Intro
CISSP (certified information systems security professional) still remains one of the main certifications in the information security world despite industry experts challenging its actual ability to verify professional knowledge, experience and abilities.
I would describe CISSP exam as one of the toughest I have ever went through and I consider myself fortunate to successfully achieve certification on the first attempt. 6 great hours of testing your knowledge and will.
I have started preparing 6 months prior to the exam. My first action after deciding about going for the certification was to go on and schedule it in order to set a definite deadline. Having done that, I started looking for the right material.
Reading Material
Books I started with were famous “CISSP All-in-One Exam Guide“ by Shon Harris and “Information Security Management Handbook, 6th Edition“ by Harold F. Tipton and Micki Krause. Both books are massively packed with information and that makes them too complicated to use as base preparation material for the exam. There is too much “water” that only takes up memory and is not really helpful during the exam.
So as a main base preparation material I would recommend starting with “CISSP Study Guide“ by Eric Conrad, Seth Misenar and Joshua Feldman. When you read it from one domain to another, use “CISSP All-in-one Exam Guide” or “Information Security Management Handbook” to expand knowledge of a topic that might not be sufficiently covered in Conrad’s guide. It will help you getting a better understanding of some particular difficult concepts.
You should complete reading whole material approximately 1 month prior to the exam. Use the remaining time for practice tests. A week before the exam you can read “Eleventh Hour CISSP Study Guide“ by Eric Conrad, Seth Misenar and Joshua Feldman. This book includes only the core information required for the certification and cannot be used to study, only to consolidate what you have learned.
Practice Material
You can practice answering questions after you finish every chapter or domain with:
Absolute winner among practice tests was: https://www.freepracticetests.org/quiz/index.php. Last time I checked, you could try it for free, but I would definitely recommend paid version. There are more than several thousands questions covering all domains and this resource in my opinion is the best and closest to what you may find on actual exam.
Stay away from testkings, actualtests or that sort of material. It will not help and you will probably end up paying more for practice questions taken from resources I have mentioned above.
I have also heard good comments about “CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test“ by S. Rao Vallabhaneni, although I did not have a chance to try it personally. Perhaps I will soon, because I am planning to refresh each domain knowledge.
Other methods
Another trick I have used was mind maps. For each domain I would create a mind map connecting and describing main concepts. It helped me paint a structured picture of the material I would need to memorize or understand. To me it seems to help better when I was creating the mind maps on my own. I still use this approach when working on complex projects requiring analysis of large number of documents (policies, procedures, etc).
I have also used a lot of flip chart sheets. Almost all walls in my living room and office were covered with those sheets fixed with a scotch tape. I would draw diagrams or visualize processes explained in the books in order to fix them into my memory.
Trainings or boot camps
You may be thinking to attend a specialized CISSP exam preparation training or boot camp. To be honest, I do not believe that it is possible to successfully train a person for CISSP exam in 5 days or even 10 days. Prior to the training you need to have a solid background and foundation knowledge. In a nutshell training or boot camp:
- prepares you for what to expect on exam;
- reinforces the basic knowledge;
- provides methods of approaching different questions;
- points out mistakes usually made during the analysis of the exam questions;
- teaches tricks of filtering out best answers;
- assess areas you need to concentrate your study on, what should be memorized, etc.
Despite aggressive marketing and nice catch phrases, most of trainings and definitely boot camps assume that you have your basics knowledge right and complete. Value of such training courses is in live interaction with trainer and someone attended the exam. So if you decide to go for such training make full use of it. If you do not understand something ask for clarifications, if you have doubts clear them in discussions. Your boot camp or training should not be too far apart from actual exam date, schedule and attend it within month or month and a half from the exam date.
Finally
As exam date kept approaching I personally hated the feeling as if I was not prepared enough, fearing I did miss something or not completely understand. So while practicing questions keep polishing your knowledge. Definitely read explanations for the answers, read blog posts and books to better grasp concepts.
1 day before the CISSP exam stop preparing, further reading or studying will add pressure and you do not need it. Instead just relax, watch a movie or have a sleep. You deserved it.
