Passing the CISSP
How I passed the CISSP exam
I apologize for the lapse in posts as of late. Work has me tasked with two positions and training a new hire to fill a vacancy. In addition, I have been studying for the CISSP exam. Hence, the recent posts of CISSP Study Sheets and lack of free time to post about other security events. I am glad to report that I have passed my first attempt at the CISSP exam with much less study time investment as many are touting required. Here are the CISSP study resources I used and how much I believe they helped me:
5% - Attended a CBK seminar - 1 week
15% - Question Drills from www.CCCure.org - 500 questions total
30% - CISSP All-in-One Exam Guide 
50% - Past Experience - NA
To be honest, my past experience in physical security, database administration, release engineering, application security, law enforcement, and computer forensics provided more answers than all of my studying combined. The trick was wrapping real work experiences with the terminology and framework of which ISC2 has determined security professionals should be consistent. I accomplished this simply by using the Shon Harris’ CISSP All-in-One Exam Guide’s
I’ll continue posting the CISSP Study Sheets as I create them. It’s an ongoing effort for the folks in my organization (and you) who have yet to pass or after numerous attempts. On a related note, you may want to research some test taking techniques once your studies are complete. I believe this to be the struggle with some of my colleagues.
December 23rd, 2008 at 6:26 pm
If you are serious about the CISSP, I feel you’d be wise to examine the CISSP for Dummies. You WILL NOT pass on this book alone, but it will lighten up the learning process. Shon’s book is great, but unless you have massive amounts of study-time, it’s almost impossible to read cover to cover and retain anything. I found myself reading the Dummies book, figuring out which parts I knew and which parts I needed to brush-up on, then reading Shon to fill in the gaps.
As far as CCCure goes, there were a few questions that were incorrect in their testbank. Just remember that in the end, the ISC2 answer will win out on the exam 100% of the time verses your opinion and experience. Be humble, or be humbled.
December 24th, 2008 at 11:04 am
Hi Eric
I have heard good and bad things about the Dummies book, but certainly the more varied perspectives you have on the domains the clearer things will be when taking the exam.
Regarding Shon’s book, I agree. I tended to focus on the quick tips sections, the practice tests, and then getting into detail throughout specific topics that were more unfamiliar to me. A coworker of mine read that thing cover to cover and failed the exam. You need to hit hard the important points and leave out all the fluff. The All-in-One CISSP exam guide does a great job structuring the book for easy pinpointing of the significant information and allowing for an enjoyable read through if just beginning a security career.