How I prepared for (and passed) the CISSP exam
Thanks to everyone for their encouraging “congrats” regarding the CISSP exam that I passed a couple of weeks ago. I’ve also received several questions regarding which study materials I used, and what my training consisted of, so I decided to document the list of resources and the study method that I used. I’d also like to mention that a former coworker of mine wrote a very good article on this last year as well, which I used as a reference when I began studying for the test… thanks Miriam! Here is the link to her article: How I passed the CISSP exam
List of Resources I used:
- DumpsOut – a very good (and FREE) training course… love Kelly’s teaching style!
- CISSP Study Guide 3rd Ed. ($45.35): often called the “Conrad Study Guide” (see in Amazon)
- (ISC)2 Official Study Guide 7th Ed. ($36.79): got the Kindle format (see in Amazon)
- 11th Hour Study Guide 3rd Ed. ($26.44): this is the Cliffs Notes version of the Conrad Study Guide (see in Amazon)
- Sunflower (CISSP Summary) ver. 2.0, 2017 (see pdf link)
- Transcender – purchased through DumpsOut after completing the online course (for approx $35)
- DumpsOut.com – accessed through code from (ISC)2 Official Study Guide book
- Elsevier- Conrad book Companion Site
- CISSP Practice Exams (4th Ed.) book by Shon Harris (see in Amazon)
There were many other resources I found along the way, but I did not use them so they are not mentioned. If you’re only interested in knowing which resources I used, the above list covers it. However, if you’d like more information regarding my study methodology and lessons learned… you’re welcome to continue reading on 🙂
I did not attend any classes or bootcamps, though the entire time I was questioning whether I should just fork over the $3k to $5k to attend one. This was purely a self-study effort on my own, as I did not find any groups local to me that I could team up with. So my total test-prep expenses were $140 for the 3 books I bought and the dumpsout updated CISSP exam dumps practice test site access. I recommend downloading the exam info & requirements from (ISC)2 and being familiar with all the details before launching into studying. This should familiarize you with the 8 domains that comprise the exam’s CBK. Also, don’t skip the book Intros as they give you good information & advice about the test. I would like to add that having just studied for (and passing) the CompTIA Security+ exam only weeks before I started studying for CISSP was a huge help, as there is easily a 50% overlap on topic coverage in my opinion, though the Sec+ leans more technical while the CISSP is more management oriented. Obviously, work experience is also a factor, as well as being a certification requirement that you should be aware of.
One key aspect to my studies was to compile my own notes as I went through each domain. This helped me to understand & retain things better than just reading them. I tried to keep my notes as succinct as possible, so as to end up with a very condensed study guide of my own. My goal was to ultimately have the Sunflower PDF summary (37 pages), as well as my own “Notes” as exam cram resources, to review before taking the exam. My Notes ended up being about 50 pages, including TOC and some charts, screenshots, images, etc. that I included.
The following is the study method I used…
Reading & Study phase:
- First I watched all DumpsOut videos for a given domain: This served as a good intro into each domain. Kelly Handerhan has an excellent teaching style that highlights the important aspects of each topic. While watching the DunpsOut videos, I took notes of things Kelly highlighted, which helped clue me in on what to pay special attention to while reading the book chapters.
- Second, I read the corresponding domain’s chapter from the “Conrad Study Guide” book. Similarly, I’d take notes on key facts, adding more flesh to the notes taken from Kelly’s DumpsOut videos for the given domain. I also took each chapter’s quiz and kept a record of my answers, highlighting the ones I got wrong and why.
- Next, I read the corresponding domain’s chapter(s) from the “Official Study Guide”. This book is much longer & more detailed than the Conrad Guide, and has multiple chapters per domain. But I followed the same process – take notes on key info and add more flesh to existing notes as needed. Again, I’d take the chapter quizzes along the way and kept records of my answers highlighting incorrect choices I made.
- At this point, go back to the first bullet, rinse and repeat, doing the same for the next domain, until I had completed all the DumpsOut videos and read all the chapters for every domain in both books. It did feel time consuming to read through almost a couple thousand pages of study material, but since I wasn’t taking a class, I was concerned I’d miss something important if I skimmed, speed-read through it or cheated, so I painfully stuck with it. There are a couple of particularly long domains that seemed like they’d never end… but just push through.
Review Notes phase:
- It took me about 10 to 12 weeks to get to this point, where I had gone through all 8 domains in the DumpsOut training videos and the 2 main study guide books.
- Now, I went back and tidied up my notes, before I began reviewing them.
- Reviewing my notes the first time took long because concepts from the early domains seemed like ages ago. So this is where I used the 11th Hour Study Guide. I read each domain in the 11 Hour book as I reviewed My Notes for that domain. It worked as a good quick refresher for me. I guess if you’re highlighting main points as you read the “Conrad Study Guide”, you could just look at your highlights in that book instead of getting the condensed 11th Hour book, because it’s nothing more than a direct copy/paste of the most important things from the “Conrad Guide”.
