I have just passed my CISSP exam on 17 May 2019 in 101 questions after 2-month (part-time) preparation. I am so excited and feel that I should share study materials and suggested plan to help others who are also preparing or intend to take the CISSP challenge.
When starting the preparation, I have no idea how to prepare for the exam since it seems to be quite broad and theoretical. I have come across multiple blogs/articles, however, it doesn’t really help me to come up with a solid plan for the CISSP exam. It took me a lot of time and efforts wandering around without much usefulness. Hopefully, my sharing helps others to feel more confident with their preparation and come up with a solid plan to clear CISSP.
Note: This is solely my personal experience so it may not work for others. Please use with care.
I start with my background so you know my strengths and weaknesses, followed by studying resources that I used and finally my suggestion.
My background
I have my bachelor degree in computer science and two master degrees, one specialized in Business Information System (BIS) and one in Information Security Technology (IST). Also, I have 5-year experience as Network/System Administrator in an SME company. Currently, I am working as a cybersecurity analyst in a Security Operation Center (SOC) team for about 1.5 years.
With that knowledge and experiences, I found domain 3 (Security Engineering Domain) and domain 4 (Communication and Network Security Domain) pretty straightforward. However, the other 6 domains are somewhat difficult, especially to understand and memorize terms that I have ever heard (e.g. capacitance, preaction).
Studying Resources
Below is the list of materials which I think help me the most. The order is from most useful to least useful.
- Sunflower CISSP Summary, version 2.0: I think it is the latest version at the time of this writing. I found this summary in so87’s Github repository where he shared his CISSP study guides. However, I don’t find his notes useful (I have my own notes), so I only use the Sunflower’s document.
2. Why you WILL pass the CISSP by Kelly Handerhan: the short video is really meaningful in which she points out the mindset that you should have to pass CISSP. The prime message is “Do NOT fix problems” and “think as a manager”.
3. ISC2 CISSP online course: It is a free course in Cybrary, also by Kelly Handerhan, thumbs up to her great job. Although the course alone is not enough for the CISSP exam, the course is really successful in providing you an overview, general knowledge and emphasize important principles to prepare for CISSP.
4. CISSP Official (ISC)2 Practice Tests: the book offers about 100 questions for each domain to test your knowledge and 4 practice tests. If you use the online version, its look and feel are similar to the real online CISSP exam. I must stress that questions in this book really help to strengthen my knowledge.
5. Simple CISSP Book by Phil Martin: there is nothing special about this book.
My Suggestion
To my point of view, certification is the result, not the purpose. Certification without knowledge is not worth the effort. So my study plan aims to gain knowledge and only practice for the exam at the last moment.
I begin this section by “Don’t do” which I did and it took me quite amount of time. Then, if I have to prepare for CISSP again, what I would “Do” to be more effective.
“Don’t do”
- I started with “Simple CISSP” book and read through all chapters, writing down notes on the way. Here, I have to be honest, I suffered a lot to go through it. The book is very boring (guessing all CISSP books are the same), all content is theoretical knowledge. I couldn’t count how many I have slept while reading it. Yet, the worst thing is that I learn nothing after all of those efforts and numerous hours.
“Do”
- Starting with the CISSP online course by Kelly Handerhan as mentioned above (3). It layouts a good foundation for what you are expected to have.
- Making good use of “Sunflower CISSP Summary”. I must stress that this is an excellent note. Authors condensed hundred of pages into 37 pages. So every word counts, make sure that you understand the meaning behind each concept. If you don’t, look it up in your chosen CISSP book or Google it.
- After completing each domain, you should validate your knowledge and “CISSP Official (ISC)2 Practice Tests” provides about 100 questions for each domain to check your knowledge. Personally, I found it really helpful which strengthens my knowledge over concepts that I thought I well understood but apparently not thorough enough.
- Preparing your mindset with “Why you WILL pass the CISSP” by Kelly Handerhan.
- Now, you are almost ready for the exam. Try 4 practice tests offered by “CISSP Official (ISC)2 Practice Tests”. Surprisingly, I felt things were much clearer comparing to the first attempt without preparation with “Sunflower CISSP Summary”.
