Though I have just provisionally passed the exam in the month of Dec ‘21, I will try to
summarize the roller coaster of emotions I went through from booking the examination to
walking out of the exam center like I have just defeated the final boss!
Note: This is just my experience of the CISSP journey and may not be applicable to everyone.
Have also mentioned Do’s and Don'ts for the exam that I personally went through. There is a
“resources” section at the end for people who love TLDR; (like me:))
My background:
I have a Master's degree in Information Management with minors in Information Security
Management. Worked in the SOC for a year (part time) and have been working full-time in the cybersecurity industry for almost 3.5 years now. I took the security+ certification as well (almost3 years back)
How did I approach the certification (in RMF style): 4-5 months
1. Prepared my mindset for the certification while knowing the goal: “Reduce the risk of
failure”
2. Categorized all the available resources - mentors, forums, videos, books, social media
groups, boot camps, official, paid, free, etc. It was daunting and I had the fear of missing
out on important resources (FOMO). Therefore, I looked at some forums (Reddit,
Discord - Certification Destination) and other people's experiences (like on Luke’s page)
and narrowed it down to common ones. I have shared below all the actual resources I
used.
3. Selected which CISSP resource I should consume first; based on my style of learning
and moved to the next one. I learn by writing. I took handwritten notes from all the
resources I consumed (Sybex, Luke’s, Thor’s) and scanned them (I used rocketbook as
it is efficient and reusable). This really helped me in the last two weeks.
4. Implemented a routine to include studying for the exam every single day. I started with
30 mins - 1 hour/day in July ‘21, 2 hours in Aug & Sep’21, 3 hours in Oct ‘21 and 4-5
hours in Nov ‘21. I had taken 2 weeks off before the exam (but still couldn’t read more
than 6 hours/day).
5. Assessed my progress by answering questions at the end of each Sybex chapter. Took
my first full assessment in the month of Oct ‘21, flagged the questions which were
incorrect or I didn’t understand. This helped me to understand my weak domains and I
redid only the flagged question during the last few weeks.
6. Authorize and Monitor - This is where all the support comes into picture: my family,
friends, mentors, social media groups, my work boss, peers, etc. They were really key in
the success.
How did I approach learning the materials? Which resources did I use?
1. I like audio/visual type learning rather than reading but I can’t retain information unless it
is hands-on. Therefore, “handwritten notes” for the win :)
2. I decided to start with the FRSecure free CISSP Mentor program free YouTube videos
and took light notes. This was more casual as I just wanted to gauge strength and
weakness.
3. Sybex OSG (read, write, repeat):
a. Read each chapter and highlight important points while taking down notes. At the
end of each chapter, I will just glance at my notes and answer the questions that
followed.
b. I read the OSG again, 2 months before the exam and took notes that I thought
were missed previously. This time it was faster as I was focusing more on the
highlighted ones. This helped me create an abstract view of the concepts. For
example - I was able to visualize why/how SLIP,PPP,EAP,802.1x,etc. (this was
confusing to me at first).
4. Luke’s SNT
a. I was amazed with Luke’s style of presenting a concept. I watched the relevant
videos where I thought I was weak. I didn’t take notes because it was so well
explained :)
5. Thor Pedersen
a. I watched his video with 1.75x speed and took notes for new
concepts/information which was missing in OSG.
6. I referred Destination Certification mind map video and Prasant Mohan’s mind map in
the last 2 weeks
7. Most importantly I looked at my handwritten notes twice in the last few days and Kelly’s
Why you will pass the CISSP
How did I assess myself? Which test engines did I use?
1. OSG Chapters and Practice Test online
a. If you buy the Sybex OSG and practice test book, you would get the online
version of questions as well. This was useful, because it allowed me to flag
questions and keep a track of time. My average score at the end was around
85%
b. The questions were not too hard but good to gauge how much you know, with a
good mix of objective and subjective ones.
2. Luke’s SNT questions and How to Think like a Manager
a. Boy oh boy! This was the toughest but in a good way. It made me think out of the
box and changed my perspective on how to approach this exam. Not objectively
but subjectively. My average score was around 60-70% on a good day.
b. The questions were hard but I learnt how to approach it. What I should keep in
mind before deciding the correct option.
c. Luke’s book is amazing, and I would rate it 10/10!
3. Prabh’s Coffee Shots on YouTube
a. Amazing content and coffee shots where he explains concepts with his coffee
shots. The snacks at the end were vital as it provided a summary :D
4. Thor’s Question
a. I had done all Mid/Easy questions (avg. around 85%) and Hard questions (avg. 60%).
b. Mid/easy questions were objective and easy. Hard questions were really hard
and few of them were not in OSG which is why I struggled but a good source to
gauge your weak domains.
5. Adam Gordon’s free Twitter questions
a. I took almost 250 question by manually searching his twitter feed (I wrote a small
automation to copy and paste as I was bored but it was not efficient)
b. Good collection of questions ranging from easy/mid.
6. Pocket Prep questions on mobile
a. Easily accessible and questions were easy/mid. Helped me in remembering
topics but not understanding the concepts.
7. Wentz Wu
a. I was introduced to Wentz Wu a bit late in my journey and had a chance to look
at only 50 questions from his QOTD. Hard questions for sure but good
explanations.
Resources at a glance:
1. Learning:
a. FRSecure free CISSP Mentor program
b. Luke’s SNT
c. Thor Pederson
d. Destination Certification
e. Prasant Mohan Mind maps
2. Tests:
b. Luke’s SNT
d. Thor’s Pederson Easy/Mid/Hard. I didn’t do the Domain wise questions
e. Adam Gordon’s free Twitter questions
f. Pocket Prep on Mobile
g. Wentz Wu
My thoughts on the exam:
The questions were not technical but it won’t be similar with any test engines out there. It will
test the concepts. I had a few questions where even after applying all the concepts (think like a manger, Cost efficiency, Accreditation, etc.) it was difficult to narrow down and I went with my guts. Trust your preparation and just go for it.
Do’s & Don’ts
1. There are no shortcuts to this exam (there are always exceptions!!). The resource to
cover is vast but a routine will help you overcome this. Make sure to read everyday even
for a few minutes/hours. Keep the momentum.
2. Keep your inner peace and don’t let it consume you in the end. I had many burnouts and
felt like I can’t do this anymore. I switched to something fun and let my mind relax. After
that, I resumed my studying or instead I practiced questions.
3. Trust your preparation. If you think you have given it all, believe in yourself. Don’t get
swayed away by how others prepare and take those as just a reference and tailor it
according to your style.
4. Change the perspective while answering questions. I won’t expand on this much as
there are way too many tips on this.
All the best!!