Tuesday, September 13, 2011

CISSP Review, Strategy and Advice

Today I found out that I am one step closer becoming a CISSP by passing the exam. I realize there are quite a few reviews on this so I'll only add what I think is beneficial.

I put off this certification for years because it isn't that technical and I thought it was going to be boring. I also thought it was just about reading a book and taking an exam; I was wrong. The first mistake I made with this certification in the beginning was that I underestimated the amount of information there was to know. Even if you have worked in the common bodies of knowledge you still have to go through the CISSP's version and terminologies or you wont be ready for the exam.

The biggest piece of advice I can give for the exam is to focus on CONCEPTS. You really need to understand why things are the way they are in the CBK. I went through about 4000 practice questions on cccure.com but only about 5% of them were like the questions on the exam. I also used all the Shon Harris exam questions that came with the 4th edition of her book. But again, the questions were different on the exam. However, these are great tools to practice what you know. Instead of just memorizing answers, make sure you know WHY the answer is correct. I promise you, this is the best advice I can give.

Use multiple sources of information to study. I read this somewhere else but didn't really start utilizing this strategy until about half way through my studying. The reason this helps is because your brain will process the concepts in two different voices which actually helped me remember things during the exam.

My Study Strategy and Lessons Learned

Here are the resources I used to study:
First bit of advice on strategy: make sure you have one. Don't just start haphazardly reading and studying. Have a plan and try to stick to it, the organization will pay off. If I had to do it differently, here is what I would do: read the official guide first. It's kind of a rough read but anything that doesn't really make sense or isn't clear, you can reinforce with the Shon Harris book. Then, as you begin taking practice tests, review what you know with the Eric Conrad Study Guide. This strategy worked for me and I wish I would have had this written down prior to beginning to study. I didn't really have a solid study process and as I was getting closer to my exam date, I started to panic.

I hated this entire process and the exam was hard but the worst part was probably waiting for your results. I got mine about 4 weeks after I took the exam. This was torture! I do think there is value in the content and I did learn a lot, more than I expected ;)

I hope this helps!


Adebayo said...

Thanks for the study tip for the CISSP exam. I am considering the CISSP and the CISA exam. I was advised to do them while studying for my MSc in Network and computer security. The MSc course covered a lot in both exam so I have a great deal of knowledge fot the exam domains.

However, the thing that bothers me is the experience needed for the CISSP certification. I have over 6 years experience as a Network administrator with 4 years involved in roles with some of the domains in CISSP. I dont know if you have to have worked in a role that applies all the domain.

Can you please clarify the experience needed for the CISSP certification.

Craig said...

You're very close and if you look at this https://www.isc2.org/cissp-professional-experience.aspx you might see where you have that experience already. As a network admin, you've likely done telecom/net security, ops security and disaster recovery. Keep in mind, you only need 5 years experience in 2 or more domains, not all domains. Hope that helps.