top of page

How Zak Cracked His CISSP Exam


How I cracked my CISSP Exam.

In the CISSP exam, devil isn’t in the details but in the big picture.

Context First, I have to say I have almost 20 years of IT experience. I’ve had several roles such as: network cabling, desktop assembly, network admin, system admin, Project manager, team leader, Infrastructure Manager and Head of IT Operations.

I spent 13 years in my last employer, the biggest bank in Europe. I managed SysAdmins, Network Admins, DBAs, Project Managers, you name it. I now realize the chance we had with internal developers, they were pain in the backs but now I’m grateful. You never know when bad experience will be useful.

Today it was. I’ve been consistently in contact with internal and external audits. Audits from regulators are the scariest ones. Before leaving the bank, I had 2 managers, one was the global head of IT Operations and the other one was the local COO. We were doing DRP tests every year, we had risk committees every week and I was part of the BCP Committee.

This work experience was 70% of the exam. This was an unfair advantage but hey, it’s a management certification after all. Decision Process My employer decided to wind down business in Monaco (where I used to work) because of derisking. I thus decided to found my company specialized on IT Consulting. I was going back to get Cisco certifications once again but a friend of mine told me I should use my management experience in another certification and put all efforts on cyber security. I advised me to be a CISSP. It took me 3 minutes to think about it and agreed with him. I’ve been thinking about CISSP and CISM for 3 years. I procrastinated. Now I’m out of job, it’s time for action. I started my preparation 2 and a half months before the test date. No boot camp, just books. It was a bet I took with myself. Study I started with Shon Harris’ AIO. 1300 pages but I was determined. The first 2 domains were really nice to read. Very interesting and stuck to my job experience. Then I started domain 3… Oh boy, it was a disaster. I couldn’t understand ANYTHING about cryptography. I have a very thorough experience in PKI and I was totally confused after reading this book.

Moreover, too much humor kills humor. I ordered Eric Conrad Study Guide right after I read the sentence “Put on your nerdy hat with the propeller and follow me…” or something like that. Never opened AIO again. For now. I will certainly read it while writing a Security Policy. It’s a boring encyclopedia but still an encyclopedia. I didn’t get any other book for the exam. For someone like me who hates details Eric Conrad was perfect. It doesn’t cover the CBK fully. So what? In the CISSP exam, devil is not in the details but on the big picture. Every time I finished a domain, I was using question tests and not going anywhere until I hit 80% twice.

Test Banks opinion - CCCure : Good to start with but too deep. Too much questions about details and not about what a concept really means and implies. That’s the key, for every concept, you need to understand the implications. I did all questions (1800) in a month with an average of 85%. Last day, I was at 90%. An AI can pass it easily. Explanations are rarely satisfactory.

- Total Tester : not user friendly. Boring questions, too deep. Did like 800 questions. Also, an AI can achieve 100% to any quiz without any problem.

- Transcender : Only 250 questions but they make you think instead of doing memory dump. Difficulty equivalent to actual test.

- Sybex : Just like CCCure but better worded and explanations are clearer. Did all questions.

- Luke’s SNT Test bank : This is something I call a real test bank. I can’t imagine the work to build those questions AND the explanations. As for now, no AI could pass it. A bit more difficult than the test. Bravo. It’s meant to be used once you achieve 85% on other test banks. Strategy Once I was above 80% on CCCure, I scheduled the exam. I was not confident but no one is. I told myself, “You have one month to be at your best.” The issue is I live south of France and no ISC2 approved test center is nearby. The easiest for me is located in Paris. That implies, flight, hotel, Uber, etc… Lots of money. But still worth it. Another issue with France is the ability for French people to go on strike. You really need a BCP/DRP strategy when you plan such an endeavor. Two weeks before the exam I went to Barcelona for a whole week end with my girlfriend. Didn’t read anything about CISSP for 3 days. It’s a good thing to do. First you relax and start thinking about something else. Then when you get back to your study, you really know what you learn is really within your long-term memory or not. It’s a good measure. I used to spend 5-6 hours a day studying and practicing questions. But less during the week end. Why? Same thing: to be sure what I learnt was deep inside my memory and if it wasn’t, I had to study it harder. I started to get bored with the questions have been provided. 80% brain dump. I needed something that made me having a real reflection. 4 days before the exam date, I decided to be a member of Study Notes and Theory by paying a subscription. Luke’s questions are amazing. I already talked about it earlier. Day before the exam I had a flight one day prior the exam. There were some strikes in France (what a surprise) but I managed to reach the hotel safe and sound. This was pretty stressful in addition to the exam itself. The worst part was my Uber driving who had 2 road rages between the Airport and the hotel. I was like “you gotta be kidding me, it’s a hidden camera, a prank, whatever…”. Anyway. Studying the last day is useless. I walked for hours throughout Paris just to enjoy life and get some (polluted) air. I went to see where was the test center, how to access it, etc. I even measured the time to walk between the hotel and the test center, back and forth. I had diner in a nice BBQ restaurant and when I was back in the hotel, I watched some documentaries on Netflix. I slept at around 11 pm or so. Exam day My girlfriend called me to wake me up, just in case. It felt good to know you have support. I took 2 coffees, fresh fruits, checked out and went early to the test center. I was the first to walk in. Exam started earlier because I agreed to it. My pace was okay at first but I then slowed down. English is my second language and I mainly learned by myself. At the 65th question, I spent 90 minutes already. I started to panic cause I was pretty sure I’ll have to go to the 150 question. I needed to reach Question 100 at 120 minutes. I started to rush and believe it or not, I caught up. Once I was at my 100 th question, I was really scared. I hit Next and the hourglass appeared. It was stuck for 5-6 seconds. Longest 6 seconds of my life. Then the screen turned to something saying “go find your result to the proctor”.

Like everybody else, I sensed I failed. But I was not panicking anymore. I was very calm. The printer was not turning up. The proctor told me I didn’t hit “End” so she did it. The printer immediately started and the lady gave me the result. I glanced directly to the first word of the paragraph and once I read “Congratulations”, I took a deep breath and left. 3 minutes after, my hands started to shake as I was trying to take a picture of the page result. I realized a bit late that this milestone already was behind me…

Tags:

bottom of page