My journey begins a year and a half prior to the day I passed the CISSP. Being in the IT field as a IT Infrastructure Engineer, security was always inherent in my role. I’ve always been a big advocate and proponent of certification so naturally I wanted to take it to the next step and achieve the next career milestone. Becoming a CISSP was on my radar!
My initial plan was quickly derailed when I realized just how intense the CISSP material is. I thought I would just read the Sybex Official Study Guide once and be good to go. Boy was I wrong!
I found out quickly that multiple resources would be needed to get the full grasp of all 8 domains in the common body of knowledge.
So here we go, here’s the resource list:
Text:
Sybex Official Study Guide, 8th edition (Read twice cover to cover).
Shon Harris AIO CISSP (Read Once).
11th hour (Twice cover to cover).
Luke Ahmed’s How to think like a manager for the CISSP (Read twice cover to cover).
Essential CISSP, 2nd edition audio book by Phil Martin (Listened twice while at the gym)
The memory palace notes (Read once)
Sunflower (skimmed and quick review)
Online Videos:
Various youtube videos including MFprod CISSP videos.
Practice Questions:
All Sybex official practice questions in the chapters and official practice test book.
Also used Pocket Prep CISSP premium.
Boson practice exams.
Shon Harris practice questions.
Luke Ahmed’s practice questions. (These were my favorite and most helpful)
And as many other free online practice questions I could find.
(It’s safe to say I did north of 5000 practice questions)
Did I face curveballs? Absolutely! Motivation and maintaining momentum to study every single day was hard at first. The Sybex book can be very dry and slow to read, but I felt like it all just started to “click” for me about half way in. After exposing myself to multiple sources, all the concepts started to come together even more. Not to mention, 2020 we all faced the Covid pandemic. I had to maintain my daily duties for my job, manage entertaining a 4 year old while daycare was closed, and to top it off, I had a newborn in the house during the final two months of my studies. Team newborn no sleep while preparing for this difficult exam was extremely challenging.
Much like many others before me, I had to sacrifice a lot to achieve this. I had to spend countless hours reading. I had to spend hours away from family, reading. I had to spend weekdays and weeknights, reading. When I had a break I spent it, reading. If I wasn’t reading I was doing practice tests… well… that counts as reading. Picking up my drift? Reading and not skipping one word in all of the study material is absolutely essential (at least in my humble opinion). There's no short cut around it. No amount of videos helped me understand the concepts like reading did, and I personally do no even like reading. Videos helped me solidify the concepts but only after the due diligence of spending time reading.
Even after all the time spent studying and practicing, when exam day came, I still never felt fully ready, neither will you. You will be nervous, you’ll fell anxious. One piece of advice that got me through those feelings was to “trust that you’ve studied enough.” You put in the time, you fully understand the concepts, you will pass. The exam is every bit as difficult as its reputation says it is. Don’t let it intimidate you, be prepared, think like a manager, fix the process not the problem.
Quick tips from me:
DON’T MEMORIZE - Learn the concepts, understand them, then go deeper and learn more about the concepts.
Ask WHY?
Pick a date, book your exam. Having the date set pushed me to study harder.
Have conversations, find a mentor, talk ‘security' to your co-workers, friends, family, pets, who ever will listen. Having the conversations helps make the concepts more concrete, if you can speak it, you can pass this test.
Stay out of the weeds, but understand the weeds.
Security transcends technology, never forget that.
Add me on LinkedIn and lets connect:
https://www.linkedin.com/in/corey-ross-it/