How Saqib Cracked His CISSP Exam
I passed the CISSP a few days ago Alhumdulilah, and for a few days disconnected from everything and took a well needed break.
A big thanks goes to the Study Notes and Theory CISSP Facebook group and Luke.
I remember when I started off and joined when this was a group of a few members, I am amazed at how much we have grown and achieved together over the last few years.
Started with SNT membership and started to get the feel of the domains , used Kelly's videos on Cybrary. Read Eric Conrad's Study guide to get further familiar with concepts. Read Sybex study guide front to back 3 times, attempted each end of chapter questions after reading and went back to clear concepts. I however did not use the AIO. Sometimes I used to consult the official CBK on topics that I wanted some different wording on a concept to be able to better understand.
Last week before exam : Quick revision, read 11th hour
One day before the exam: Reviewed the mind maps and the end of chapter exam essentials in the Sybex guide to see if I need a quick revision over anything.
Exam Tips : Always think like a manager unless the answer specifically asks a technical question .
If the question isn't specifically asking for either of the CIA triad, the answer should be more encompassing and broad answer that addresses CIA as a whole (as that is what security is about) ,rather than just addressing the CIA triad partially. This helped a lot in the process of elimination. Elimination is very important as it then allows you to focus on between 2 answers which is the best , and puts you under less stress.
Always think like a manager , think like a risk adviser, think about business justification , think about human life, think about cost benefit: keep saying that to yourself after reading each question.
You are never ready, I should have done this at least 1 year ago but always put it off thinking I wasn't ready. Started with the 7th edition and then the 8th edition came out. That's why its always a good idea to book the exam 2,3 months away and work up to it. Once I did that, I cut off all extra activities: tv, social outings and got focused on the exam with a schedule working up to the date I had booked. The night before the exam I had already convinced myself that if I fail i will try again.
Know the differences between the sub-concepts explained in the Sybex Guide. If there are multiple types of anything, make sure you know key differences, this is better than memorizing. For example between poly instantiation and polymorphism , referential entity semantic integrity, soc reports 1 2 3 type 1 type 2 (which is used where), certification accreditation (who performs each of these), different types of testing, black white, open closed source, know the difference in your SDLC stages, BCP stages, incident response stages and others in the book.
Leading from the above point, often , and very often you would come across a question that tests you if you know the difference between different types of sub-concepts and their unique use in a given scenario , and if you know the key points (and differences , pros and cons) of each you can easily select the right answer.
If you have read the Sybex 8th edition front to back, that is enough for the exam.... but passing the exam, that depends on the next part:
Practice questions : I did around 5000+ , I actually lost count eventually. Test your concepts. 100% of your prep depends on this. Practicing questions highlight the gotchas in your mindset. I did use Boson. From the books I did the practice questions and full exams on the Sybex guide, CISSP dummies book, AIO, and both the AIO and Sybex complete practice tests books, both current and previous edition.
I would say 2 months before the exam make sure you have read the Sybex guide and understand it and spend the next month on practice questions and correcting your concepts. Read not only explanations of the wrong answer but also the right answer so you get to know why was it right. Sometimes what you think is right isn't the actual reason, its something else (the CISSP reason).
Our job is not to fix something or a problem, it's to identify risk, report to upper management and get them to take a decision. Follow policy and procedure, make sure there is one in the first place, if not make sure management gets one in place. Ignore answers that are clearly short term solutions.
Don't panic during the exam, constantly calm yourself down. If I felt I was rushing through a question, I used to calm myself down and take a breath. Don't rush through the first few questions and take your time at-least with the first 50 questions. I didn't look at the clock or counter until around 40 questions in.
A short break is highly recommended, at-least at 1.5hrs into the exam. I took mine at the 40-50 question mark, when I was beginning to feel exhausted. It was for 4-5 minutes but it helped me clear my mind and recharge .
Exam ended at 100 questions. I went blank and didn't know what to think of at the moment. Relief sets in when I was handed my result and I see those golden words. Come 6 hours later, I still cant believe it.
Looking back , yes I did spend a lot of time, effort, money; all which barely touches the sense of achievement once you see the words : Congratulations ! We are pleased to inform you......
Best of luck, its never impossible, keep at it and you WILL succeed.