GUIDELINES FOR CRACKING CISSP!
The secret is to just start…
Your own pattern and chart...
Baby steps always yet big achievements,
Yeh, the journey is purely an enjoyment!
MY CISSP JOURNEY IN SHORT:
FEW WORDS ABOUT ME:
My journey of Cybersecurity started in 2017 when I just had my first job as a Risk Analyst, and I used to always wonder how certifications are important in your self-learning apart from regular BAU. My manager and team lead always used to encourage about learning and cracking certifications. After that while pursuing my Masters in Cybersecurity I cracked Sec+ in Dec 2018 and that gave me a confidence for studying CISSP. From there my CISSP Journey started I gave my first attempt in March 2019 while doing my final semester of Masters with 2 years of IT industry experience. However even after studying for around 2.5 months I was not able to get through it and was nearly proficient in 4 domains while rest as below proficiency level. From there I got to know my weak domains and surely got convinced why industry experience matters a lot for CISSP to really think like manager.
For whole 2020 I used to study on and off with my teammates. Question answer discussions, experiences about passing CISSP from colleagues and watching videos on new topics helped me to be on track. Finally in 2021 I decided to again give a shot, so I registered for CISSP bootcamp which started on 21st March and prior to that I had booked my exam for 26 th April. So, I planned and started studying seriously.
BELOW IS MY 6 WEEKS PLAN:
While attending bootcamp from Infosec Institute I started with reading (ISC)2 CISSP Sybex official Study guide (8 th Edition). I used to highlight the important points to remember and after each chapter I tried to get at least 80% or else I used to go through it again. Next, I covered All In One by Shon Harris, this book helped me a lot to understand the key concepts in very simple terms and here also I tried to get at least 75-80% in each domain. While reading I used to watch videos by Kelly Handerhan, Saree Greene and referred 11 th hour by Eric Conrad and Memory palace by Prashant Mohan. While reading these materials I made my own notes not more than 5 pages on each domain. This whole took around 3 weeks just to finish reading and watching videos.
Last 3 weeks I was fully focused on solving as much practice questions as I can! I started focusing on each domain from official practice test by ISC2 Sybex, Thor Teaches, Infosec Institute portal, IT dojo and tried to score minimum 75-80% in each platform.
Last 2 weeks I started with SNT practice questions and flashcards through in practice test I used to just score 55-65% but I used to read each, and every explanation given by Luke which helped me understand the thinking! I watched SNT videos mostly for the topics where I was constantly getting wrong answers or used to get confused. Simultaneously I watched Prabh Nair’s videos to get more understanding and clarity on new topics.
Last week I just gave Boson test each day one exam, Wiley’s practice test and SNT minimum 3 practice tests daily. I used to make sure to read each explanation for both wrong and correct answers. Again, while practicing questions I used to make notes. Last 2days:
My exam was on Monday, so Saturday and Sunday I was just revising my notes, 11 th Hour, Memory palace and exam essentials after each chapter from ISC2 guide. In this whole journey I used to dedicate minimum 6 hours on weekdays and 8-10 hours on weekends.
EXAM DAY:
I had a nice sleep of 8hours, morning I just looked at Sunflower pdf and continually watched Kelly Handerhan’s “Why you will pass CISSP?” at least 4 times! That video will really motivate you and keep your mind on a right track with proper perspective.
DURING THE EXAM:
I gave more time on first 50-60 questions sometimes more than 2 minutes on a tricky one and till that I had already spend 80 min. Next 100 questions I covered in remaining time. Total 150 questions in 179 minutes! Hush!
ANSWER STRATEGY:
Read every question twice
Identify Keyword, Confidentiality Integrity, and Availability (CIA) properties
Try to guess the answer without looking into the options and for few questions I used reverse strategy – looking into options, get the common platform and get the odd one then reading the question.
Do not fix problems. Rather solve the problem.
Technology changes for fixing an issue. Security governance approaches, risk management,
risk analysis, threat modeling, risk mitigation, BCP/DRP, Secure SDLC solves the problem for long run.
Eliminate some of the options from the choices. If you can eliminate two options, then you have 50% chance to select the correct answers. It becomes a True/False question.
Eliminate at least two options based on the followings:
Too technical
Too narrow
Out of scope
Involves assumptions about the situation.
Do not focus on technology.
Human Safety first – It is also the highest priority as per ISC2 Code of ethics
Cost effectiveness (example - cloud over physical appliance)
Pros and Cons for each option.
If you guess the option at first strike still eliminate other options with proper reasons.
REFERENCE MATERIAL:
Books:
(ISC)2 CISSP Official Study Guide by Sybex (8th Edition)
CISSP All-in-One by Shon Harris
Eleventh Hour CISSP®: Study Guide by Eric Conrad
Videos:
SNT Videos: https://www.studynotesandtheory.com
Prabh Nair: https://prabhnair.in/
Mind map series from Destination Certification:
https://www.youtube.com/channel/UCXk6whiDrWq42y9Tdv1MEhg
Sari Greene videos http://sarigreenegroup.com/cissp-exam-prep/
Kelly Handerhan video lectures. The videos are available on Cybrary for free.
https://www.cybrary.it/instructor/kelly-handerhan
Professor Messer CompTIA Sec+, Network+ for few basic topics
Infosec portal videos: https://www.infosecinstitute.com/
Random YouTube videos for basic understanding of topics
Notes:
Prashant Mohan’s Memory Palace
Sunflower CISSP
Groups for discussion:
SNT CISSP Exam Prep Group on Facebook:
Slack group by Infosec institutes training candidates
Discussion with friends, colleagues and CISSP aspirants.
Important Videos:
Luke Ahmed’s how to think like a manager:
Kelly Handerhan – Why you will pass the CISSP (On exam day): https://www.youtube.com/watch?v=-99b1YUFx0A&t=907s
Practice Test:
(ISC)2 CISSP Official Study Guide by Sybex – Each chapter questions - 420
Wiley Sybex Efficient Learning - Practice questions – 1300
Thor Teaches CISSP Practice questions – 960
Infosec Portal practice question – 1500
IT Dojo CISSP questions – 208
CISSP All-in-One by Shon Harris - Each chapter questions + Comprehensive test – 379
Boson Practice test - 750
SNT Questions – 750
SNT Flashcards – 1350
Total: 250+ hours of study, 3500 pages reading and 6267 practice questions!
TIP FOR MEMORIZATION:
Do not memorize any topic rather understand and try to make charts for your own reference.
I used to make a chart and stick it on wall in front of my desktop thus used to just glance it once in a day and it will automatically get store in your memory! Make your own mnemonics like for OSI table, RMF, Port numbers, etc.
Be positive, enjoy the journey and All the Best!