top of page

How Demeter Cracked His CISSP Exam

Hi Luke,

Just to share my learning experience with the community:

Hi there, I just wanted to quickly share with you my experience with the CISSP exam and how I got there.

I’m a security analyst with many years experience in system administration as well. I had quite a bit of

practical experience, but the CISSP was still heavy for my brain.

About my learning experience:

First it seemed to me like an impossible task to learn so much material, as the CISSP.

I’m not a fan of memorizing, and sitting long hours over a book. I needed a strategy that would work for me a keep me going.

Right in the beginning I set the exact date for the exam for October. I decided to go for the exam on that day, no matter what.

This was important, without a deadline it is very difficult to accomplish anything.

I purchased the CISSP Official Study Guide 7th Edition in March. This was the book that most people recommended, and it had the shortest and most logical chapters and best value for me, offering a free PDF version,

chapter tests a 4 full tests online. The structure of the book was just right for me.

I prepared a study schedule in Excel, and wrote down where I need to be with my studies each month and each week.

This was necessary for me to see how much needs to be covered weekly, otherwise I would not start studying that early.

Sure, I could not exactly keep all that I wrote in the plan, many life events were happening in the following 6 months,

but I was still advancing more or less according to the plan.

After reading the book for the first time, I started preparing a Summary for each chapter, everything that I though was essential.

The basis for my notes was the “Exam Essentials” chapters in the book. After preparing notes for a chapter, I committed it to memory. Then I did several domain tests using

I created custom tests of 50 questions for each domain, until I passed the test with at least 80%. Then the same for the next domain, etc. After having passed each domain test, I went for full tests. Here I used the Sybex testbanks, Elsevier free practice exams, and McGraw-Hill free practice exams. After each full prep exam I took notes of all topics that I was not sure about, and extended my notes with a research on those topics. I ended up with six “lessons learned” documents from the six full prep exams.

I committed to memory all the lessons I learned from the prep exams.

On the last week before the exam I read Eric Conrad’s Eleventh Hour CISSP. This is a great book for quickly going through all he important principles one more time before the exam. It provided a complete “memory refresh” for my mind! I always read the pdf version on a big screen and use a highlighter tool for visual highlighting of key words.

On the day of the exam I went there much earlier than expected and read some notes on topics that I knew would hard

for me to recall (like protocols on each OSI layer).

About the exam:

I had a good breakfast, because I knew that will give me an energy level for the whole exam. All I could eat during the

exam was an energy bar and a yogurt. I was so stressed and focused, that I could not eat anything else.

Another tip for energy management: I took a break of 10 minutes after answering each 50 questions. That was a total of

4 breaks, which helped my mind to recover. I was still exhausted in the end, but not deadly… I believe this saved me energy

for the last 1 hour which was the most exhausting time.

The key is to read every sentence and answer 2-3 times before making a decision. The sentences tend to be tricky

and misleading! They deliberately are not consistently using the terms of the Study Guide. Many times they

use synonyms of key terms, which can be misleading. Always think about the MEANING, instead of a familiar term.

All acronyms are written out as complete expressions on the real exam. That’s good news!

I was happy to experience, that the material covered in the Study Guide was actually sufficient as far as key terms, definitions and principles are concerned.

But the exam went much further than just asking for those, there were plenty of questions actually geared toward real life experiences.

I would not have been able to answer those without many years experience as a system administrator and as a security analyst.

Final note: Don’t panic. After the first 100 questions I felt I’m doing well. After the second 100 questions I felt I’m doing miserably. In the end I had no idea

how I was doing during the exam, I was just happy it was over. I still read all questions carefully, which was very important.

Then I got the paper saying that I actually passed! Joy and relief….

I wish you all a great learning experience and success on the exam!

Best regards,

Balázs Demeter


bottom of page