Yusuf On SecuritySecurity news, opinion and advice

How I passed my CISSP

How I passed my CISSP
Note. By no means am I implying this is the only way to study the CBK or prepare yourself to pass the CISSP exam. It does not mean you will or will not pass the exam by fallowing my style. We are all different and everyone has a style. Having said that I also believe sharing tactics help as you can learn from others to improve. 

Without repeating what everyone knows already: that this exam requires a lot of dedication and time, I should say that it also requires time and dischipline. These two alone are probably going to help you a lot. 

Now let’s go to the meat of the matter. 

This is how I prepared myself. Everyone has other responsibilities and priority in life. Some of us have family, others are care free with the luxary of time and flexibility.
I took my time to study the material as my job and family life keep me on my toes.

While I was studying ISC2 reshuffled the domains in early 2015. This became effective in April 15, 2015. The CBK domains now comprise of 8 domains instead of 10. Needless to say that this made me anxious as I have been studying and preparing myself for the exam based on the 10 domains -see the books I have been using further down. Having read a number experts’ options already in the field and instructions themselves, it became clear that I should stop panicking and continue using the same books. I did. I also bought the ISC2 official study guide (aka the green book). I used this book to compare and contrast what really changed. It had very little benefit, I have to say. There are now other books released based on the new CBK domains. I would encourage not to rely on the green book alone. 

The materials and Use
1. A notebook
2. My number one source was Shon Haris’ All in One Exam, 6th Edition.
a. I tested my knowledge of the CBK with her readiness tests. Note. This will help later. You can perform this test again once you think you are ready to take the exam.
b. I studied each chapter in the order of the book.
c. I then watched Shon’s videos and listened to her audio in McGraw-Hill site.
d. Finally I did the questions at the back of the chapters –book closed.

3. My second source was Eric Conrads’ CISSP Study Guide, 2nd Edition. Note The updated 3rd edition came out.
a. I studied each chapter in the order of the book.
b. I then listened to Eric’s podcast available on Elsevier site. A link is also available from his web site.
c. Finally I did the questions at the back of the chapters –again book closed.

4. My third source was ISC2 own (aka the green book) Official (ISC)²® Guide to the CISSP® CBK®, Fourth Edition
To be honest buying this book was perhaps a knee jerk reaction from my part. It was a way for me to ensure that I read the new CBK material. With hindsight I could have done without. Anyway, I went through the entire book and completed the exercises. Exercises were useful thoug. I did not spend as much as I did on Shon Harris’. A copy was provided as my Boot-Camp material too! Doh!

5. I used Freepracticetests.org owned by cccure.org. This helped me reinforce the material by setting the quiz engine to the domain I am studying at that time and setting the number of questions to as much as I can complete given how free I am at the time.
I am sure there are other quiz engines out there but if you are going to use this one, this is how I used it. You can set the quiz mode to either ‘Test Mode’ or ‘Study Mode’ and then set the difficulty level to Rookie, Easy, Medium, Hard or Pro. If you have covered the material well and completed the questions within the book then it is better to set it to Pro mode.

What else helped
6. The power of listening: a device to listen to audios and a good pair of headphones.
Everyone has a way but I retain more when I listen. I travel a lot and my commute to work takes the best part of two hours daily. So I listened two or three times to the domains I find difficult. In fact I did this on every occasion –driving, walking, gym, shopping etc. You will be amazed how much you can cover on these often ‘idle’ times.

7. Finally: Test, test, test
After I finished all the domains back to back and covered all the exercises in the books -see above, I extensively used the quiz engine, this time setting it so that the questions are drawn from the whole of CBK and not just from one domain. I did 50 or so questions every day the weeks leading to the exam, taking notes on my performance. I consistently stayed around 80%+.

8. Mock Exam
Two weeks before the exam, I did one full mock-exam: I set the quiz engine to 250 questions for the whole CBK. Do this with discipline whilst keeping an eye on the clock. You should be able to finish within the allocated time of 6 hours. I finished it in 5 hours and used the rest of the time reviewing the questions I flagged for a revisit. Resist the temptation to change your ansers unless you have really misread the questions i.e. you missed a critical word such as NOT, MUST, MOST etc…
This gave me a boost of confidence having completed in good time and achieved well above the pass mark.

9. Boot-Camp
I then followed all these up with a 6 Day boot-camp. I used this as a revision course. It included a mini-mock exam (125 questions and 3 hours).
I really think boot-camps give you a good return if you used as a revision rather than when you are starting studying.

So all in all with time, a good study plan and discipline you CAN too.

All the best.


Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...