Hi Everyone,

I’m Sartsatat from Bangkok, Thailand but I usually go by the nickname Tun. I just recently provisionally passed the CISSP exam on the 125th question on the first attempt. The whole journey was very epic for me, and it was one of the hardest fights in my life so I think it is only fair to share my experience in the hope that this journal will be helpful for future CISSP challengers who fight to become a better cybersecurity professional.

It goes without saying that this whole series will base solely on my personal experience and perception and nothing more. Your mileage may vary and everything I suggested should be taken with a grain of salt.

First off, if there is going to be one word that I derive from my CISSP experiences, it’s “self- indoctrination.” That is, you need to work hard, you need to have discipline in scheduling our study, and above all you need to come up with your own game plan of what study approach best suits you. There is no shortcut, yet it’s reasonably achievable. Fortunately, there are several resources by many brilliant instructors with the goal to advance the cybersecurity profession by developing more CISSP. Also, the most important thing to point out is that using a variety of resources definitely reinforces you to have a better chance of passing the exam. Even better, use more than one material for each medium. I heard about this, and I tried this during my prep, it was one of the best advice I have ever had. For the most part, I’ll cover the materials I used during my prep which covers different mediums: books, practice tests, video courses, audiobooks, mobile apps, boot camp, and essential last-minute videos. I will then close out with non-study-related tips and final takeaways.

Books

1. (ISC)2 CISSP Official Study Guide (OSG) by Mike Chapple, James Michael Stewart, and Darril Gibson (1,248 pages) – I read it cover-to-cover and highlighted everything I didn’t already know, which is pretty much a lot I used up half a dozen of yellow highlighter. The book was split into 21 chapters which can be loosely grouped into the exam’s 8 domains. The practice questions at the end of each chapter are useful resources for your study -- highly recommended. After going through every page of the book, I revisited the highlighted text time and again to reinforce the knowledge that I lack. Technically speaking the whole book can be wordy and thick it discourages someone from reading it, but in hindsight, it is a necessary evil and I recommend you read it through at least once.

2. CISSP for Dummies by Lawrence C. Miller, Peter H. Gregory (608 pages) – This less serious yet full of necessary detail is best used as reading in your “free time” from the study. I personally used it as a reinforcement of the domain in which I feel least confident (looking at you, Communication and Network Security). If you have time you can go through it all and find that it is a perfect complement to the OSG. The book also comes with an online test bank and online flashcard which can be used on the go. Although the explanations of the answer, both correct and incorrect, could be improved.

3. How to Think Like a Manager for the CISSP Exam by Luke Ahmed (66 pages) – An absolute must- read, a complete game-changer that will equip you with the so-called “manager mindset” which is very essential for the exam. Luke tackles how to prepare for the CISSP exam in a non-traditional way, introducing you to the practice questions that will challenge you with cross-domain knowledge and how “read between the lines.” He will teach you how to deconstruct questions, how to effectively eliminate the wrong choices, and how to finally pick one of the better ones among the seemingly all correct choices.

Practice Tests

The community consensus suggested somewhere between 3,000-5,000 practice questions to go through before taking on the real exam. I agree, as I took around 4,100 questions and think it is just right.

However, just like every famous instructor said, it’s not how many questions you did, it’s about how you learn from them that matters. You should be able to outline the reasoning that leads you to the right answer – or in the case you got it wrong – why the choice you chose is wrong. Explanation of every choice is important, even for the incorrect one that you didn’t pick. So, I’d say go for the practice test that can give you the valuable explanation you need to make the most out of the practice test.

1. (ISC)2 CISSP Official Practice Tests by Mike Chapple and David Seidl – This is an official

companion to the Official Study Guide with more than thousands of practice questions (1,300 to be exact, 100 questions for each domain and four full practice tests with 125 questions each). The way the phrase the question is very similar to the practice test at the end of each chapter in OSG. The questions are mostly moderate difficulty with minor hard questions. The explanation is very concise and usually didn’t neglect any choices.

2. Boson Practice Exam (700 items) – The best one out there in the market if you ask me. They offer 700 questions with top-notch explanations, so good it is sometimes more comprehensive than reading the actual book. They also offer a no-pass no-pay guarantee (at the time I took my test, June 2023, check before you proceed). The downside is that it can be pricey and some of the questions, according to the community, are too technical-focused. Again, your mileage may vary, but for me, this one is worth every penny, and I’d consider it again in pursuing another certification in the future.