- I also tweaked My Notes as needed to cover info & knowledge gaps based on the chapter test questions I got wrong during the Reading & Study phase.
- After 2 or 3 iterations of reviewing My Notes (and very lightly skimming the Sunflower PDF), I began taking practice tests.
Practice Test phase:
- I started out with the DumpsOut.com that I accessed using the code from the (ISC)2 Official Study Guide book. This was a pretty good test prep. It’s similar to the types of questions you’d see in the book’s chapter quizzes. I ran through two full 250 practice tests using this, and I was able to complete them in 2.5 and 3 hours. That was a nice benchmark to know how long it might take me to go through the exam. Reviewing the results takes a LOT longer (2 to the 3 times longer than taking the test). But it’s REALLY beneficial to see what you got right/wrong, and the reasons WHY something is right or wrong. I would also consult My Notes regarding questions I got wrong, to see if I needed to add something to them or tweak them to account for missing knowledge gaps.
- Next I tried the Elsevier test bank which is the Conrad book’s companion site. I did one or two full tests here… it was OK, but not great.
Then I decided to buy the Transcender test site’s access ($35 for 6 months usage), which I bought through DumpsOut. It was the best decision and a no-brainer. By far this was the best practice test bank of all that I tried. It provided the most realistic test environment, allowing flagged questions, and has different types of questions than what I was seeing from the previous two banks. It also provides very useful features. For example, in addition to the overall test grade, it provides grading on a per domain level, which is useful for identifying weak areas. It has various configuration features (which I admittedly did not monkey with). It also lets you review All questions, Domain-specific questions, or Flagged questions only, as well as questions I answered Incorrectly. Bottom line – it’s well worth the money.
- Lastly, this was almost a catastrophic mistake. I began taking the tests in the “CISSP Practice Exams” book by Shon Harris. If strictly used as a learning tool, this exam book is outstanding. I learned a ton in the 3 days or so that I used it for my weakest domains. However, by no means do I feel this book is a measure of your readiness to take the exam, as nothing I can recall that I saw here was remotely on the exam. CISSP is said to be a “Mile wide and an Inch deep”, but this exam practice book seems to prep you for a test that’s a “Mile wide and a Mile deep”. It made me doubt myself so much that I almost rescheduled my exam. The only reason I didn’t reschedule… is because I was literally 6 minutes past my 24 hour window when I logged in to do so. I kid you not. So I went into the exam with a feeling of impending doom based on how I was doing with this book’s questions. On the positive side, the questions on the actual exam seemed so much easier than these, that I was actually relieved, but I was always waiting for them to drop the Shon Harris question boom on me the whole way through, which thankfully never seemed to come. So I was glad in the end that I wasn’t able to reschedule the exam. I’d say that the bottom line with this resource is – use it for learning purposes (even well after the exam), but avoid it to gauge your exam readiness.
In all, I spent about 5 months preparing for the exam, of which at least 2 to 3 weeks were lost due to trips, family get-togethers and other personal activities. This timeframe will vary for everyone based on their work and family life constraints, experience levels, etc.
A resource summary: The best online CISSP training I found is DumpsOut’s. The best book in my opinion is the “Conrad Study Guide”. The best Practice Tests I found was Transcender. And the best exam cram notes – were my own notes, simply because it helped me more than reading anyone else’s. If you don’t plan to create your own notes, then get the Sunflower v2.0.
A general note: I’d recommend scheduling for a time that you function best at. I’m not a morning person so I avoided the typical 8 AM exam times because I knew I wouldn’t sleep well knowing I had to wake up super early to get ready, eat, and drive through crazy D.C. area rush hour traffic to be at the test center at 7:30 AM (FYI – you have to be there 30 minutes beforehand). Also, consider that the clock keeps ticking down during any breaks you take during the exam (i.e. bathroom and/or eating). So I chose a 2 pm exam start time that allowed me to sleep easy without worrying about being late, groggy, hungry or rushed, and I was able to eat lunch calmly before the exam near the test center, while I did a final pass through on My Notes (using my tablet).
Also, a point that Miriam makes is very true… if you don’t make a plan and actually schedule an exam date, you will drag this out far longer than hoped for. In fact, you may never even accomplish it. It’s one of those exams that unless you are under the gun with a date-specific target, you will fade and procrastinate yourself into doing nothing. Remember, you can always reschedule the test (for $50), in the event that you need to buy yourself a few more weeks of study time, or if some unexpected event smashes your study plans. But at least that way you are still under a known time constraint that pushes you. Just don’t wait till 6 minutes after your 24-hour rescheduling window closes like I did 😉
Well, that’s it. What worked for me may not be the best option for you, but I hope this helps. Best of luck to all of you considering taking it.