I recently passed the examination in March 2018. This entire experience has helped me understand security at a foundation level, and I expect this knowledge to greatly benefit my career.
The CISSP or Certified Information Systems Security Professional is an information security certification that has had many mixed opinions in the security community. This mixed opinion is formed from what Human Relations expects out of someone with the CISSP certification. Most employers seek candidates with the CISSP not knowing what the certification prepares the holder for, and here is what they can expect from someone that has passed the exam.
This person has a ten thousand foot view of information security and understands the core reasons behind some the of most critical areas of security(Yes, including physical security). To obtain the full certification you will also be required to complete five years of full time professional information security experience. This proves that the holder of the CISSP has a great overall understanding of how to protect or secure an environment.
This exam, in my opinion, should be taken by anyone in the information security field. Analysts and Engineers need to understand how and why security managers make certain decisions for the business. This also allows technical employees to understand the processes of a complete security system in an organization. (Policy, Standards, Procedures, Guidelines)
I started studying for the CISSP immediately after passing my Security + exam. Passing the Security + helped greatly with understanding some of the core concepts of security and made the transition to CISSP studying smooth.
I started by reading cover to cover of the Sybex CISSP Official Study Guide. This was a long process, because any concepts that I didn’t completely understand I would look up videos or dive deeper to really understand the content. As an example, when I read about buffer overflows, I had to know how it worked so I ended up doing a deep study on the subject.
During my commute to work every day I would listen to Simple CISSP Audiobook by Phil Martin. This was great……until the 6th time through. At this time I was also watching the videos on cybrary.it and pluralsight.com. Cybrary.it = great Pluralsight.com = terrible
Last, I started taking practice tests. I completed over 3,000 test questions throughout my studies. I added the total amount of questions that I had access to, and divided it by the amount of days I had until my test day. This forced me to cover all the questions in small amounts every day. The resource closest to the actual test was the Sybex CISSP Test bank, however the actual test questions were much more difficult. Read through 11th hour and skimmed through the CISSP All-in-One Exam Guide (Shon Harris)
During the final week I took full 150 question tests and read through 11th hour. On test day I ate a great breakfast full of protein, then left very early for the test to avoid any traffic issues. While in the parking lot before the test, I looked over the CISSP Sunflower PDF notes.
During the test I felt as though I was failing the entire duration of the exam due to the style of questions. At least two of the four answers will be correct, but you must chose the BEST, MOST, LEAST, etc answer for the specific scenario. I focused all my attention on every question and chose the best answer of the options provided. I tried not to think of whether I was passing or failing at any point.
Here is summary of what I used to prepare for the CISSP:
- Sybex CISSP Official Study Guide
- CISSP All-in-One Exam Guide (Shon Harris)
- 11th Hour
- CISSP Sunflower PDF notes
- Simple CISSP Audiobook (Phil Martin)
- Cybrary.it audio
- YouTube.com (Example: Chrisof Paar = deep understanding of cryptography)
- Skillset Videos
- Sybex CISSP Test bank
Once you have completed the CISSP, you will have solid foundation in information security.