Nan0byt3s CISSP Review
[
ISC2 CISSP cert-writeup Introduction
There really is no shortage in Certified Information Systems Security Professional (CISSP) study paths and recommendations. I wanted to add to many that are out there, and describe my self-study path, the tools I used, and how I passed my CISSP exam on my first attempt.
This exam is incredibly different from any other I have taken. I have been asked which was harder, OSCP or CISSP. And, honestly, I cannot say which was “harder”. They are not comparable. Offensive Securities Certified Professional (OSCP) is a very hands-on technical cert with a demanding 24-hour exam, requiring hands on keyboard. On the flip side, CISSP was months of reading, memorization, and practice tests for 3-hour multiple choices. They are very different exams.
This exam took me three months to study for, from cracking open the first book to provisionally passing the exam. Another question I received was about my background, so here goes. I have a Bachelor of Science in Cybersecurity from Colorado Technical University and have been in IT for four years. I decided to take the CISSP because I finally met the requirements for the full credentials. That’s not to say that receiving your Associates of CISSP would not be worth it - I just decided to wait. I started as desktop support, promoted to security administrator, and now am a systems administrator.
Preparation
Below is a brief description and recommendation of the resource I used. I did not finish one before moving onto the next, these are not in any order. I instead decided to use several resources at once. I tripled up the official study guide, LinkedIn Learning and FedVTE videos all at once, and then moved onto Boson and Eleventh Hour CISSP, and eventually threw in Thor Teaches towards the end.
Official (ISC)² CISSP Study Guide, 9th Edition
I purchased the official study guide along with the Official (ISC)² CISSP Practice Tests, although I never did open the practice tests book. I did read the official study guide cover to cover. I had a goal to complete this book in one month, however it ended up taking me a little bit longer. This book goes into detail, the exam hints are very useful, and I liked the flow of the book. This exam is a “one mile wide, one inch deep” type of exam. The book had more information in it then required, but who knows what questions I didn’t get that the book also prepared me for. I highly recommend this book if you are self-studying.
My study method with the book, was I would read a few chapters each week (there are 21 chapters), no more than one per night. After reading a chapter, the following morning or next night, I would complete the written questions as well as the practice questions at the end of each chapter. For every question I got wrong, I would write down a paragraph of the right answer, and why mine was wrong.
This was great! I highly recommend Eleventh Hour CISSP. I decided to take advantage of my daily commutes and listen to this book twice. I listened to this book only after I finished reading the official study guide. It is fast paced and covers a ton of key topics. For a self-studier, this is a must!
LinkedIn Learning Prepare for the Certified Information Systems Security Professional (CISSP) Exam
My employer provides access to LinkedIn Learning, and I watched this entire video series. The videos are presented by Mike Chapple, who is also an author for the official study guide. These videos do not go into as much depth as the book, but a great companion to it. I would try to coordinate and watch videos from material I had just read.
If you have access to LinkedIn Learning, I highly recommend this series.
If you are a federal employee, you should request access to FedVTE. There’s a ton of free training videos that you could have access to. In between watching LinkedIn Learning videos, I would watch the FedVTE CISSP videos as well. The course on FedVTE is dated, however is still relevant. I do not believe this was critical to help me pass, but every chance I took to listen to or watch videos that were at my disposal, I did.
Another rock-solid resource. I would recommend that you follow r/CISSP and wait for a coupon code. I was lucky enough to get 50% off.
I write a lot when I study. This is true for notes from the official study guide, but also for my practice tests. For every question I got wrong, or I guessed at, I would take the time to write the correct answer and why my choice was incorrect. It is time consuming, but it helps. I only ever used study mode, never exam mode. I was getting between 75%-85% on my practice exams before I sat for the real exam. I never got into the 90’s.
Towards the end of my studying, I began to memorize a lot of the Boson exam questions. So, I found another practice exam resource I could use, and a lot of r/CISSP posts recommended Thor Teaches. I purchased the hard exams only, and these were incredibly difficult! I used these four practice exams to find my weak domains leading up to exam. My scores here were incredibly low, ranging from 55% to 63%. These were much tougher than Boson, but very useful. I also highly recommend Thor Teaches.
Official (ISC)² CISSP App on Google Play
I really wanted to find a great app, so I could study while I was sitting on the couch, or on breaks. This app was the best I could find, and I did like the “quick set” of questions I could choose to do. I only ever used the quick set tests, ranging from 10 to 50 questions. I really wanted to like it but found myself barely ever using it. I do not think that this is necessary. There is some app content you can use for free, but to unlock the full features you will need to pay for it.
The Exam
I will not be going into detail on the exam, since I had to sign a NDA. I will say to get a good night’s rest, eat and hydrate before the exam. Make sure to take care of yourself!
The exam was nothing like I expected. I felt like I was absolutely bombing the exam. I felt confident going into it, until I started to click on answers. Go slow, take your time, and read each question. Understand exactly what is being asked. There is no way to flag a question and return to it later or go back once you have answered.
I ended up passing after 95 minutes and being asked 100 questions. It was an absolute thrill receiving my “Provisionally Passed” letter from the testing center. Once I have my credentials, I will update with the post-exam process and experience!
[ISC2 CISSP cert-writeup