CISSP Exam Strategy #109284

Study Notes and Theory’s Facebook study group has a TON of good information for the CISSP exam.Here is an exam strategy that I also used to pass the exam.The below strategy comes from one of our group members, Ed Spencer.


I’d go through the Shon Harris book again… only take notes as you go through it to reinforce the information. Use those notes as reference material and review them once a day. This means you’re not just listening/reading, but also listening for what’s important and then writing it down. It reinforces the information in multiple ways.

Also, consider reading security related materials not aimed specifically at the test. Immerse yourself into the industry. Consider reading books dedicated to singular domains like Applied Cryptography by Bruce Schneier. General books like the multi-volume Information Security Management Handbook is another (7th Edition is current on these… and last I checked there are 4 volumes).

When you go through a practice exam read the question and then stop. Take each answer and say not only which is right, but why it’s right AND also why each of the others is wrong. It means you need a higher understanding of everything other than just what’s right.

Get the latest book from ISC2 on the exam. It’s the only book out that’s been updated to the new materials that I’m aware of.

These techniques are a bit extreme and push the limits but they’re cheaper than paying for the exam again. wink emoticon And some of the books can be ‘rented’ through Amazon’s Kindle or something similar.

-Ed Spencer


The part about Ed’s strategy that I loved is the fact that you have to immerse yourself.  It’s not enough that you read the entire chapter on Cryptography…go watch “The Imitation Game” to see how a known-plaintext attack was used, or the history of the Enigma machine.  Once you start to see CISSP topics outside the study guides, it really helps to reinforce the concepts and how they are applied in real life.

If you don’t have real life information security experience in a particular CISSP domain, you must immerse yourself.  It is the only way to pass the CISSP exam the first time.