top of page

Where Do I Start Studying for the CISSP?

I am new to studying for the CISSP. Can anyone please advise where to start and what books and materials to use?” - The #1 question regarding the CISSP.

For those who are already 3 months deep into their studies, this question may seem novice and effortless.

But I can understand why this question is being asked…it’s an exhaustive amount of material to study for the exam! It can be difficult to figure out where to even begin studying.

For those new to CISSP, you hear names like Shon Harris, Sybex, Conrad, Fourth Edition, 7th Edition etc. etc. It’s a lot of resources to study, and sometimes we all just need some direction from those who have been there. I go over a comprehensive overview here:

Below is a high level overview of a way to just start studying for the CISSP. It's not a comprehensive overview. If you'd like to read testimonials of all the different ways and techniques successful CISSPs have used to pass the exam, click here: CISSP Study Experiences

Phase 1

Know what you’re getting into. If you’re good at taking exams, dedicating yourself to a project, and have had extensive information security experience, you can most likely pass the CISSP in 3 months.

If you want to gauge where you’re at with each of the CISSP domains, go through and take each of these quizzes: Study Notes and Theory Sample CISSP Questions

Don’t worry if you do terribly at these questions the first time around without any studying, these are difficult questions!

Your goal with these questions is to answer to yourself if you’re ready. Are the questions somewhat, kind of, or pretty easy? Or are they so out of your league that you don’t feel like you have any business answering these questions?

If you feel like you’ve never seen any of the terms in the quizzes, and had to guess at every answer, you’re going to need to study a lot more than 3 months.

If you did decent in the quizzes, say scoring a 68% or higher, you might not need to study that much, but you still do have a long way to go.

If you score above 85% on each of the quizzes, you can probably pass the CISSP in 3 months with some laser focused studying.

Phase 2

Okay, now you’ve made the choice whether to continue studying or just abandoning the notion of the CISSP altogether.

The group has a great dynamic. Prospective CISSP students and current CISSP holders all provide input. Some post questions from different sources and spurn conversation around them. With different opinions about a question from so many different people, it really helps to get some different perspectives.

Decide On a Book

Your first CISSP book should be the size of a dictionary. At the beginning of your studies there is no need to get books like the 11th Hour CISSP Study Guide by Eric Conrad, or other “quick” CISSP books. Your first book should be heavy in weight, and take up a presence in your household.

Some of these books include:

CISSP All-in-one Study Guide by Shon Harris 8th Edition

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide by Sybex 9th Edition - Includes New Exam Topics

How To Think Like A Manager for the CISSP Exam by Luke Ahmed (That's me!)

"How do you think like a manager?" It is one of the most common questions asked when preparing for the CISSP exam. Using 25 CISSP practice questions with detailed explanations, this book will attempt to answer how to think like a member of a senior management team who has the goal of balancing risk, cost, and most of all, human life. The questions will take you through how to resist thinking from a technical perspective to one that is more holistic of the entire organization. Like all of Study Notes and Theory's CISSP practice questions, these questions correlate multiple high-level security concepts and require thinking like a manager. Extracting the most value comes from understanding not only which choice is correct, but more importantly, why the other choices are wrong.

Phase 3

Now you’ve joined the group and bought a book, and hopefully your studies have begun.

You should by now start to have a good feel of what domains are your strongest, and what you need to work on.

In Phase 3 you start to focus on your weak domains. You start to realize that this exam is going to happen, and you are going to pass it through hard work and dedication.

A couple of weeks before the exam, go BACK to those McGraw Hill CISSP practice questions from Phase 1 and take them again. See how you do. I bet you’ll be a lot more confident about your answers, and score a higher number than when you took it in Phase 1.

Try to figure out not only why you got the answers correct, but why the other choices were incorrect. When you’re confident of your grasp of concepts, schedule the exam and pass it.

Good luck!

If you need some additional sources, check out:


bottom of page