My CISSP journey...
I have around 6 years in IT security, but over 25 years in IT (including development). So 10 months ago I thought a quick bootcamp would be the best way to pass the CISSP exam. 6 very painful days, 3 hours and 149 and a half questions later, I realised I was wrong.
For weeks after, I thought about retaking, but the beating I took the first time was too much to contemplate going back so soon.
But, just like in any good Rocky film, there’s a turning point. Mine came after Christmas. It’s the point at which you decide to commit, and commit fully.
My plan was to get as many resources as possible and then filter this down (maybe not the best, but worked for me):
- Official ISC2 Student Guide (from the 2018 course) - as my definitive source. It’s huge, but I read it from cover to cover.
- 11th hour CISSP (top resource for 1-2 months out)
- Shon Harris audiobooks (Excellent for listening to on the commute to and from work).
- Kelly Handerhan Cybrary videos (of course)
- YouTube/Google (used to research any concepts I didn't understand)
I cannot stress how important it is to understand the concepts. I looked up all types of topics, e.g. different types of NAT’ing, Private IP ranges, NIST documents, risk frameworks, etc… it’s all on Youtube (though sometimes you can get contradictions). If you can’t find a simple enough answer, post a question in this group.
The exam, as I’d previously experienced, is not just about the books. I would guess that the answers to about 50% of the questions cannot be found directly in the study materials I used. Even as a native English speaker, I had difficulty understanding the language used in the questions when they started getting really tough. As a result I would suggest taking the exam in your first language.
So these were the questions I used:
- ISC2 practise questions from the bootcamp
- CISSP Official (ISC)2 Practice Tests, 2nd edition
- Boson Practice Tests
- Thor Pedersen’s CISSP questions (Udemy)
I only used these questions once over (as well as the questions at the end of the chapters in the books). I used Thor’s questions and the CISSP official practice tests to test domain knowledge after I had revised a domain fully.
The Boson tests was to practice the 3 hour exam sitting. These questions are what I would call easy to medium, to test the completeness of my domain knowledge. I used the tougher ISC2 practice questions to track how ready I was to take the test. In all of those questions I scored between 70 and 85% (in the last 2 months).
Finally I used Luke’s questions for the last month to test my ability to apply my knowledge. I needed a legitimate source to test at the level you will find on the exam's harder questions.
In the exam the first thing I wrote down were checkpoint times, so I knew how many questions I needed to have answered to stay on track.
This is how I knew that I was behind after 30 min. The first 30 questions were quite straightforward, then they got very tough very quickly and stayed like that until question 100. A word of advice, if you are still in the game with 30-40 questions to go, DO NOT PANIC. Prepare to go the distance and don’t anticipate the exam ending before time.
In this group we all come from different backgrounds. I’m married with three children and family life takes time, so I can’t lock myself away for 6 hours at a time. Study little and often if those are your circumstances. Also, give your family - and yourself - intermittent rewards. The CISSP is a serious exam, but it is only an exam. Don’t miss out too much on life during your studies; be disciplined and have fun as well.
I wish you success on your own journeys. God bless you all.