I glad to share with my own CISSP experience.
If you are doing your job - do it well. That's what I did every day. But every person has a moment in life when it is necessary to change something, otherwise, regression begins. In this period I got the idea to pass the CISSP exam to improve myself.
The English language is not my first or a second language, and I had the only elementary school English education, what I used very rarely in my life. That was the first problem on the way to success. So, my first step was to start learning English. I decided to change my life dramatically, and I left my job. I had to sell my car to find finances for my journey.
How to choose a good English School? Right into the deep end! I prefer the Kaplan International School (Torquay, UK), and studied here for two months. Getting experience with new friends from different countries was terrific. Every day from 9 AM to 4 PM (intensive course) only in English. I lived in the lovely host family and it was an excellent experience in discussing something with native speakers every day. The first step finished at the end of the November in 2017. It was enough to understand some important things for me.
Next step was going to study in Russian education centre of CISSP preparation (5 days intensive course about CISSP and main domains review) with good teacher Kuzma Pashkov (CISSP, CISA, CASP; VCI, AirWatch, DellEMC, MCT, Check Point certified instructor), big respect! From January to end of the March self-preparation. But I got a new obstacle in my way.
First time I read the book with a dictionary (cause a lot of specific words). My first 10 pages of Sybex book I finished for 5 days. It sounds funny now. But, it is my experience... too long path. I passed with the first attempt at 5 of the April and got endorsement confirmation at 5 of the June 2018. My real exam finished with 100 Qs for 150 min.
What I got:
The CISSP changed my imagination about information security itself. Kuzma Pashkov spent often parallels with Russian realities, making me make it even clearer some points. I looked at information security from the other side. I got new professionals friends, and we still discuss some moments. I closed some gaps in my education.
What the next?
CISSP didn't give you in-depth understanding about networks and penetration testing, cause CISSP widely focused. As senior management you will understand how works some protocols, topology, and basic knowledge like OSI reference model, etc. But if you want to understand deeply, look another way to improve this skills.
I found interesting this next steps: technical knowledge of networks - CCNA (or similar), OSCP (to start to understand Linux and penetration tools, exploits and scripts). Repeat CISSP course through CISM (the management focused), CISA (the audit focused), and CCSP (clouds our future).
Thanks to:
On the Internet, you can see a lot of studying material, practice questions, forums, etc. But the best way is discussing. Many thanks to the best CISSP Telegram group in the world with a lot of professionals
And, I would like to say many thanks to my friends - Mr Robot @vabhavpathak, Senior Auditor @gokhan, senior AI @dawoodkevar, friend @akhaaan, senior director @ezraf, my own databases helper and friend @Sandhyachebiyyam, Mr good questions @Hero2k, senior director @madunix, Mr questions monster @puneet, miss @sonaber and friend @anishjohn.
And many thanks for guys who posted Q's and answers, we are not speaking more closely, but this place cooperates us. All guys in this chat became part of my study life. I glad to say this.
Studying hard, think positive (c) @madunix - the path to success.
Preparation materials:
I used Sybex 7th edition as the main source
Shon Harris (old edition but translated into my native language to better understand concepts).
11 hours of CISSP (just structurally walkthrough)
Processing guide (c) @madunix
My notes, that I glad to share by request.
1600 Qs from total tester completed and reviewed, 1300 from Sybex engine (on the Android platform).
Luke's Questions ~150 (too tricky but very useful).
What can I advise for aspirants?
Read questions properly, and try to understand what really asked about. Don't afraid make mistakes, do notes of some critical moments.
Don't afraid to ask about some moment's where you can't find the answer on the Internet. My friends always answer me and answers was completed and helpful. Again - make notes. And main advice - try to explain for yourself - why B is correct here, why not D or C? What may occur if you choose D in this scenario? The first time it is difficult, after some time of preparation it will be automatically. On the real exam, your brain will analyse all answers, and you will make right decisions depended on you preparation experience. Thinking is the way to success.
Don't try to remember answers to questions it wastes your time. Time is too short to memorize answers to each question.
All domains are essential without any exceptions.
All terms may be asked, and it is good cause enforce you to teach all terms and provide understanding. Remember - you have to provide the best service.
How it possible if you don't understand what you do?