Thought I’d share some of my top tips for passing the CISSP exam.
#5 Read and Relate
“I don’t understand, I read the Shon Harris book 3 times! How did I fail the exam?”
You read The Odyssey.
You read The Old Man and The Sea.
You read To Kill A Mockingbird.
You don’t read a CISSP study guide. You must relate and understand a CISSP study guide.
Software Development Security was my weakest domain. I’d turn my computer speakers up, and listen to a 2-hour video about Software Development Security on YouTube or CBT Nuggets. Then, I’d proceed to forget everything in three days. I don’t create software for a living, which is why I had a tough time relating the Software Development Life Cycle (SDLC) to the real world.
But I did work in network security for a living. A job in which I applied cryptography concepts into action through the use of VPNs and SSH every single day. This is why cryptography became my strongest domain, I had the ability to relate what I read in CISSP study guides. I’d read about symmetric and asymmetric encryption, and then apply it for customer devices and environments. It was awesome.
In an effort to increase my knowledge about the SDLC though, I Googled and YouTubed all I could. I’d Google things like “iphone software development process”, or “SDLC process used by Facebook”. I’d read about these real world examples to better relate it to the CISSP books.
I found out too late that the CISSP is actually not a memorization test, it’s a test of concepts. Keep that in mind as you study!
“I tried to make the game perfection” – Michael Jordan
How do you get good at something? You have to keep doing it over and over again. If you want to be a good basketball player, you gotta put in hours shooting in the gym, learning how to dribble tighter, run faster, and shoot more accurately. Michael Jordan obsessed over the game, and went on to become a basketball legend, and accumulate an estimated net worth of $1 BILLION!
Michael Jordan was the totality of all his training.
I remember obsessing so much over the CISSP that sometimes I neglected my friends, family, and general hygiene. When obsessing, it’s hard to let go. While driving, going to sleep, or eating, my obsessive subconscious would still think of a problem, and continue to work on it.
Obsession can be dangerous mentally, but with proper control, it can be an effective productivity tool.
Luckily, you can start the obsession phase 2 months before you take the actual exam. This is the time to sleep, breathe, and eat CISSP. Just study it everyday right up until the exam so everything stays fresh in your brain.
Not type. Not email. Not text.
Pencil and paper.
Read about vulnerability testing, and then draw out a network topology map and place the firewalls, IPS, IDS, and servers where they should belong.
Read about system ring architecture, and actually sketch the proper and secure path for a system process.
Read about the OSI Model and actually draw out how a packet starts at the application layer on Host A, and travels up the layer to Host B.
Let the information you read, flow from your brain, through your arms, and to the tip of your pencil. When you get a question about a packet having issues at the network layer on the exam, your brain will recall back to your hand motion of writing about it on a piece of paper.
#2 Trust Yourself
Before actually taking the exam, all I heard was that the CISSP was an incredibly tough exam. It was supposed to be 250 questions and 6 hours of total mess-with-your-mind torture.
This is true. But I’m here to tell you that it is a completely passable exam! It’s not that difficult. The only way to do it is to follow the same formula as everyone else who has passed. Get some real life security experience, study the Shon Harris books, take an ungodly amount of practice exam questions, and mentally prepare yourself to sit in an exam room for a prolonged period of time while being mentally tested.
After completing about 180 questions during the exam, I actually started to feel fairly confident that I will pass. Before taking the exam, I felt 60% confident that I’d pass, even though I studied for 10 months. It is only after passing, that I realized I should’ve trusted myself 100%.
I’m trying to boost your confidence now, and not after the exam. If you study well, you will be a CISSP. It is not that difficult.
If you understand the concepts, and can truly see the big picture as it relates to information security, and have done your best to study for the exam, then trust yourself. You will pass.
#1 Don’t Give Up
The alarm rings at 8:00 a.m., but it’s your day off.
You came home from a tough week of work, spent time with your family trying to hide your exhaustion, then finally collapsing into bed.
An army of sleep deprived cells are begging you to hit the snooze button and stay in bed. They’re saying you worked hard all week, you deserve some extra sleep. You deserve some freakin’ rest.
Then your brains reminds you that it was you, that set that alarm right before collapsing onto bed the previous night. You still have an exam to take in 5 weeks. You may have failed it the first time, but you’re definitely not going to fail it the second time. You still have to read more about TCSEC and Spanning Tree Protocol. You still need to nail down all the steps in a forensic investigation process.
I can tell you not to give up a million times. I can tell you that dedicating yourself to study for the CISSP is the only way to pass the first time, but it’s ultimately your decision.
Don’t give up.