It’s been about 3 years since the Facebook group “CISSP Exam Preparation” has been going, and going strong.
There is a common question I’ve noticed all too often among some new members:
“I am new to studying for the CISSP. Can anyone please advise where to start and what books and materials to use?”
For those members who are already 3 months deep into their studies, this question may seem novice and effortless.
But I can understand why this question is being asked…it’s a BIG exam!
For those new to CISSP, you hear names like Shon Harris, Sybex, 4th Edition, 5th Edition, 6th Edition, Cybrary, or some site named CCCure.
It’s a lot of sources to study, and sometimes we all just need some direction for someone who has been there.
Below I will try my best to sum up exactly where to begin studying for the CISSP and what materials to use in 3 phases.
Know what you’re getting into. If you’re good at taking exams, dedicating yourself to a project, and have had extensive information security experience, you can most likely pass the CISSP in 3 months.
If you want to guage where you’re at with each of the CISSP domains, go through and take each of these quizzes: McGraw Hill CISSP Questions
Don’t worry if you do terribly at these questions the first time around without any studying, these are difficult questions! I took these questions 4 weeks before the exam to see how I score. I got above 80% on most of them, and I truly believe it helped me gain more confidence before taking the actual exam.
Your goal with these questions is to answer to yourself if you’re ready. Are the questions somewhat, kind of, or pretty easy? Or are they so out of your league that you don’t feel like you have any business answering these questions?
If you feel like you’ve never seen any of the terms in the quizzes, and had to guess at every answer, you’re going to need to study a lot more than 3 months.
If you did decent in the quizzes, say scoring a 68% or higher, you might not need to study that much, but you still do have a long way to go.
If you score above 85% on each of the quizzes, you can probably pass the CISSP in 3 months with some laser focused studying.
Okay, now you’ve made the choice whether to continue studying or just abandoning the notion of the CISSP altogether.
Now you should do two things.
Join the Facebook study group: CISSP Exam Preparation – Study Notes and Theory
The group is great, if I do say so myself. I’ve been the administrator for 3 years now and it’s grown from 20 members to currently almost 8,000! There have been multiple members who have come back to thank the group as being an essential tool in their studies.
Some members came back and shared some of their experience, and I thought it’d be a neat idea to post them in a central place for everyone to read, you can check them out here:
The group has a great dynamic. Prospective CISSP students and current CISSP holders all provide input. Some post questions from different sources and spurn conversation around them. With different opinions about a question from so many different people, it really helps to get some different perspectives.
I think what helps the most is that it is a community of like minded individuals. A safe place to go and talk about what your friends and family might not understand. A place where everyone has the same goal, to pass the CISSP!
What I appreciate most about the group is the polite and courteous attitude, a place where everyone treats everyone else with respect. A rare find on Internet groups sometimes.
Decide On a Book
Your first CISSP book should be the size of a dictionary. At the beginning of your studies there is no need to get books like the 11th Hour CISSP Study Guide by Eric Conrad, or other “quick” CISSP books. Your first book should be heavy in weight, and take up a presence in your household.
Some of these books include:
CISSP All-in-one Study Guide by Shon Harris (the 7th edition just came out)
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide by Sybex
The Official CISSP Guide to the CBK Fourth Edition released by the ISC2 isn’t that great. The book already expects you to know terms and concepts beforehand, which is why I suggest the above two books to begin your studies.
Now you’ve joined the group and bought a book, and hopefully your studies have begun.
Your study guides should have a load of practice exam questions, and if you joined the Facebook group then you’re going to be treated with practice questions everyday.
You should by now start to have a good feel of what domains are your strongest, and what you need to work on.
In Phase 3 you start to focus on your weak domains. You start to realize that this exam is going to happen, and you are going to pass it through hard work and dedication.
A couple of weeks before the exam, go BACK to those McGraw Hill CISSP practice questions and take them again. See how you do. I bet you’ll be a lot more confident about your answers, and score a higher number than when you took it in Phase 1.
Try to figure out not only why you got the answers correct, but why the other choices were incorrect. When you’re confident of your grasp of concepts, schedule the exam and pass it.
If you need some additional sources, check out: