I posted earlier that I passed the CISSP exam this morning. This is a breakdown of how I prepared. I am struggling to “like” all the well wishes. Thank you.
First, a big Thank You! To my wife and kids. They gave me time to study. And put up with me as I developed “exam-head.” Not necessarily pleasant to be around. For those of us with families, they are part of the process. Their support is essential.
I put the course and my preparation on the level of passing a Graduate-level course with an A. Along with the CISSP, I have also gained these certs:
GIAC Information Security Professional (GISP) Security+ SYO-601 (laid off in December, I wanted this on my resume)
My test ended at 100 questions.
I walked in the door, then out the door of the testing center in less than two hours (including check-in, check-out, and a break).
I want to say this very carefully: I did not find the exam particularly difficult. I was afraid I was messing up because things were not as tricky or obtuse as I expected.
I did not do well because I am smart. I did not do well because I am clever.
Along with a little luck, I did well because I was well taught well and was able to prepare. At the end of this is a list of tools I used, along with background that helped me.
Also, I know some of us have a harder time with this than others. There are a variety of reasons. This is not a moral failure. It does not mean some of us are dumb. We have various strengths and weakness in learning. I was in my early 30s before I learned how to study. I have also found that other people (my family) do not like to be around me when I study. And they especially do not like to be around me as I get close to an exam date. That is a huge weakness in me.
I began with the SANS MGT414 six-day course by David Miller. The stated purpose of the course is to pass the CISSP. Unlike many courses, the instructors offer to be available after the course to answer questions and assist with study.
Included was the audio of the class, that could be listened to afterward. Additionally, I was provided with the audio of Eric Conrad teaching the course and a paper exam.
Others who have taken the course have observed that I put in additional time and effort they did not (they passed the exam).
After taking the course, I 1) typed meticulous notes from the study material 2) listened to the lectures again.
After that, I started on practice tests. I took a total of 3,446 practice questions geared specifically for the CISSP exam, along with some number of free practice tests, and 480 practice questions of Security+.
I split my time between practice tests, and reading. I alternated between reading my SANS textbooks, The Memory Palace, and The Sunflower.
I paid for Study Notes and Theory to access the test bank.
Note: Anyone who is using material on Study Notes and Theory, I urge you to pay for at least one month. Even if you only access the free material. This is a valuable resource and we should help keep it going.
The week leading up to the exam, I did 150 questions in the morning, timed. I found Luke’s questions to be much more difficult than the actual exam. I do not agree with all of Luke’s conclusions. But when I did disagree, I wrote a short paragraph to myself of why I was right and he was wrong. Sometimes I would realize I was wrong. Other times I would dig through my material and be satisfied with my answer. But it involved digging in and understanding the material. Then applying it.
In my background, I went in to this with GIAC Security Essentials Certification (GSEC) certification (SANS SEC401: Security Essentials Bootcamp Style) and completion of the Institute For CIO Excellence course.
SEC401 gave me a solid background. Deeper, and not as broad as the CISSP course, but a lot of overlap.
The Institute For CIO Excellence is part MBA/Part technical. The core concept is Business Alignment of IT. When IT is done right, it increase Revenue, decreases Expenses, and lowers Risk. So I went into the CISSP course with the mindset that the Business is the highest goal of IT.
Finally, a big Thank You! to Luke, for his site and this Facebook group. All of you have been a help, an inspiration, a lesson, a resource, and a community. Thank you.
Materials
MGT414: SANS Training Program for CISSP Certification (six-day course)
Materials written by Eric Cole, Eric Conrad, Seth Misenar
(2 online practice tests | 250 questions each)
(1 test | 250 questions)
(1 paper exam, per instructor | 340 questions)
https://www.sans.org/.../sans-plus-s-training-program.../
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests 2nd Edition (online test bank | 1306 questions) ISBN-13: 978-1119475927 https://smile.amazon.com/.../ref=ppx_yo_dt_b_asin_title...
How To Think Like A Manager for the CISSP Exam (paper questions | 25 questions) https://smile.amazon.com/.../ref=ppx_yo_dt_b_asin_title...
CISSP For Dummies, 6th Edition (online test bank | 300 questions | includes drag-and-drops) ISBN-13: 978-1119505815 https://smile.amazon.com/CISS.../dp/111950581X/ref=sr_1_5...
Study Notes and Theory – 1 month paid
(online test bank | 725 questions)
NIST Special Publication 800-53A Revision 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations
Other
Jason Dion CompTIA Security+ (SY0-601) Practice Questions (12/2020) (online test bank | 480 questions) https://www.udemy.com/course/securityplus/
SEC401: Security Essentials Bootcamp Style (06/2019) https://www.sans.org/.../security-essentials-bootcamp-style/
Institute For CIO Excellence http://cioexcellence.com