Hello Friends!! As promised today evening, I am penning down my CISSP Journey! This document is divided into 2 parts:
Part 1 My journey of becoming a CISSP and details of resources, strategy, methods for the preparation. (The journey was full of trial and errors but very satisfying) Part 2 How to overcome your fear and pass CISSP/any other exam. (Mostly these are the lessons I learned during this period which I want to share with those, who are starting their CISSP journey) Part 1 is straight forward and talks about the preparation strategy, methods and resources. (Still 4 page long) Part 2 is going to be longer and inclined towards the non-technical aspects of clearing any exam and aims to MOTIVATE you to achieve your GAOLS within DEADLINE!! PART 1: I am Mohammad Rustam an IT Engineer by profession, with total 9 years work experience in IT, including 8 years in Network and Information Security. I am from Delhi, India and currently based in Singapore.
It took me 10 months (with 3 breaks of total 4 months) to clear my CISSP. (Total 6 months of preparation)
I started my CISSP journey in April 2016 on a very casual note, searched and liked FB CISSP page of Luke, got SHON 6th Edition and started flipping through it and answering on FB CISSP page A, B, C, D …. The small initial and MOST IMPORTANT steps. Went through the old reviews of candidates.
Lesson learned: There can be many reasons to success but reasons for failure are mostly same and few!! Avoid them!
Learn from other’s mistakes, FOCUS on basics and clear your CONCEPTS!
Before sharing the resources would like to advise you all, Please DO NOT ASK for free PDFs or other resources it is UNETHICAL!!
There are many good resources which are freely available on internet and few are Paid and copyright works of others!
Respect their hard work and purchase some good books, believe me, it will be your best investment (Investment in your EDUCATION/Future).
RESOURCES Membership: I have Singapore Library (NLB) membership, so I could refer multiple books and purchased 4 books in total.
Books Main Book : Sybex official guide 7th Edition (Read end to end Twice) Reference Book : Shon Harris AIO 7th Edition ( Referred for clearing doubts on topics which I couldn’t grasp from SYBEX)
Eric Conrad 3rd edition : Read 2 domains ( Asset Security and Security Assessment and Testing)
TESTS/ Practice books SYBEX Official Practice book ( This one is closest to the real exam, a must have)
SHON CISSP Practice Exam 4th Edition ( Gives explanations to all 4 options, very helpful)
Exam Cram 4th Edition
McGraw Hill Free online practise tests (SHON Harris, very good material, link below)
https://www.mhprofessionalresources.com//sites/CISSPExams/exam.php?id=Telecommunications
SHON’s Total Tester
VIDEOS CYBRARY’s Kelly Handerhan CISSP course
David R Miller CISSP ( O’Reilly, referred for few topics, 10 days free trial, then subscription needed)
Youtube ( Skillset, Professor Messer and other videos) free
SUNFLOWER NOTES : These are 25 page excellent notes based on the older 10 Domains, but still valid.
Idea is to add to these notes so that, at final stages of preparation one will have FINAL notes to refer rather than going through whole book.
Strategy: Study>Test>Revise ( Memory cementing effect, make mistakes and learn from them for long term Memory retention)
Study Each Domain ( Books & Videos) Identify weak areasTest Revise /Review Wrong answers/Weak topicsAdd your notes to SUNFLOWER notes.
P.S: Notes should be taken during studying and testing as well, you will find many important points while tests too, note them.
"When people are practicing memory retrieval while they're learning, they're practicing the same skill they'll need to recall the information on a later test." --M. Price
Reference: American Psycological Association (link below) http://www.apa.org/monitor/2008/06/testing.aspx
STEP 1: Read Sybex chapter word by word and watch Kelly’s video, identify and mark weak topics/ take note.
STEP 2: Test – Sybex Chapter questions, McGraw Hill online questions, SHON AIO and Practise questions, SYBEX Official Domain 100 questions.
STEP 3: Review your wrong questions and revise those concepts and note down weak areas and add to SUNFLOWER notes.