3. ThorTeaches on Udemy – Thor offers both easy/mid-level difficulty and hard difficulty which can be very challenging. If you run short of time or feel somewhat confident, you can skip the easy/mid-difficulty and go straight for the hard one. Just bear in mind that you can score somewhere between 50% to 65% and it’s still fine, don’t panic (I and several people I talked to during my prep faced the same situation). Instead, learn from the wrong choice you made and how to remediate it in the future.

4. Study Notes and Theory (SNT) by Luke Ahmed – This one can be found in the paid section of Luke’s Study Notes and Theory website, to which I can say it’s worth every penny of mine. Bear in mind though, the questions are very challenging and very tricky. Most of it can be heavily long with many scenarios, characters, and situations. Therefore, it can take much more time than you think when compared to other practice tests you have encountered, so allot time accordingly. The best thing about this one is how it integrates the manager mindset into the question, and how Luke explains every choice, whether correct or incorrect, very thoroughly. Highly recommend.

5. IT & Security Pocket Prep – This one is a mobile app. I will talk about it in detail below.

Video Courses

1. Mike Chapple’s CISSP Cert Prep on LinkedIn Learning (24 hrs) – This is the main video course on which I built my understanding and underpin my study. Mike covers all the important concepts in detail. As a non-native speaker, the first time I watch each of his videos I need to play it at 0.75 speed to catch up with all the topics he covered. It is comprehensive, all-rounded and very well worth your time.

2. Kelly Handerhan’s CISSP Prep Course on Cybrary (27 hrs) – The free access version was enough for me, but if you want to gain access to the paid material, e.g., practice labs, and practice test, one-month subscription before the exam day might worth your money. How they explain the correct and incorrect answers can be too short and not as well-organized as other sources. Still, how Kelly simplifies harder concepts for easy understanding is very well executed.

3. Destination Certification Mind Map Videos by Rob Witcher on YouTube – This famous free

videos series on YouTube will walk you through every important subtopic in each domain in the easy-to-digest Mind Map styles. Very efficient for the memory refresher and I recommend you watch it at least once in the last few weeks before the exam.

4. CISSP, CCSP, CISM Practice Question by Gwen Bettwy on YouTube – Gwen is an amazing

instructor who was armed with cool techniques to tackle the questions. I watched her video series during my “interval” on each day or when I want to take a break from the intense study.

Audio Books

During my commute and my interval during the day, I listened to audiobooks via Audible. There are three resources that I used:

1. CISSP All-in-One Exam Guide, Ninth Edition by Fernando Maymi and Shon Harris (51 hrs and 34 mins). I listened to this as the substitution of not having the full book of its counterpart (Somebody used it instead of OSG). The explanation is top notch with some topics even better than the OSG. If you have enough time, which I don’t, I recommend going through both at least once.

2. Eleventh Hour CISSP® Study Guide, Third Edition by Eric Conrad, Seth Misenar, Joshua Feldman (10 hrs and 4 mins). A very compact audiobook to revisit every important topic and concept in the last few weeks before the exam. Highly recommended. But do not use it as a substitution for the full-length resource.

3. Essential CISSP Exam Guide: Updated for the 2018 CISSP Body of Knowledge by Phil Martin (17 hrs). Another great author (I used his materials for passing both CISA and CISM too). This gives you an expanded version of the topic you should already be familiar with. If time allows, consider this as part of your audio learning.

Mobile Apps

The main purpose of the mobile app for me is to do questions of the day (multiple times, as there is more than one app) to keep the learning momentum going, even if you had a busy day ahead. And some of the app is even so good that it’s worth your money. Another purpose is that you can have study material on the go from your purchased hardcopy book, e.g., OSG or OPT. The following is the one that I want to point out.

1. IT & Security Pocket Prep. – The UI and the questions are good with moderate difficulty.

Answers and explanations are clear and were done in a consistent manner with reference to

exam objectives. There is a certain logic in how they conclude the correct answer which resonates the most with my reasoning. If there’s only one mobile app that I want to spend my

money on the subscription, it is this one. The free version offers 60 questions, and the paid version offers you 1,000 questions.

2. CISSP (ISC)2 Official App (LearnZapp). – The runner-up in my opinion. This one contains similar (or sometimes the same) questions as the one in OSG and OPT. There is also a paid version of this app but I never find out whether it will feature the same questions as OSG and OPT. The questions and explanations are good with easy to moderate difficulty.

3. Destination Certification CISSP questions and flashcards. – The free app from the renowned Destination Certification MasterClass and Mind Maps Videos. Their iconic graphic of the candidates trying to climb the mountain exactly convey the meaning of the CISSP study preparation.

