Okay.. So as promised.. Here is my CISSP Journey.
At the outset, I’d like to give a heads up that it’s verbose and full of drama 😉 but I would advise every serious candidate to read it over and over again – especially the ones who feel they are not capable of cracking the exam. If I can do it, anybody can do it.
The exam is difficult to crack, but not impossible – even if you don’t have hands on experience with a few concepts. I vividly remember getting jitters whenever I saw any ‘technical’ question. DO NOT WORRY, it is all possible.
Here are the resources I referred to for preparation (I do have a separate section for networking related prep). I will write my exact study strategy in a following section.
1. Sybex CISSP (ISC2) Official study guide (7e):https://www.amazon.com/Certified-Information-…/…/ref=sr_1_1…
2. Shon Harris All in One Exam Guide (6e):https://www.amazon.com/CISSP-All—One-Exam-G…/…/ref=sr_1_2…
3. Cybrary IT CISSP Training: https://www.cybrary.it/course/cissp/
* Videos by Eli the computer guy: https://www.youtube.com/watch…
* Cybrary IT Network + (Anthony Harris):https://www.cybrary.it/course/comptia-network-plus/
* Random videos on youtube for almost anything I couldn’t understand
* Sybex CISSP (Chapter questions): 1400+
* Shon Harris (Chapter questions): ~350
* CISSP Official Study Guide CBK (Chapter questions): 200
* McGraw Hill : ~900 questions
* CCCure Question Bank: ~1000 questions
>>> Approximately practiced 4000 questions
Study Strategy (Approx. 5 months)
Step 1: Understand the breath and depth of the course: Without reading any book first, I watched Kelly Handerhan’s course end-to-end. It gave me an idea of what I should be prepared for. It is probably the best course ever – take her words very, very seriously. If she says a particular concept is important, chisel it in your head. If she says a particular concept isn’t worth much fretting about, put in less effort but study it well enough to understand what it is, how it works in a security environment, what are its vulnerabilities, or why it’s preferred over something else. Do not spend more than a week on completing the course.
Step 2: Pick a book. Be loyal. Read it end-to-end. Do NOT skip any pages: Like most people, I’d always think it’d be nice if there was just one book that I could study end-to-end to clear the exam. The answer is “Yes, there is one book – ANY BOOK.” All the authors out there are very knowledgeable people who have put in years of research and study into their “copyrighted” works. The answer you must seek is which author’s style suits you best. To get an idea about that, just pick a random topic – Kerberos, for example – and read it from all the options available. Whichever option suits you best, read it. But be advised, the universe judges your loyalty.
There is no harm, only benefit actually, in referring to multiple sources for enhancing your personal knowledge, but always always always have that one book that you read cover-to-cover. I’ll be honest – YOU WILL GET CONFUSED WITH THE MOST BASIC CONCEPTS ON THE ACTUAL TEST. Remember that. I did. The tough concepts will be easy to answer, because you will have already spent so much time on practicing and memorizing them. it’s the easy concepts that we tend to neglect that take revenge on us in the exam. Do not be a victim of them, show them their place – learn them, practice them, and slay them in the test. For me, it was the Sybex Guide (7e). I read it cover-to-cover twice. Yes twice. I am not a sharp person, so I had to re-read everything to retain it in my head.
Taking down notes also helps. But don’t just copy. Understand a concept – do not rote learn it – and then write it down in your own words. Use diagrams if that’s helpful. The Shon harris book was too verbose for me. It explains everything really well though, but I only referred to it mainly for BCP, DRP, Networking, and a few concepts here and there. all in all, I’d say I ready maybe 50-60% of it thoroughly. But Sybex was and will always be my first love. I was loyal to it. Give this 2 months of unflinching focus! More than that is NOT needed and it is manageable even if you’re working 60 hours a week.
Step 3: Assess yourself, Identify your weak areas, and make them your strength: For me, it was networking and networking ONLY. Maybe because some concepts I had already worked on while I was writing the CISA exam, but that’s a separate story. For all I know, the only “networking” experience I had was connecting a LAN cable to my laptop – that’s it. That was the only hand’s on experience I had with networking. Rest everything was theoretical knowledge.
