I passed my Certified Information Systems Security Professional (CISSP) exam on November 20th, 2018. It took me 50 minutes to answer 100 questions. I am sharing this blog post as resource to colleagues who are intending to take the test and to the cybersecurity profession as my way of “paying it forward” since I received help from vast and free online resources and from advice I received from those I didn’t even know personally.
I decided to take the CISSP exam for the following reasons:
- Model my commitment towards professional development (one of this year’s four key areas in our department strategic plan by learning topics relevant to our organization (SIS&T) future direction including 1) improving our organizational resiliency (staffing, information systems), 2) improving processes (governance, operations, devops), and 3) “liberate data” – expose data across campus systems that have been siloed in the past.
- The need to acquire new leadership/management and technical knowledge required for my role as IT leader on campus given emergent technologies and changing workforce dynamics and demographics. Campus initiatives including cloud adoption, integrated campus cybersecurity, data analytics and campus data integrations using Application Programming Interface (API) and visualization software for decision-making also require new knowledge and skills.
- Continue my commitment to life-long learning.
Though I had intended to take the CISSP exam in 2017 and my organization had even paid for an online course and books to prepare me for the exam, in retrospect, that I didn’t create the pressure for me to prepare led me to not dedicate the time and effort as I had done these last two months before my exam.
The CISSP exam is often characterized as “mile-wide and inch deep”. It is very true the exam assess the tester’s knowledge in the eight domains ranging from understanding of laws and regulations, best practices, networking/physical/software security, and operations. I am not so sure it’s an “inch deep” however as while the exam may indeed provide questions at a general level, the level of knowledge I felt I had to learn (and acquired) in the process of preparing for the exam went beyond general information.
Since my professional background/experience were mainly in application development and leadership/management, I found those domains to be relatively easy. However, given my lack of experience in networking and data center management, I found myself needing to spend more time studying those areas than others. For example, I bought a book called Networking All-in-One for Dummies because I didn’t even know the differences between the different networking mediums (cabling) and wireless networking specifications.
Though I read many online resources about the CISSP exam, there were no materials I read about the specific questions themselves and even if I had come across them, I did want to honor the integrity of the process and professional ethical standards by using them. Given that I didn’t know what questions expect, I found myself using different study materials (books, iphone apps, quizzes, videos, websites, social media) and I even tried different study styles to improve my chance of passing the test. I have learned that I seem to understand and remember concepts better if I understand the “big picture” and when I can see the relationships among the different areas I study. So, I created a mind map of the 8 CISSP domains as my roadmap using a mobile/website called MindMeister. Here is the link to my CISSP mind map.
I also found study methods to maximize the limited time I had between when I registered to take the exam (October 2nd) until the day of the exam (Nov 20th). I created a schedule which required discipline and dedication. The kindle books and the iphone apps which I could use anytime/anywhere during the day when I’m free (including between meetings, trips to the mall, commute) were useful. My wife’s support and encouragement throughout the process was also very helpful. She provided me with the space and time to study.
As I will share below, it was about two weeks before the test when I finally realized what methods increased my comprehension of the topics I was studying.
- Researched CISSP Exam info on ISC2 website and downloaded Ultimate Guide to the CISSP pdf and the Exam outline.
- Researched exam tips on various sites and joined fb groups including Study Notes and Theory Group.
- Started reading (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition (Sybex) with the goal of completing the 21 chapters by mid-October.
- Downloaded iphone Apps for the quizzes and mainly used LearnZapp (no longer available) and PocketPrep spending about 30 mins-1 hour taking quizzes total throughout the day (work break, lunch, commute to work while my wife drives).
- Registered for the CISSP exam (Nov 20th) on October 2, 2018 on the PearsonVue website.
- Created and completed exam preparation schedule for those six weeks.
- First two weeks of October – complete the Sybex book and Shon Harris’ All-in-One CISSP Exam books). This meant spending 2-3 hours a night reading at least one chapter a day and completing the end-of-chapter quizzes.
- Entire October up to November 19th.
- Complete CISSP course on Cybrary.It, and Lynda.com CISSP course.
- Completed at least 200 questions a day from various quizzes (see list below) and improved my knowledge on areas of weaknesses based on my scores.
