How I Cleared The CISSP

My journey with the information security field started back in 2012. I fell in love with the field, a love from the ‘first sight,. My major is ‘software engineering’ with 11 years in the telecommunications and IT administration field. Back in 2012 I’ve cleared the Security+, ITIL and ISO 27001 certification. On this same year I’ve sat for the SSCP exam and failed. I was considering doing the CISSP exam the very next year, but this failure made me think twice; ISC2 exams are no joke!

Work, life and so on forced me into disconnecting studying for whole 3 years but the CISSP dream kept popping in my head. Back in 2016 I hit a road block, I ordered my CISSP books and started studying (with many on/off). Then I joined our beloved CISSP SNT group and this was the shifting point in my CISSP chase, couldn’t imagine FB group with such wealth of information, with such dedicated and ethical members, with such helping administration (Luke, you’re the best), with such control. So I became addicted, following the questions, reading ‘how x cracked his/her CISSP’ and tried to stimulate the experience. Real preparation for this thing - and I mean real with 4-6 hours/day started earlier this year - I did 5000+ questions from different sources during this period, I wrote my own study guide (cram version) and my own questions and when I felt prepared I registered for the test. D-Day Experience The day before the exam I never opened a book or even got near a book all day long, last time I’ve been anywhere near CISSP resource was 2 days before the exam. I wanted to clear any buffer off my head. That night before the exam day, I walked all night long, brute forcing concepts and silently stimulating my brain calling all these concepts into my short memory. Sat by a beach, fresh air and nice people laughing all around gave me the relief I wanted (thanks Fadi for the advice, it really helped). Honestly I couldn’t sleep that night, I was sure that I will pass and I even ordered my next milestone study guide - CISM, stayed up all night long thinking about the post-CISSP era. On the day of the exam. I went to the nearest Star bucks store and had double shot espresso before allowing myself into the test center. What’s weird was that my test was supposed to start at 9:00 AM, I checked in at 8:10 and then the secretary officer immediately escorted me to the test room😳 never saw that coming😂, and I was like “why so soon? I still have 50 minutes to go😂”. Inside the room and after I agreed my NDA, I started the test; the first question I’m sure I got right, then the next questions were so difficult and I mean difficult with almost three options are right, nevertheless, the hard questions in this new CAT method is good indicator that you’re on the good track. When I reached half of the questions I was sure that I’ve failed, so I took a two minute break after 50 questions and came back full of frustration, continued my test and again a two-minute break at the 80th question. When I reached the 100th question, exam ended and forced me out. Exam took me exactly 46 minutes. I went to the secretary room with the sound of the printer making me even more nervous. Then I got this shiny paper with the most anticipated ‘congratulations’ in my career. Couldn’t describe the relief in million words. My Recommended Study Method - Stick to one study guide and make it your holy book, refer to others when necessary. I had one main reference (Sybex 7th edition), AIO 7th, CBK and 11th hour (random reference on certain topics) - Read your main reference cover to cover, try to grasp as much as you can of information. If you felt like some topic wasn’t delivered properly and that you find difficulties grasping it, refer to companion study guides. - There are certain topics that would hurt you more if you cross check it in two or more references (confusion will likely take place), namely topics such as (incident response, BCP, maturity models, SDLC) and those processes-like topics, it’s better to get them from only one source. - Never try to go deep in any topic, that’s why I prefer Sybex over AIO, Sybex gets direct to the point. - Do as much practice questions as you can, my method on this was to aggregate end of chapter questions from Sybex, AIO, Eric Conrad’s and CBK book and divided them into 6x250 questions in the same CISSP domain weight. Exhausting process but it worked for me. - I must disagree with the recommendations that to read the domain and do the end of chapter questions right after, this approach will create something like ‘false sense of coverage’, my philosophy is that, right after you read your chapter, information will most likely reside in the short-term memory, and doing the questions at this stage will call these information from this memory location without fully stimulating your brain. You can test the validity of this philosophy by doing one chapter’s questions right after reading it, then two days after (notice your result in both, will never be the same!). So instead, allow your brain to drill the information down there in your long term memory by conceptualizing the topic, mapping it to the real world and try to convey it to others (your wife, friend and so on) in plain English. - One thing to remember, practice questions are not even remotely related to what you will see in the real exam, practices will only test your coverage of topics and that’s all. - Reading through NIST SP documents will help you get directly to the heads of the CISSP exam writers, they prefer that high level language of such publications. Refer to them without going into details. - Hand-writing your own notes in the language you prefer will help you a lot when referring back to them later in your CISSP stage (it’s important to write with your own expression - no one can deliver any topic to you perfectly! You can deliver perfectly to yourself.) - Did I mention practice! - Well, I guess I didn’t mention practice. References - Sybex 7th - 9/10, this reference should be your main one. Pure CISSP, a little bit dry, but doesn’t contain fluff. - AIO 7th - 8/10, Shon did a great job writing this piece, if you’re new to the IT or information security field, this book I recommend. However it’s way detailed (details that you would rarely if ever see in the real thing) - Conrad’s book 3rd edition and 11th hour - 8.5/10 - this guy - Conrad - is just great. And his 11th hour study guide is a must for the last weeks before big day. - CISSP CBK (the green book) - 6/10 - the driest, and the most dull CISSP study guide ever written - the only good thing about this reference is that it’s language is the closest to what you will see in the real thing, I recommend to do its end of chapter questions (and no more), to familiarize yourself with the language and that’s all. - Sybex official CISSP practice - 6.5/100 - I think it was very easy and basic, - I did all the 1300 questions and believe me, the questions doesn’t stimulate your brain searching for answers (except in very selective questions - no more than 30 in total to be honest, the rest you’d just answer the second you see the question). So don’t rely heavily on this resource. - CISSP SNT member area and Telegram group - 9.5/10 - Luke is such a professional fella, his practice questions and videos are unique (the depth of his questions and the simple, yet smart delivery methods of his videos are just incomparable. You won't find stuff like this anywhere else on the Internet!). The member participation on the telegram group and the variety of questions and topics they talk about on up-to-minute interval, it well covered 100% of CISSP topics in a participation-like method. Which is the method I prefer. - Kelly (cybrary.it) - 9.5/10 - Kelly is just legendary - she delivers CISSP in its simplest form. No fluff - just pure CISSP. You ask me what the key for success - and I will answer simply - good preparation. Only preparation will get you through, CISSP takes no short cut and ISC2 tests are no jokes as I said. I’d dedicate this success to this nice group admin and members. Special dedication to Luke Ahmed, Ahmed Khatib and Fadi Sodah (madunix) and everyone out there. Next milestone: CISM and SANS MSISE Thank you’ll guys