Now that is NOT A GOOD THING – most people will tell you that. But I believe that if you want to really learn it and understand it, there is enough material out there to help you do just that. Watch the videos by Eli the computer guy. Many things are much beyond the scope of the test.
But hey, we’re budding security professionals and it is expected of us to know what we’re talking about. So I watched every single video. I know it sounds silly, but I promise you when you read a concept which may remotely be related to something he talked about, you’ll see all the dots connecting. Eli actually shows you each component in a tangible form and explains it – the only switch I knew was the one in my room. But he shows an actual switch in his video and explains how it works. Very interesting to watch.
The Security + course on networking is AWESOME. I recommend it for everyone. That may also seem a little out-of-scope for the test. But trust me, if networking is not your strength area, you MUST watch it. It is probably gonna change your life for good. Maybe even activate the dormant, kick-ass networking gene in your body! Give this one month – you can also revisit your weak areas and strengthen your concepts.
Step 4: Test yourself with questions: The numbers you get on the tests do not matter. they do actually, but only for changing your strategy. They do NOT determine whether you can pass the test (Actually, you might just clear the test if you’re consistently scoring high on all of them, but that’s for the smart people. Not for average ones like me. haha).
Be honest and take the tests. Practice makes a man perfect and that’s it. It is, at the end of the day, a test that you must pass. So getting in the mode of actually sitting in a spot and analyzing one question after another – on and on and on and on. If you’re not scoring high in a particular section, don’t worry. It only means you need to go back to that book of yours, and re-read it. Simple.
It does not mean you can never understand it. Steps are simple: Take test (section wise) —> Identify weakness —> Revisit concept from book —> Take test again —> Celebrate, because you are now a master of the concept. Do this for a month
Step 5: Re-read that book of yours: Read the book cover-to-cover again (any book of your choice), but this time you’re allowed to actually skim through a few concepts that you’ve already mastered int he past 4 months. If you’re reading chapters on weekdays, do questions on weekends. The idea is to have a coherent story that starts from Risk Management and goes all the way to Software Development security fresh in your head.
Step 6: Take the test. Ace it. And Celebrate! Simple 🙂
Personal and Test taking advice
* Watch motivational videos: There are many on youtube. Watch them over and over again until you’re pumped up to start studying again
* Exercise: Do anything, but it’s very important. Helps you focus better
* Enjoy: CISSP is probably the most difficult thing ever! (At least let’s just think it is. haha). So you ought to celebrate to rejuvenate. You are all spartan warriors, fighting day in day out with difficult concepts so go out with friends, or your loved ones, or your girlfriend(s) at least once a week. The exam will take most of your everything, but do not let it overwhelm you. This is just a taste of how life is going to be if you really want to make it big. Success does NOT come easy. It takes blood, sweat, and the heart of a champion to succeed. Each and every one of you on this group is a champ! Believe it. Live it.
* Understand everything: Your understanding of concepts should be such that you should be able to explain it to a lay person. This is how it’s gonna be if you’re a CISSP. You will, more often than not, have to deal with people who have NO IDEA about the technical jargons you’re referring to. They key is that you must know all of it, but you should also be able to simplify it and explain it. If you can do that really well, I am confident you’ll do really well on the test. That’s the kind of mind-set you need to answer the questions.
* Positive affirmation is very helpful: Just tell yourself how amazing you are. How you will change the world. You’re amazing. The CISSP credential will play a key role in your career. Believe it. Feel it. Just feel the positivity around you. Do not even think of failing – it’s a negative emotion and hard to overcome. Just think of the things you’ll do after you nail the test. Think of that picture you’ll post on the group. Believe that it will happen, work hard to achieve it, and then see how the universe reciprocates 🙂
In the end, I would like to thank you all for everything. This group is AWESOME not only because we’re enhancing each other’s knowledge, but also because we’re actually making our ‘usual’ Facebook time more productive. For all the Facebook addicts out there, like me who have to just login and waste time, it is actually a boon. Most of my notifications are now questions or posts on the group, and it is something I look forward to. It’s fun and the takeaway is priceless!
Hope it was a fun read.
I’m available here if you want to reach out to me.
Over and Out! 😀