV app. The quality of the video material is amazing and the downloadable material is a great help. I Highly recommend this gem. Adam Gordon will also give daily CISSP test questions via his Twitter
Pocket Prep with Mobile App
The PocketPrep app is another good way to quickly work out where your weak points are. I purchased the full 700 question set and took mini exams whilst on the couch and just before bed. The app will also give you explanations for the correct answer which I found incredibly useful.
ExSim-Max for CISSP – Boson
This resource is a must. The Boson questions and software (windows only) is the closest representation of the final exam you’re going to get. I used this as a study resource for the last week, taking full 150 question exams so that I was fully conditioned for the exam process.
Studying with others who are taking the exam or have taken the exam is also really helpful.
https://community.isc2.org/t5/Chapters/bd-p/Chapters – Find your local (ISC)2 chapter and chat to members at events.
https://www.reddit.com/r/cissp/ – The CISSP Sub-Reddit is full of others studying.
https://discord.gg/k5QsWmT – This Discord server is also full of people studying and people who have passed and happy to pass on tips.
Some studying tips
If like me the last time you studied for anything was years ago it can be a little daunting to face something as vast at the CISSP material. Here are some tips and techniques that I found useful;
- Create a study timetable with clear milestones so you know you’re on track.
- Learn how to use ‘memory palaces’ to memorise areas with lots of complex material. https://m.wikihow.com/Build-a-Memory-Palace
- Use phonetics to remember ordered lists E.g. – The OSI model from layer 1-7 can be remembered using the phrase: Please Do Not Throw Sausage Pizza Away (Physical, Data Link, Network, Transport, Session, Presentation and Application)
- Take days off. Getting though the material doesn’t necessarily mean you’re processing and understanding it. Make sure you get good amounts of sleep, take proper breaks and actually communicate with other humans.
- Write it up, type it up. Use an old school pad and pen when making your notes as you study then make time to type them up into a note taking app. Repetition will help you absorb material and typing them up will make your notes easily searchable.
Advice on Taking the Exam
The night before the exam – stop studying and relax. If you don’t know it at this point it doesn’t matter. If you fail the exam the world will continue to turn. Chill out, spend time with friends.
The morning of the exam you should definitely watch Kelly Handerhan’s ‘ Why you will pass the CISSP’ video. It’s almost bad luck not to watch it.
Once you are signed in and taking the exam most people report the same experience; that you’re convinced you’re not getting any of the questions right, you’re unprepared and none of these questions are close to any of hundreds of practice tests you have done before. Stop, take a breath and think about what the exam is trying to accomplish. A CISSP should be able to tackle situations armed with the body of knowledge. Sometimes all of the answers will seem correct, so choose the least wrong answer. I found it very helpful to re-read the question and visualise the scenario happening in my own work place and what action I would take in the real world.
Which brings me to my last piece of advice: Read the question, read each of the answers, then read the question again – imagine you are a lawyer trying to decipher a contract and look for specific words like ‘least’ and ‘most’ in the questions to help guide your decision making.
Good luck! Do not underestimate how difficult this exam is, take your studying seriously and you’ll ace it. I’m happy to answer any questions over on my Twitter