top of page

How Anil Cracked His CISSP Exam


Though I have just provisionally passed the exam in the month of Dec ‘21, I will try to

summarize the roller coaster of emotions I went through from booking the examination to

walking out of the exam center like I have just defeated the final boss!


Note: This is just my experience of the CISSP journey and may not be applicable to everyone.


Have also mentioned Do’s and Don'ts for the exam that I personally went through. There is a

“resources” section at the end for people who love TLDR; (like me:))


My background:

I have a Master's degree in Information Management with minors in Information Security

Management. Worked in the SOC for a year (part time) and have been working full-time in the cybersecurity industry for almost 3.5 years now. I took the security+ certification as well (almost3 years back)


How did I approach the certification (in RMF style): 4-5 months

1. Prepared my mindset for the certification while knowing the goal: “Reduce the risk of

failure”


2. Categorized all the available resources - mentors, forums, videos, books, social media

groups, boot camps, official, paid, free, etc. It was daunting and I had the fear of missing

out on important resources (FOMO). Therefore, I looked at some forums (Reddit,

Discord - Certification Destination) and other people's experiences (like on Luke’s page)

and narrowed it down to common ones. I have shared below all the actual resources I

used.


3. Selected which CISSP resource I should consume first; based on my style of learning

and moved to the next one. I learn by writing. I took handwritten notes from all the

resources I consumed (Sybex, Luke’s, Thor’s) and scanned them (I used rocketbook as

it is efficient and reusable). This really helped me in the last two weeks.


4. Implemented a routine to include studying for the exam every single day. I started with

30 mins - 1 hour/day in July ‘21, 2 hours in Aug & Sep’21, 3 hours in Oct ‘21 and 4-5

hours in Nov ‘21. I had taken 2 weeks off before the exam (but still couldn’t read more

than 6 hours/day).


5. Assessed my progress by answering questions at the end of each Sybex chapter. Took

my first full assessment in the month of Oct ‘21, flagged the questions which were

incorrect or I didn’t understand. This helped me to understand my weak domains and I

redid only the flagged question during the last few weeks.


6. Authorize and Monitor - This is where all the support comes into picture: my family,

friends, mentors, social media groups, my work boss, peers, etc. They were really key in

the success.


How did I approach learning the materials? Which resources did I use?

1. I like audio/visual type learning rather than reading but I can’t retain information unless it

is hands-on. Therefore, “handwritten notes” for the win :)


2. I decided to start with the FRSecure free CISSP Mentor program free YouTube videos

and took light notes. This was more casual as I just wanted to gauge strength and

weakness.


3. Sybex OSG (read, write, repeat):

a. Read each chapter and highlight important points while taking down notes. At the

end of each chapter, I will just glance at my notes and answer the questions that

followed.

b. I read the OSG again, 2 months before the exam and took notes that I thought

were missed previously. This time it was faster as I was focusing more on the

highlighted ones. This helped me create an abstract view of the concepts. For

example - I was able to visualize why/how SLIP,PPP,EAP,802.1x,etc. (this was

confusing to me at first).


4. Luke’s SNT

a. I was amazed with Luke’s style of presenting a concept. I watched the relevant

videos where I thought I was weak. I didn’t take notes because it was so well

explained :)


5. Thor Pedersen

a. I watched his video with 1.75x speed and took notes for new

concepts/information which was missing in OSG.


6. I referred Destination Certification mind map video and Prasant Mohan’s mind map in

the last 2 weeks


7. Most importantly I looked at my handwritten notes twice in the last few days and Kelly’s

Why you will pass the CISSP


How did I assess myself? Which test engines did I use?

1. OSG Chapters and Practice Test online

a. If you buy the Sybex OSG and practice test book, you would get the online

version of questions as well. This was useful, because it allowed me to flag

questions and keep a track of time. My average score at the end was around

85%


b. The questions were not too hard but good to gauge how much you know, with a

good mix of objective and subjective ones.


2. Luke’s SNT questions and How to Think like a Manager

a. Boy oh boy! This was the toughest but in a good way. It made me think out of the

box and changed my perspective on how to approach this exam. Not objectively

but subjectively. My average score was around 60-70% on a good day.


b. The questions were hard but I learnt how to approach it. What I should keep in

mind before deciding the correct option.


c. Luke’s book is amazing, and I would rate it 10/10!


3. Prabh’s Coffee Shots on YouTube

a. Amazing content and coffee shots where he explains concepts with his coffee

shots. The snacks at the end were vital as it provided a summary :D


4. Thor’s Question

a. I had done all Mid/Easy questions (avg. around 85%) and Hard questions (avg. 60%).


b. Mid/easy questions were objective and easy. Hard questions were really hard

and few of them were not in OSG which is why I struggled but a good source to

gauge your weak domains.


5. Adam Gordon’s free Twitter questions

a. I took almost 250 question by manually searching his twitter feed (I wrote a small

automation to copy and paste as I was bored but it was not efficient)

b. Good collection of questions ranging from easy/mid.


6. Pocket Prep questions on mobile

a. Easily accessible and questions were easy/mid. Helped me in remembering

topics but not understanding the concepts.


7. Wentz Wu

a. I was introduced to Wentz Wu a bit late in my journey and had a chance to look

at only 50 questions from his QOTD. Hard questions for sure but good

explanations.


Resources at a glance:

1. Learning:

a. FRSecure free CISSP Mentor program

c. Thor Pederson

d. Destination Certification

e. Prasant Mohan Mind maps


2. Tests:

b. Luke’s SNT

d. Thor’s Pederson Easy/Mid/Hard. I didn’t do the Domain wise questions

e. Adam Gordon’s free Twitter questions

f. Pocket Prep on Mobile

My thoughts on the exam:

The questions were not technical but it won’t be similar with any test engines out there. It will

test the concepts. I had a few questions where even after applying all the concepts (think like a manger, Cost efficiency, Accreditation, etc.) it was difficult to narrow down and I went with my guts. Trust your preparation and just go for it.


Do’s & Don’ts

1. There are no shortcuts to this exam (there are always exceptions!!). The resource to

cover is vast but a routine will help you overcome this. Make sure to read everyday even

for a few minutes/hours. Keep the momentum.


2. Keep your inner peace and don’t let it consume you in the end. I had many burnouts and

felt like I can’t do this anymore. I switched to something fun and let my mind relax. After

that, I resumed my studying or instead I practiced questions.


3. Trust your preparation. If you think you have given it all, believe in yourself. Don’t get

swayed away by how others prepare and take those as just a reference and tailor it

according to your style.


4. Change the perspective while answering questions. I won’t expand on this much as

there are way too many tips on this.


All the best!!



Comments


bottom of page