There is one thing Oleg said in his review and I think is very true
“I think if you have enough expereince (5Y+) in security practices, you absolutely can complete your study in 3-4 months.“
I found that my actual security experience helped me a LOT during the actual exam. I can’t say what parts exactly, but I know there were some questions where the answer wasn’t in any book or study guide. You had to work in a security environment in order to understand what the question was asking, and what the answer should be. Then again, I don’t know if I got the answer right or not.
Thank you again for the review Oleg!
OK, here is my feedback after yesterday’s successful examination. Feel free to use this text as “How Oleg Cracked His CISSP exam”.
Background and experience: 10+ years of implementing various security solutions in engineer and consulting role. FW, IPS, AV, DLP, SIEM and all this stuff. Also I wrote many technical docs like policies, procedures and so on. (It is very important in Russia. GULAG you know ;)) A little manager experience as security team lead.
Study materials: 1st for my mind’s knowledge base was Eric Conrad 2E. Material in this book is still valid. I do not have 3E so cannot compare differences.
2nd source was Sybex 7th ed. I think you can easily interchangeable this book with Conrad 3E. So book choice is up to you. You should also note some themes isn’t covered even in inch deep. SSO, clouds, assessments, software security. You should to spend some time to read about this in other sources (or rely on your exp).
I also own paper Shon Harris 5E. It is hard to read so big book wink emoticon and I do not do that.
CISSP for dummies also useful and can make sense to basics.
Cybrary.it is absolutely best source and you can get it free! Kelly Handerhan and her CISSP course help me so much. Thank you Kelly! This is the thing you really should to thank with donate. This is not ad, this is truth!
Test banks: I used paid CCCure questions just a year ago and used Sybex and McGraw-Hill bases this year. As for me, I can’t see huge difference between paid and free question bases.
CCCure: it was so deep in technical details and contains many outdated techs. I think you really do not need to knowledge about FDDI and xDSL types now. Knowledge about exact meanings of bytes in IP packets headers isn’t useful today. At least for CISSP exam. This is my 2 cents. Also it’s overpriced, yes sir. I done may be 800 questions in overall. My max scores was 85%. (rarely seen this )
Sybex: This is something similar to real exam. I done something around 15-20 short tests of 30-40-50 questions. My average score was 75-80% Isn’t so high, right? Do not forget what all test engines have heavy technical direction.
McGraw-Hill: I was not have many tests here. 2 or 3 50-question tests. Looks like Sybex.
Notes About Preparations
I moved in my study efforts twice – first time one year ago with break in August to January and second time at February. It is very long time.
I think if you have enough expereince (5Y+) in security practices, you absolutely can complete your study in 3-4 months.
I spend for study 1 or 2 hours in day depends of my private life (I’m father of 2 little children) and full time job. Process was simple – I read books, watch cybrary videos, do some tests. Nothing hardcore. Readings in public transport during my home-job-home moving was helpful
After you will complete your readingsvideos download quick notes of any kind. Sunflower, CCCure notes whatever. Read it. Try to mark all unknown definitions for you. Drill into these words (techs, practices, laws, processes, etc). For success, you should not have unknown definitions. You should want to know what the meaning of this thing and this thing is. What is the cons and pros of this thing? What is better thing1 or thing2? Why?
I repeat. You should not have unknown words in quick notes. Ever. If you can tell for yourself: I know what every term means in these notes and why it is better or worse in comparison with this term – you are ready.
Make focus on steps in risk mgmt, BCP, DRP, SDLC, SMM and all other processes. You should to know the order and what is going on every step.
Before you will stand up and go out of your house in exam day, watch this Kelly video: https://www.cybrary.it/
In addition, one more time again. Remember it. This should be behavior cornerstone for you.
Notes About Exam
Do not panic. It is like Sybex. But 250 question and 6 hours. I did 2 short 10 minutes break for eat some chocolate and drink some water.
Time doesn’t matter. I done exam in 4 hours (and I’m Russian, English isn’t my language). You can do it quickly. DO NOT WORRY!
I was really scare about “tricky” questions with nonlinear wordings and 4 right answers to choose the best. Bullshit. I saw may be 5 questions like this in overall.
From other side you can expect only 5-10% questions about definitions – what is this tech? Here is description and you should name the law and so on.
Main body of questions come from risk management, access control, software development and testing and right security behavior.
Cybrary.it and Kelly Handerhan. You done your job well.
Study Notes and Theory FB group. Great motivation and study source.
Techexams.net. A lots of tips and real life experience.
That’s all folks. Good luck and have fun.
Sorry for spelling and wording mistakes, English isn’t my native language 🙂