Once all 8 Domains are done and tested, its time to take Full Length Tests (FLTs) I took total of 7 FLT with an average of 70+% score in real Exam Simulation mode.
Note: Each test should be followed by review of wrong questions and re reading weak areas before taking next FLT.
I booked my exam on 4th January 2017 for 8th Feb: The last 34 days were full of revisions , tests, Kelly’s videos, Youtube.
6th-7th Feb were very relaxing and focused on the FINAL SUNFLOWER notes and few videos.
I would NOT suggest to read till last day,I could not stop myself from watching/revising till last hour , which now I think was not necessary
Exam Day : I was calm but unsure as well.
I took 5 hours 27 minutes in total with 2 breaks of 7 and 10 minutes to complete my exam.
In 1st hour I attempted 80 questions which gave me huge boost that I can do it, after that there was no looking back…took 1st break of 7 min after 90 minutes in exam.
Completed 250 questions in 4 hours and took my 2nd and final break of 10 minutes after it.
Last 2 hours were for review of flagged questions (approx 50 questions), I changed answers of 12-13 questions after carefull review and submitted the exam 33 minutes before end time.
BEWARE : PART 2 is even longer : Stay with me …. It will help you…
I am writing this section specially for those who are in the very initial phase of their journey, many are planning, few stopped in between and planning to restart the journey and others are just in dormant stage.
I saw below post from LUKE on FB CISSP page when we crossed 10000+ members milestone, BUT I started thinking why only 50 CISSPs in group of 10000 ( 16000+ now) ?
The answer was simple, only few handful persons set their GOAL and work towards it, rather than DREAM to becoming CISSP one day! They all have dreams that’s why they are on this wonderful group but some how not active! Its not our fault, we are coded to be a dreamer.
DREAMS Vs GOALS!
Don’t just dream to be CISSP , SET your GOAL and start!!
Set a deadline and work to achieve it, don’t be harsh to yourself or your dear ones, be little FLEXIBLE but DON’T PROCRASTINATE too much, it is deadly, else your dream will remain your Distant Dream for ever.
ALWAYS remember, your GRIT is your driving force to your GOALs!!
Watch this 6 minutes video based on research on GRIT its very inspiring !!! https://www.youtube.com/watch?v=H14bBuluwB8
I was a BIGGG time PROCRASTINATOR , before I started preparing for CISSP.
So what’s the solution: As always, solution to BIG problems are always simple
TAKE FIRST STEP !!
Yes that's it !! and take it daily ( Remember 50 first dates ?)
Follow below steps: Sit for 15-20 minutes daily at a time which is your MOST Productive Time ( mine is early morning) and read a topic!
This is a famous Japanese concept of KAIZAN (A good read below)
https://brightside.me/article/a-japanese-technique-for-overcoming-laziness-11255/
NEXT day sit at same time for 15-20 minutes and continue…..do it daily (take small bites and digest)
Don’t regret if you miss a day or 2 but the GAP should be minimum. Follow this to put yourself to a routine and gradually increase your study time, you can also increase sessions ….like morning and evening.
I started with 20-30 minutes initially and during final days I was like 24*7 Need some more….to get inspired and kicking ?? read on … Below is my Fav 3 minute video of Karoly !! Whenever I felt low I watched it and Luke Ahmed’s and Lisa’s Framed CISSP Certificate they kept me goiiiiiing !!
https://www.youtube.com/watch?v=jDTI629A_9k
Last advice CISSP is the COMMON LANGUAGE which security folks speak throughout the world!
And the easiest method to learn any language easily, is to surround yourself with it.
Like few CISSP, Security groups on Social network, read books , discuss, observe others.
GOAL is sweet but the journey is sweeter enjoy it to the fullest !!
P.S: All topics are equally important and focus on security issues and mitigation of any tech , eg Phone, VOIP, IoT, CLOUD, PBX, FAX , Bluetooth… list goes on, GOOD LUCK!
I am out now thanks for reading till the end !!