I passed the CISSP on 1 Oct 2019!
Wow, what a process.
I began semi-formally studying about a year prior off-and-on. I do, however, read about tech and security constantly. I started formally/scheduled studying a couple of months out an hour or two per day. Then the month of Sept I shut everything else down (for the most part) and dedicated all time to studying. I woke up at 4:30 am and studied a couple of hours every morning, then a couple hours at night. Then I took a week off of work two weeks before the test and read through the official study guide cover-to-cover, watched all of Study Notes and Theory videos again, and went through all of Kelly’s class again. I’m not sure of an exact number of hours of studying I got in, but it was certainly north of 200 total over the last year. I got over 100 in Sept.
I have a few years of SaaS Security Leadership experience and some minor on-premise IT/security experience in small offices.
I used a LOT of different tools to prepare:
Study Notes and Theory was invaluable. Luke nails it with attitude of “you need to learn security thoroughly to be a good practitioner, not to pass a test.” I love to learn, especially about all things technology, so that mindset resonated well with me. And, for the exam, it is essential. I’m not sure I would have passed had I just read one book or utilized one resource and tried to “memorize” things that I thought would be on the test. I heard/saw all of the feedback on how practice tests are not anywhere close to the real exam, etc. and it was absolutely on point. I was sure I had failed 30 questions in but ended up passing at 100 questions. I watched all the modules at least twice, a few of them a few times and took copious notes.
Luke’s practice questions are brutal – thankfully! I was so frustrated taking them, I almost threw my computer a couple of times. I did other practice questions (see further down the list) but Luke’s helped me prepare more for the exam from what I experienced. The others were helpful, but easier is not better, for sure.
Study Notes and Theory is absolutely worth the investment.
Kelly Handerhan’s class on Cybrary IT is fantastic, as everyone else mentions. I went through it originally about 6-8 months ago, listened to the audio version again while driving/mowing, then went through it again a couple of weeks out. FR Secure does a free, recorded boot camp which was great.
IT Dojo Question of the Day – fun content and talks through all the answers which is very helpful. Does seem like he has fallen off doing them regularly, but there are 100+ videos to go through.
YouTube:
o Why you will pass – Kelly Handerhan
o Excellent OSI layers and TCP/IP explanations
o Another good OSI layer explanation
o Good RAID explanation
o Another OSI model
o Kerberos
o SDLC
o A bunch of boot camp style videos, I watched a few of them
o Another OSI
o Watch this guy’s videos on switches, OSI models, TCP/IP, SNMP video is great, etc.
o Watch as much of these networking videos as you can
o Hack studying/learning and again
o So so so many more, but just search for what you are struggling with and there are
fantastic resources to help! These were the top ones that were helpful to me.
Books/documents:
o Official CISSP 7 th editions by Chappel (read entire book once, revisited tougher sections)
o Shon Harris 7 th edition (cherry picked parts – Domain 4 heavy use)
o Simple CISSP – Martin (most of it)
o CISSP for Dummies – Miller/Gregory (light use)
o Eleventh Hour CISSP – Conrad (cover to cover a couple of times)
o CISSP Study Guide – Conrad (cover to cover)
o Memory Palace CISSP (like this a lot)
o CISSP Last Minute Review – certmike.com
Practice exams (study all of the answers especially why they are right/wrong):
o Boson practice exams
o Official CISSP practice questions
o Shon Harris practices questions
o IT Cert Prep practice questions
o Quizlet on Android – note cards/questions (actually very helpful!) a few other Android apps I wouldn’t recommend, so not listing them.
Exam Tips:
Everyone says you are going to feel like you are failing it. Yep. Relax, keep going. At 30 questions, I was sure I was done, at 70, I thought why am I still here!? I spent an average of 1 minute on each question. Some were quicker, some longer. I read the question, read the answers, read the question again. Broke the question in parts (in my head), emphasized different areas of the question to see what they were really asking. Looked away, stopped, thought about something else, read the question again. Removed two answers, answered. Read the question again, verified I liked the answer. Almost never changed my initial answer unless I was 100% sure. That is when I would miss most of the questions on the practice tests – when I changed my initial
answer. There was plenty of time to do this process, thankfully, I needed to do this on almost every question.