I put off this certification for years because it isn't that technical and I thought it was going to be boring. I also thought it was just about reading a book and taking an exam; I was wrong. The first mistake I made with this certification in the beginning was that I underestimated the amount of information there was to know. Even if you have worked in the common bodies of knowledge you still have to go through the CISSP's version and terminologies or you wont be ready for the exam.
The biggest piece of advice I can give for the exam is to focus on CONCEPTS. You really need to understand why things are the way they are in the CBK. I went through about 4000 practice questions on cccure.com but only about 5% of them were like the questions on the exam. I also used all the Shon Harris exam questions that came with the 4th edition of her book. But again, the questions were different on the exam. However, these are great tools to practice what you know. Instead of just memorizing answers, make sure you know WHY the answer is correct. I promise you, this is the best advice I can give.
Use multiple sources of information to study. I read this somewhere else but didn't really start utilizing this strategy until about half way through my studying. The reason this helps is because your brain will process the concepts in two different voices which actually helped me remember things during the exam.
My Study Strategy and Lessons Learned
Here are the resources I used to study:
- The official ISC2 CISSP Guide
- Shon Harris All in One 4th ed (there is a newer version now)
- CISSP Study Guide
- cccure.com practice tests.
I hated this entire process and the exam was hard but the worst part was probably waiting for your results. I got mine about 4 weeks after I took the exam. This was torture! I do think there is value in the content and I did learn a lot, more than I expected ;)
I hope this helps!
Thanks for the study tip for the CISSP exam. I am considering the CISSP and the CISA exam. I was advised to do them while studying for my MSc in Network and computer security. The MSc course covered a lot in both exam so I have a great deal of knowledge fot the exam domains.
However, the thing that bothers me is the experience needed for the CISSP certification. I have over 6 years experience as a Network administrator with 4 years involved in roles with some of the domains in CISSP. I dont know if you have to have worked in a role that applies all the domain.
Can you please clarify the experience needed for the CISSP certification.
You're very close and if you look at this https://www.isc2.org/cissp-professional-experience.aspx you might see where you have that experience already. As a network admin, you've likely done telecom/net security, ops security and disaster recovery. Keep in mind, you only need 5 years experience in 2 or more domains, not all domains. Hope that helps.
Post a Comment