Concepts. Concepts. Concepts.
Heyy guys! I recently cleared my CISSP exam, fortunately in my maiden attempt. Here is how I went about it. Hopefully, it will be helpful for all those aspiring to become CISSP certified. I have tried to answer all the queries I received, in this article. I apologize I couldn’t answer them sooner, as I am travelling right now. Request you to send me any further queries in the comment section of this post, and I will surely get back.
Last year after September, I decided I wanted to become CISSP certified. But time flew with numerous engagements keeping me busy, and 2016 went by.
Beginning 2017, I was determined that I would at least give the exam ones, irrespective of the result, in the next three months. Waiting and not knowing was more disturbing. I gave myself a deadline of three months, and began preparing.
Before I move ahead, I just want to give a general disclaimer that this process worked for me, but might or might not for others. Please take input and create what works best for you. If it is this way, then go for it.
Here is some background about me. I hold a Bachelor of Engineering Degree in Computers, and have been working in information security domain for more than 6.5 years. So, the concepts and terms weren't alien to me, but the wide range of topics was overwhelming. Like they say, CISSP is a mile wide and an inch deep.
Every problem HAS a solution. Write down your goal and what you think are the challenges in achieving it. Then find the solution. Thankfully, this forum is a great platform, and we have a lot of help here.
1. The wide range of topics, ever increasing.
2. To be able to recollect and apply the concepts learnt in limited time, during the exam.
3. To be able to sit in one spot for six hours, keep my attention and deliver.
1. Instead of looking at the destination and thinking "O my goodness! how much I have to do still!", I made and celebrated smaller sub-goals (Like one domain or one chapter or even one topic when the domain is too big, example - Cryptography). Helps in keeping a positive mindset.
2. Clear concepts & Revise. I can't emphasize on this enough! Understand, you will be able to answer the questions ONLY IF YOUR CONCEPTS ARE CLEAR.
So, don't look at the book and concepts like a burden. Look at them like important things to know and understand, because they would enable you to do a good job later. It's like learning alphabets, so that you can form sentences. Ones you understand the concepts, you need to recall them quickly during exam. Revision helps in consolidating the learning.
3. Sitting in one place throughout my preparation. Again, something that builds with time and practice.
The Study Process:
Step 1: Decide upon a time limit.
I decided I would give my exam in 3 months. Even if you are starting from nothing, are a person from non-cybersecurity background, I would strongly recommend you give yourself a deadline. If you don't, there is a higher possibility of slacking.
Step 2: Freeze the study material.
I studied primarily from two sources - Cybrary, and Sybex. I focused on only these two sources initially, and didn't look at anything else, NO MATTER HOW TEMPTING. My strategy was to ensure that I knew and understood the basic concepts, and how they are used in real world scenario. If you don't do this step right in the beginning, there is a possibility that you get lost in a sea of study material, and really don't move towards the finish line. You can always refer more ones you have completed one.
Step 3: Videos or reading material?
Identify if, videos or reading material, which is more effective for you. In my case I learn quickly when I watch videos (probably a more visual learner), and thus I went through the Kelly Henderson (Cybrary CISSP videos) first. Ones I finished a domain, I would then go on to reading the same domain from Sybex. This made the reading process faster because I knew and understood the basic concepts. I would then solve the Sybex questions at the end of the chapter.
Step 4: Make notes & draw.
Do it while you are watching the videos and while you are reading the book. Making notes and drawing diagrams, helps in creating mental links.
Step 5: Power through.
If you feel like you are stuck in a topic for too long, them mark the page and move on to the next. Don't waste valuable time. Remember the 80/20 rule for the first iteration.
Step 6: Revise.
Do this as many times as possible before the final exam. I my case, any concept which was not clear in my head after the first iteration, I would look up for YouTube videos about it. This helped me in clearing concept and saving time.
Step 7: Miscellaneous.
Ok so here are things I try to do on a regular basis which sort of help me stay up to date - Read up on cybersecurity news, articles, and research papers.
Step 8: Positive mind set. (MOST IMPORTANT)
- Tell yourself, every day, that you will do it! Clear the exam! Get the certification! It seems stupid initially, and you don't say it with as much conviction, but overtime it helps. :)
- Had a bad day, with not a single word in? No problem. Do it the next day. Understand, beating yourself about it will not boost your moral. And you need your moral to be up.
- If you need it, take a break of 2-3 days to just refresh your brain.
I wish you all, ALL THE BEST!!! For your preparation and exam.
Please enjoy the journey, and you will surely reach your destination.