top of page

How Yasser Cracked His CISSP Exam

I had been planning on getting the CISSP for long time, but kept on delaying it. There was always something which came up, a new project at work, family visits, a new series on NetFlix. I kept on saying to myself that I will start after X event. I will start tomorrow. I just never started.

I had joined the CISSP reddit group for some inspiration and I saw a message from Ben Malisow about his CISSP course. I thought it was a sign from the CISSP gods, so I signed up.

It was the best decision I made because it was the first real step that I took. Firstly he is a great teacher and the sessions were very interactive and clear but they started at 3 am my time. That meant that I had to commit to almost a month of getting up at 3 am, attending the session until 5 am, study until 7 am and then go to work. It was one hell of a month, but I proved to myself that I could make a promise to myself and actually keep it.

I also told my wife (I had to, otherwise this schedule would have been considered suspicious activity by the divorce court), my family and friends. They were all a great source of support even if they had no idea what CISSP was.

I ordered the Sybex Official Study Guide (OSG) at the same time. After the course I was feeling confident, but I wanted to read the OSG at least once. I should mention that I have 10 years of experience in networking and software development so these topics were not very difficult for me but the other domains were completely new. Anyways whatever I read seemed logical at the time but I would forget most of it by the time I had finished the next chapter. By the time I was half way through the OSG I had lost all the confidence that I had after the course so I decided to find another resource.

I saw that Ben Malisow's book had Luke Ahmed as a technical editor so I searched for his videos on Youtube. I had already been going through the innumerable CISSP videos on Youtube but I liked his style. So I signed up on this site and he finally made sense of the OSG and did not put me to sleep. It felt like I was listening to a friend who is knowledgeable about security and is helping you out.

I also installed telegram and joined the SNT group. There were lots of really smart people there discussing CISSP related questions and issues. I got to see how they were thinking through the questions and it helped me refine my thought processes. A related resource are Prabh Nair's coffee shots. I went through them several times because the way he breaks down a question was very insightful.

I would also search out Luke's cross domain question videos, his technique helped me build up an overall view of all the domains.

For practice questions I primarily used the OSG + Sybex Practice Tests question to test my knowledge and to get used to sitting and doing 175 questions in one go. Initially I just could not focus but slowly built up my stamina.

The second resource was Study Notes and Theory CISSP practice questions. These were confusing and difficult and I never got more than 60% on them. I think someone wrote once that while doing SNT questions he wanted to throw the computer out the window in frustration and I know what he means. I wouldn't need to ever work again if I had a penny for the number of times my better half turned to me in surprise while I was expressing my feelings after looking at the answers, BUT they really really helped me pass the exam.

In each question I went through an emotional roller coaster ride of 'What the #*@&* does he mean???', 'Wait, all/none of the choices are correct!!!' and then I would look at the explanation and think 'Why did I not think of this?'. Then I had to do it again, question after question. By the time I finished all of Luke's questions I had learnt two things. First was that I was not going pass the CISSP. Second was to focus on one question at a time, refocus on each question and forget about the previous one. This skill was essential for me. But for the love of God, do not do what I did. I attempted 500 SNT questions in the last few days leading up to the exam. Spread them out and soak in the knowledge and skills slowly.

I also got his book 'How to think like a Manager' which was thankfully short but with good explanations about finding the right answers. I think I must have reread it five times.

The other thing which I did was make digital flash cards using the anki app. For example I would create card about BCP and whenever I read something which seemed important I would take a screenshot of that paragraph and paste it in the card. Same thing if I am watching a video. So I ended up with cards about BCP, DR, IR etc which contained all the important seeming information. I could then review during the day whenever I would get some time during work and daily commute. I would try to say it all aloud and after some time it actually began to sink in (Side benefit: I became oblivious to strange looks from people while listing out the advantages and disadvantages of choosing a RAID 1 versus a RAID 2 solution)

Anyways, I think the most important thing I have to say is to all those who are waiting for the right moment, don't.

Make a promise to yourself and keep it, otherwise you'll waste a lot of time like I did and that's just too bad.

Best of luck, you can do it.

bottom of page