Just knowing what the CISSP exam even is puts you ahead.
Wanting to attempt it puts you even further.
Then actually passing it puts you in a completely different category of security professionals.
Studying for the CISSP is a decisive action. One has to choose to pass it with firm resolve.
Having a positive and unrelenting mindset is just as important as having all the CISSP books, practice questions, flashcards, videos, or direct security experience.
Do I Need Experience To Take The CISSP Exam?
The ability to take the "CISSP" exam is open to everyone. But that doesn't mean everyone can pass it.
When I say "open to everyone", I mean there are no experience requirements or any other prerequisites to walk into a testing center, sit down at a test terminal, and take the actual exam (as long as you pay the steep $749 exam fee beforehand).
If you pass the exam, then it gets a little complicated.
If you have 5 years of direct hands-on real-world security job experience in the current 8 domains of the CISSP Common Body of Knowledge, then you can put "CISSP" after your name. You will be sent an impressive welcome package in the mail and receive a nice-looking certificate that you can hang on your office wall (after the endorsement process is over).
If you don't have 5 years of experience (you can substitute 1 year of experience with either a college degree OR another tech certification), then you will be known as "Associate of CISSP". You will have six years after that to obtain the five years of security job experience and then apply for endorsement to become "CISSP". Got all that?
Basically, you can take the exam anytime. If you work in the security field already, you probably won't have a problem getting the official title of "CISSP".
If you don't have the experience, you can feel good about the fact that you passed one of the most difficult exams on the planet, but you just can't call yourself a "CISSP" yet.
The (ISC)2 also has a new entry-level certification out called the "Certified in Cybersecurity" exam. If you want to start out with that first, please check out The SONIC Project.
What Books Do I Need?
Okay, now the fun part! The BOOKS! There are a few books that you just have to get. I mean don't take it from me, the following books are the "Top Books To Prepare You For CISSP Exam" as stated by the prestigious (ISC)2.
Here are the standard books you have to get if you want to pass the CISSP exam:
All-in-One CISSP Exam Guide Ninth Edition by Shon Harris
If you read this book 3 times cover to cover, you will be able to fully talk the language of security. This book is like the CISSP encyclopedia. Perfect for those who want an in-depth comprehensive breakdown of essential CISSP topics.
It is detailed, it may even be overkill for the exam. But it is worth it. You and this book will create some good memories together.
The end of the chapter questions are some of my favorite, and I think closest to the exam. You can sense that there was a genuine effort put into this book.
If you plan on taking over 5 months to study for the CISSP, then go with Shon Harris AIO 9th edition. The book will help you grasp the core concepts in a way that you may not forget them years from now.
Additionally, the act of reading is essential to understand the high-level concepts. I talk about the importance of actually reading your CISSP books here:
CISSP Official Study Guide Sybex 9th Edition by Mike Chapple
A high number of those who have passed the exam has said that this book was their primary study guide - and this is exactly the book I most recommend.
You can use the Sybex 9th as your primary study guide, and then use the Shon Harris book as your reference to expand on topics.
It's like the author took a ton of comprehensive notes while reading the Shon Harris book, and turned those notes into the Sybex book. The efficacy is appreciated.
Here's an example: while the Sybex may have the general steps of BCP/DRP planning, the Shon Harris book goes into granular detail on what happens at each step.
While the Sybex CISSP book has a short paragraph on conducting a site survey to fulfill physical security requirements, the Shon Harris 9th Edition book has over 10 pages of information on proper physical security.
As important as it is to understand Kerberos, the Sybex sums up how it works in 2 pages with a simple overview of how tickets and session keys are exchanged. While the Shon Harris 9th Edition goes over Kerberos in full detail that would even help a network security engineer understand the concept.
This is a standard CISSP book that everyone gets to pass the exam.
How To Think Like A Manager For The CISSP Exam by Luke Ahmed
I like to think I wrote a pretty darn good CISSP book as well!
It's also one of the top recommended CISSP books in that link from earlier :) So far it has sold over 7,000 copies worldwide. Pretty cool, huh?
It has been an absolute privilege to help others make their CISSP exam just a bit easier to understand.
"How do you think like a manager?" It is one of the most common questions asked when preparing for the CISSP exam. Using 25 CISSP practice questions with detailed explanations, this book will attempt to answer how to think like a member of a senior management team who has the goal of balancing risk, cost, and most of all, human life. The questions will take you through how to resist thinking from a technical perspective to one that is more holistic of the entire organization. Like all of Study Notes and Theory's CISSP practice questions, these questions correlate multiple high-level security concepts and require thinking like a manager. Extracting the most value comes from understanding not only which choice is correct, but more importantly, why the other choices are wrong.
If you are unable to purchase due to financial hardship or geographic location, then just watch this YouTube video and it should pretty much be the same thing:
For other study resources such as PDF notes, tips, and other strategies please visit the website here:
Do I Need To Take Tons of CISSP Practice Exam Questions?
If you read all the study guides, watched all the videos, and have 8 years experience in the security field, but you don't take any practice exam questions - you will fail the exam. Try to take at least 3,000 to 5,000 practice questions.
You are not taking 5,000 practice questions to see how many you get correct, but rather to see if you truly understand your concepts. I've always suggested that the key is to take as many practice exam questions as possible.
50% of your studies should be books, and 50% should be practice exam questions. To take full advantage of these questions, you should not only try to get the answer right, but also realize why the other answers are wrong.
Here's one more secret: if you take enough practice questions, eventually you start to "see" the pattern. You start to see the code, sort of like Neo while in the Matrix. Sooner or later by the 3,747th question you start to understand how the ISC2 wants you to answer the questions...you start to see what the ISC2 wants you to know.
In reality, there is no CISSP exam. It's just a test to see if you can "see" the concepts of security.
Once you can see "The Matrix" after going over so many quizzes, no question on the exam can fool you. You will get 100% of the questions correct.
Discipline and Dedication
If you need constant motivation and encouragement, the CISSP exam is not for you.
Motivation is for those who have not decided or don't know what they want.
Discipline and dedication are for people who know what they want.
Dedication is sticking to a schedule until you pass the exam. Dedication is waking up at 6AM on your days off and studying until you can't anymore until midnight - then waking up again the next day and doing it all over again.
Motivation is reaching for that alarm clock, turning it off, and going back to sleep.
Motivation is reading inspirational quotes and deciding to act on them...but at a later time.
Motivation is when you need someone else to tell you how to lead your life.
Teach yourself discipline and cultivate it. Motivation is hard to get, you have to wait for it, wait for it to come to you from others.
Dedication and discipline will always be there for you, it is reliable.
Last Advanced-Level Advice for the CISSP Exam
Read books. Watch videos. Take practice questions. Stick to the plan.
Once this is finished, disregard the plan completely and be faithful to only the absolute CISSP concepts.
Thank you. Luke
I offer a CISSP exam training course that has helped thousands pass their exam globally. If interested, please visit The Study Notes and Theory Members Portal.