After the last 3 months of really stepping up my study game, I can finally say I’m provisionally CISSP certified!
Seeing those words 'Congratulations' printed on your results paper, makes all those long nights and weekends immersing yourself in CISSP concepts worth it.
But before picking up any CISSP study guide or attempting practice questions, I asked myself a few high level questions:
What is the real reason I am taking this certification?
For some the answer may be money, promotion into a more senior / management role, but for me it was gaining the knowledge of what a true security professional must to know to become a true professional. Security is a journey not a destination and my hunger for further advanced within this area will not stop at this certification, this is just the start.
What is my overall motivation and why?
This is something you need to remind yourself of, over and over throughout your study. There will be times when picking up the Sybex, AIO, or watching videos, and something does not click or make sense. Or when you are taking a practice test, and you not making the mark. Just remember why you started and who you are doing this for.
How can I be effective in my study strategy?
It is important to know how you learn and retain information. For me, I broke my study into 20 minute chunks, and took a 5 minute break in between to walk around and let what I had just learnt sink in. It is vital that you use a multiple sources (books, videos, Wiki) to get a very good view CISSP concepts in various ways. I also recommend teaching and clearly explaining to others or yourself on the area you have just learnt. This will truly solidify the information into your long term memory and prove you have understood the concept.
Main Study Resources
Study Notes and Theory – Luke Ahmed is truly not just a great trainer, but virtual mentor too. His videos are some of the best I have seen for clearly explaining in depth concepts, and his practice questions will seriously test your knowledge. He will also provide vital information on how to truly answer CISSP style questions, focusing on key words such as ‘the best, the least and the most’. Each one these meaning will change what you originally thought was the answer to something completely different. Number 1 study resource for sure!!
Sybex 8th Edition – My number one resource. Although quite lengthy, this provided just the right amount of detail in all areas needed for the exam. My aim was to at least complete one domain per week, with enough time for revision, flashcards and practice questions.
Prashant Mohan CISSP Memory Palace – An amazing document that formed the blueprint for my hand written notes when reading the
Sybex book. Big thanks to Prashant for providing this resource to the Study Notes and Theory platform.
CISSP 11th Hour (3rd Edition) – Clear and concise, and really reinforces the knowledge gained from the Sybex book.
The Knowledge Academy CISSP Video training - Provided a good foundation on the CISSP domains
Wiki – For CISSP topics I wanted to delve deeper on (Common Criteria, Secure Software Development and a few others)
Sunflower Notes – Easy to see why this is also another popular CISSP study resource before you take your exam. Simple and to the point.
Mike Chapple CISSP Last Minute Review Guide – Not seen this mentioned on this forum too many times, but this was an amazing resource to use the day before and the day of my exam.
Practice Questions – I highly recommend the following mobile apps to supplement your learning, PocketPrep and The official ISC2 Study and Practice apps. I also utilized the McGraw and Boson test simulation engine and of course Luke’s SNT practice tests (A to S).
I would recommend to others pursuing this certification :
- Practice, Practice, Practice – Practice questions are the only way to truly know which domains you need to improve on.
- Immerse yourself in CISSP concepts, they are around you everyday, in films, at work. Start to relate these concepts to real working situations.
- When taking the exam always think high-level, think a true security consultant.
- Always read the question, and understand what it is that is being asked of you.
- Fix the process, document everything.