top of page

How Andy N. Cracked His CISSP Exam

I passed by CISSP exam and wanted to THANK YOU!

I read most of the “Crack the CISSP” and wanted to add my little contribution.

I did it on the first attempt with 2 months of studying, and took the last week off from work, but I don’t recommend this. I mainly did this because my boss offerred another position for me with the condition that I pass my CISSP. I’m a sucker for carrots on a stick, and I went for it.

I cannot emphasize the working experience factor since my role has changed from a DBA to a sysadmin but with a focus on security for the past 6 months. I’ve morphed myself into a SOC2 analyst and we’re deploying EDR/MDM and I’m the tech lead doing most of the implementation. That experience was GOLDEN on the exam as I kept wondering if they had somehow contacted my boss and asked what we were doing because the questions were very similar to the ones we were dealing with.

My original plan was to use All In One (AIO by Shon Harris), but the publisher has an issue and it would take 2 weeks for me to get the 9th edition, so I opted for the 8th. I blasted through this 1200+ page book in about 3 weeks, spending 4-6 hours a day pounding through the book. This was because SNT recommended if they only had one book, AIO was the one to get. A bad decision on my part was to skip the questions at the end. Don’t do this! Do the questions!

After completing it, I had some doubts and decided to buy the Official Study Guide (OSG) 9th edition.

Comparing both I believe gave me an advantage. Where I didn’t understand a concept in one, I could research in the other, which normally explained it better. There seem to be a balance though, where one didn’t out perform the other.

For example, in AIO they mention the NIST RMF 800-37r1, but nothing to really catch your attention. In OSG, they actually pasted the graphic that comes from the NIST doc, and show the relationship of moving throughout the framework. So get both if you can. To be honest though, I began making notes on the sides of OSG and underlining and being more proactive in my study, rather than cram the info down like I did with AIO, and of course, doing the questions.

What I should have done was buy BOTH 9th editions of OSG/AIO. When AIO was being shipped and taking its time, I could have powered through OSG.

Of course, Think Like A Manager was great for a last review. I did this in my last few days of study along with 11th hour by Eric Conrad. Both are great, but are a bit dated. For example, in TLAM Q14 about tier2 or tier3 firewalls could be removed.

However, Data Owner vs Data Custodian Q3 was a great review.

I didn’t rely too much on videos, unless I felt weak in certain areas, so I didn’t use a lot of videos, except for YouTube’s “Destination Certification”, MindMaps were a great review to get the over all picture. If there are any terms that were mentioned that I didn’t know, I researched it out.

I highly enjoyed SNT videos, although it seems a bit disjointed to do an overall quick review like Destination Certification did. Although it might have made a difference if I were given those great diagrams that SNT used.

Also recommended by SNT, a TON of questions. I don’t really think there’s a magical x number of questions, but getting enough practice questions in you will be a big difference when you get stuck. I must have done about 3,000+ Questions. (or at least it seemed like it)

When you do so many questions you begin to see a pattern on what to look for and key words begin to pop. You’ll know when to slow down and when to speed up and it wont matter what comes up on the exam because you would have seen a version of it during your practice.

During my exam, I could easily knock out 2 answers almost immediately. I believe this was from all those practice questions.

A final word on brain dumps. Don’t bother. At one site there could be 1400+ questions. If you studied all those questions, you risk that NONE of them will be on the exam. If you insist on doing Q&A, then buy the 1000 Practice Questions from OSG. At least you know they’re legitimate and the explanations are worth their weight in gold. If you’re going to spend the time and effort for 1400 questions why not take the legit route and be proud once you passed. I believe I learned more from the explanations than the correct answers.

Again, THANKS Luke for being such a great provider of insight and wisdom.



bottom of page