Boot Camp

I’ve never been a big believer in the boot camp. Fortunately, my employer was generous enough to send its employees to the preparation for the exam. As you might expect, five days of rush, intensive cramming of the entire CISSP CBK is something that is challenging, to say the least. I would argue that most of the contributing factors to your passing will go towards the long hour of self-study and grinding the practice questions. However, boot camp has its own advantages if you wish to consider them one of your options.

1. It offers additional study material, e.g., an official PowerPoint presentation of each domain or student guide and case study which is not available elsewhere.

2. You will get to meet like-minded people. Think of it as the networking event of the CISSP pursuer and enthusiasts. From there, you can continue the connection as a study buddy, study group, or even mental support group.

3. You can get a sort of “peer review” on some concepts of which you are unsure, e.g., PKI or how Kerberos authentication work. Go through it with your classmate or the instructor and see where you got it right and where you got it wrong.

Last Minute Essential Videos

There are several highly regarded videos on YouTube that will give you the last edges you need for the exam, e.g., the one with Prabh’s coffee shots or Luke’s manager mindset. As a person who doesn’t have the luxury of time, however, I can only cover these two videos, which literally saved my life.

1. CISSP Exam Cram by Pete Zerger (8hrs) – This right-to-the-point, concise videos present a perfect way to summarize the entirety of CISSP exam objectives in under 8 hours. The material and presentation are very engaging. I recommend watching this one in the last two days before your exam.

2. Why You Will Pass the CISSP Exam by Kelly Handerhan (17 mins) – This one I recommend

rewatching on the morning of your exam (after you watched it several times before, of course). Kelly will summarize and remind you of what to keep in mind during the exam. Think endgame and imbue the CISSP mindset you need to pass the CISSP.

Ok, enough with study tips, now let’s take about passive preparation strategies and what to expect in the exam room.

Pray

I have to admit that I’m not a religious guy but when it comes to the CISSP exam, anything goes for me. During the final days prior to the exam, I rested my mind at the local Buddhist temple and pray for the holy entities to help me in any way, shape, or form they can. I promised to go back and thank them every week for a month if I passed, to which I duly kept my promise and was very grateful.

Eat and sleep well the night before and the morning of the exam.

I stop all my studies around 7 pm the night before the exam, which is way too late than I initially expected, but there were just last minutes reviews I need to digest one last time. If I can redo it, I would stop studying in the late afternoon instead. After that, I switched on the latest Final Fantasy XVI on PS5 to clear my mind and give it the comfort zone it deserves. I went to bed at 10 pm I woke up and 5.30 am and had breakfast more than I usually have: eggs, veggies, rice, orange juice, and chicken, just a little bit of everything. I arrived at the exam centre quite early, so I opened the custom set of 10 questions in IT & Security Pocket Prep as the final preparation to set myself in game mode and ready to tackle anything the exam throws at me.

In the exam room

1. Calm your mind, read the question carefully. Focus on the word MOST, PRIMARILY, FIRST, or LEAST and try to eliminate possible incorrect answers. Do not lose track of time.

2. Take a break halfway through or at some points that you feel you need it. For me, I took a break at the 70th question to refocus my mind, go to the restroom, and stay hydrated. I lost probably 3 minutes of exam time but it’s worth the cost.

3. You may need to prepare for the worst, so you should allow ample time for question 126 and beyond. For me, I reached question 125 at approximately 180 minutes, preparing to go all the way to 175. As luck would have it, I was stopped at the 125th question with satisfactory results.

Here is my last thought with 3 key takeaways:

1. This exam is by no means a pure memorization exam. The most important thing is that you need to understand the concepts and what are the main ideas that they embody. If you understand them well enough, the multiple choices will do the rest of the memorization for you. You will see three choices that resonate with what you read in the book, just phrased differently, and one choice that is not exactly right or downright odd one out.

2. Please review the exam objectives available on (ISC)2 website. Know them by heart, and keep them close to you, even closer than the actual book. You should be able to talk about each of the exam’s objectives for a few minutes: what is it about, why does it matter, and what can go wrong with them (i.e., what are the risks and how to address them). Moreover, you should use this exam objective to identify knowledge gaps you may have and try to narrow those gaps before the exam day.

3. CISSP is the kind of test that you don’t get to face on your own terms. Something will always feel off, you may think you are not ready, or you could have prepared more. It goes like that. All you can do is trust your process, be confident, and smile at the monitor before you begin.

Thank everyone for reading this far and I wish you all the best in your study and exam results.

Please find me on the following channels:

Instagram: @tun_sj

LinkedIn: Sartsatat Junda

Facebook: Sartsatat Junda