- Five days before exam
- Took days off from work. Spent at least 5 hours during the day/night of continued studying. This is the period when I realized how to significantly improve my understanding of the topics. At this point in the process, I’ve read books, taken thousands of questions, and watched hours of videos so the areas new to me became smaller. However, there were still areas I struggled because of my lack of experience as I noted above. So, every time I completed the quizzes, I researched the questions I had missed by re-reading the books and re-watching videos AND in the process, I also started understanding/noticing related topics I had missed before.
- Two days before the exam, I continued my routine above, and I also reviewed summary materials I had found online including the following:
- The day before the exam, I had come across a blog post which said to watch the following videos to have the proper mindset going into the exam. So, I watched them, and they made a difference in how I approached the test – think like a manager and from a risk management perspective, not a techie. I encourage those preparing to take the test to watch these videos at some point in your preparation.
The benefit of the CISSP certification goes beyond the recognition of passing the exam. It has given me more confidence with the new knowledge learned about cybersecurity and how to study for future certification exams. In two months, I learned knowledge in areas I did not have opportunities to learn in my 20 years in IT. To pass the CISSP test requires the risk and organizational mindset AND technical knowledge. A technician’s approach of solving issues through tools only or a manager with little knowledge in the 8 domains will probably have a hard time passing the exam. Even with years of experience, the test also requires time and commitment to study the materials and be comfortable with the types of questions.
Personally, I found the preparation process as an opportunity to further assess what works for me in terms of learning style. I used a combination of books, videos, apps, mind maps to figure out what works for me. In the end, I believe memorizing the materials alone is not sufficient and it requires some thoughtful understanding of how the different tools/approaches in combination should be applied to solve real-life situations. It also requires intuition gained through experience to be able to effectively assess a problem. I believe therefore experience is a requirement of the certification.
Like other folks online and colleagues in my organization have who gave me advice and who shared their knowledge for me to pass the exam, I would like to offer you any insight about the process (within the NDA and ethical boundaries) so you may also pass the exam. Please feel free to contact me at email@example.com.
My learning style is different from yours so in general, every single resource listed here was helpful to me personally, but there were some I relied on more than others and ones I thought were most applicable to the areas and types of questions presented during my exam.
- The Holistic CISSP Overview and Preparation Tutorial 2018
- Why you WILL pass the CISSP – CyberTrain.IT 10-min Series
- Larry Greenblatt – CISSP 2018 Exam Tips (*)
- Certification Exam Outline – isc2.org (Effective Date – April 2018)
- it – ISC2 CISSP by Kelly Handerhan – (pdf)
- com – Prepare for the Certified Information Systems Security Professional (CISSP) Exam
- CISSP Certification Exam Prep – ImpTrax Corporation
- CISSP Pocket Prep – Pocket Prep, Inc.
- CISSP Study Guide by Cram-It – Rooster Glue, Inc.
- CISSP Practice Questions – Laurie Hocking
- CISSP Practice Exam Prep 2017 – Recurvo Learning & Educational Apps
- CISSP Stress-Free: RocketPrep
- CISSP Practice Test – Mark Patrick
- LearnZapp CISSP Study Guide
- Boson Practice Exams (paid)
- Wiley Test Bank (companion to ISC2 CISSP Certified Information Systems Security Professional Official Study Guide – 8th Edition)
- McGraw-Hill CISSP Practice Exams (companion to CISSP All-on-One Exam Guide)
- CCCure Quiz Engine
- CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide
- James Michael Stewart, Mike Chapple, Darril Gibson
- CISSP For Dummies (For Dummies (Computer/tech))
- Lawrence C. Miller, Peter H. Gregory
- CISSP Cert Guide: CISSP Cert Guide, 3/e_c3 (Certification Guide)
- Robin Abernathy, Troy McMillan
- CISSP All-in-One Exam Guide, Seventh Edition
- Shon Harris, Fernando Maymi
- Eleventh Hour CISSP®: Study Guide
- Eric Conrad, Seth Misenar, Joshua Feldman
- Study Notes and Theory – Luke Ahmed
- PluralSight.com – CISSP
- Lynda.com – Prepare for the Certified Information Systems Security Professional (CISSP) Exam
- CISSP Exam Preparation – Study Notes and Theory (FB group)
- Skillset CISSP series (Youtube)
- CISSP Community (Reddit)
- CISSP Images (Pinterest)
- Kindle on Iphone