A Brief Guide to CISSP Prep

01 Oct 2018

Adventures in Exam Preparation

If you’ve been following me on Twitter, then you might be aware that I’ve just passed the CISSP exam. While the whole experience was nerve-wracking and I swore I had failed until I saw my results, I still want to share a few things that worked for me. I will also call out where I think I could’ve done better in terms of prep.

Boot Camp

This was a work-sponsored boot camp covering all the material from the 2015 CISSP CBK that I took back in January. It was a really intensive crash course of anything that could possibly be on the exam. I do recommend either doing a Boot Camp or going over the “big book” at least once if you can get a copy. This material gives you the full idea of just how much information encompasses the 8 domains. What was kind of awkward for me was that I began studying with the 2015 CBK but ended up testing against the 2018. There’s not much difference it seems. My takeaways were that the 2018 CBK has a bit more on mobile, embedded systems, and IoT.

Online/Mobile Quizzes

I was recommended CCCure Quiz Engine (web) and CISSP Pocket Prep (mobile). My goal had been to keep the content fresh in my mind and try to take the exam in June after school was done. I’ll be honest: I didn’t have a great experience with that mobile app and I ended up ditching it (it was crash-prone and obliterated my progress on more than one occasion). I should’ve skipped it entirely.

The quiz engine was okay although I got the impression that the questions were of lower quality as compared to the questions from the Official Study Guide or Official Practice Tests.

The one thing I liked about both of these resources was the ability to easily see which domains needed the most reinforcement. When I ditched the quiz platforms, I started taking more notes. I think the note-taking and review was much more effective for my own retention of the concepts.

CISSP Official Study Guide

This is my number one recommendation. If you could get only one book for CISSP prep, this is it. As I got closer to my exam date, I read through the chapter summaries and did each of the written labs and review question sets. Upon review, I recorded the topics of questions I answered incorrectly or with any hesistancy in a document and made sure to record the relevant information on those topics in a cheat sheet format. When it seemed like I needed more reinforcement, I went back in and read through the chapter, occasionally jumping over to the 11th Hour Exam Guide or Google to research concepts. I tried to avoid getting into the weeds when turning to Google. There’s so much material and not a lot of time to dwell unless you’re researching a very specific, hard-to-remember concept.

The 11th Hour CISSP Study Guide

This is probably my second choice for books. This and the Official Study Guide make an awesome combination in terms of prep materials! Where the Official Study Guide might either gloss over or delve too deep into explanation, the 11th Hour provides that nice concise bulleted list of all the steps of the framework, or levels of verification, etc. NOTE: I don’t know if there is a 2018 CISSP CBK version of this in print yet.

CISSP Official Practice Tests

These proved to be very helpful. The cool thing about this book is that once you purchase it, you can also access the practice test questions online. The quiz engine isn’t anything fancy. You won’t get your progress mapped out to each of the domains by default; however, the questions are, in my opinion, of a higher quality than some of the other quiz platforms I used. I took a similar approach as I did with the study guide review questions by taking note of the material that needed more reinforcement and putting the relevant notes into cheat sheet format.

Things I brought along on exam day:

The 11th Hour Study Guide
Cheat sheet of the difficult material
iPad for quickly searching for topics in the Official Study Guide

I queued up a CISSP course from Cybrary for the drive to the test center (about 75 minutes) and picked modules from a domain that I felt I hadn’t reviewed recently. This was a good move (it definitely helped to refresh some topics I encountered on the exam) but you can only listen to so much content on the drive.

I arrived early and spent 20-30 minutes glancing over my notes, looking at very specific topics in the study guide/11th Hour, and reinforcing some of the lists/models/frameworks one last time.

I am not kidding. I thought I was going to fail. The entire time. For every answer I answered with confidence, there was another that felt like I took a 50/50 chance.

After all of the stress, I didn’t fail. It felt great to put that exam in the past.

I hope this info is helpful to someone! Feel free to reach out on Twitter or via email if you have questions or feedback!