Note: a list of resources and general tips are towards the end of this post if you prefer a TL:DR version.
I began studying for the CISSP certification back in September 2020, when I attended a 5-day bootcamp from QA training, organised by my employer and a partner organisation. Due to the ongoing COVID-19 pandemic this was a virtual session. Overall, the format of this and the interaction throughout worked really well and this was a good introduction to each CISSP domain.
Sadly, due to some personal circumstances a short while after this bootcamp, I had to place the studying on hold until the New Year.
When picking this up again, I started by working my way through the (ISC)2 CISSP Official Study Guide: Eighth Edition, and over the next few months I read this cover-to-cover, taking notes, completing the review questions after each chapter and revisiting any weak areas.
The domains for the CISSP exam are refreshed every 3 years to ensure the content reflects the most pertinent issues that cybersecurity professionals currently face. The next refresh was due in May 2021.
My aim was to sit the exam before the domain refresh, but being honest with myself, I just didn't feel ready for this at the time. The refresh in content was slightly concerning, although the supplementary information relating to this provided some reassurance that it wasn't massively different overall.
Joining the Certification Station Discord server was a game-changer. This is an incredible, supportive community and has a lot of active discussions and practice questions posted in the #CISSP channel by members. They also have occasional study sessions from renowned professionals such as Adam Gordon and Wentz Wu, which are free to join. Playing an active role here inspired me continuously throughout my studying.
I took out a subscription to ITProTV to work through the Accelerated CISSP training delivered by Adam Gordon and Daniel Lowrie. At a total runtime of almost 40 hours, this covers each domain in detail and includes a PDF of notes for each video. The platform also provides access to a large bank of practice questions via Kaplan IT Training, which is excellent value overall.
Whilst working through this course I also purchased the eBook of the (ISC)2 CISSP Official Study Guide: Ninth Edition and again read this cover-to-cover, paying particular attention to some of the new material. The OSG includes online access (via Wiley Efficient Learning) to 100 practice questions per domain, which I found useful to reinforce my knowledge from each chapter/domain. Also included are four 125-question practice exams.
At this point, despite a couple of weak areas, I felt a lot more confident with the progress I had made and booked my exam for October.
In the month or so leading up to the exam I worked through all questions within the IT & Cybersecurity Pocket Prep app, then specifically reviewed those I had got incorrect ('missed questions'). I also purchased the Boson Ex-Sim Practice Exams whilst they were at a decent discount. Both of these resources were extremely useful and the Boson questions in particular provide some really detailed answers, albeit contain a lot more technical questions.
The Destination Certification MindMap videos which cover the key areas and concepts for each domain were another useful resource throughout the month prior to the exam.
In the week of the exam I read through the Eleventh-Hour CISSP Study Guide (3rd Edition), which was a nice, easy read that covers all the key concepts in small chunks. Sunflower CISSP and The Memory Palace by Prashant Mohan are also useful for a last minute review of each domain.
The night before the exam I made sure to get a good rest and tried not to think too much about the day ahead, which was easier said then done!
On the day of the exam I got up fairly early, relaxed for a bit and then took the train to the test centre. On the journey I watched the often recommended 'Why You Will Pass the CISSP' video by Kelly Handerhan. This definitely helped me get into the mindset for the exam. On arrival at the test centre, I went through the verification process, stuck my personal belongings in the locker and then it was pretty much straight into the exam room.
The exam uses a Computer Adapted Testing format and contains 100 to 150 multiple-choice and advanced innovative questions. Once you answer a question you can not return to it later. The maximum time allotted is 3 hours.
There's not much I can say about the exam itself without violating the NDA (which you are required to accept prior to starting your exam).
My general advice is to take the initial 25 questions slowly - read the questions at least twice, try to eliminate a couple of options and then select the best answer. As many who have sat this exam will attest, it is normal to feel like you are failing. If you are feeling overwhelmed, take a short break to focus your mind and then carry on.
After selecting 'next' on Question 100, I was notified that my test had ended and my result was available at reception. The walk to the printer was pretty nerve-wracking and I grabbed my belongings out of the locker whilst the receptionist printed the result. I didn't look at the printout until I got halfway down the road, but was relieved to find I had provisionally passed in 100 Q's.
It was straight off to the pub to celebrate and then home to relax!
At the time of writing, I am currently going through the ISC2 endorsement process to become a certified CISSP member. I will endeavour to update this post once this process is complete.
- Understanding the material provides greater value than trying to memorise it. Sure you can memorise the order of the OSI model, BCP/DRP or SDLC process for example, but understand these conceptually and the 'bigger picture'.
- The exam is often referred to as being 'a mile wide and inch-deep'. Don't stress trying to learn the specifics of every little thing, focus on the ideas behind them.
- Remember, this is a managerial exam, not a technical one. The questions might reference tech, but understand how this relates to the management of security.
- Practice questions are NOT comparable to the exam questions... at least not in my experience. Once again, understanding the material is key.
- Booking an exam date will motivate you to study harder, book it already!
- Try not to burn yourself out through studying or stress/panic during the exam. Take a break, focus your mind, then carry on... you got this!
- QA CISSP Training
- (ISC)2 CISSP Official Study Guide: Eighth Edition
- (ISC)2 CISSP Official Study Guide: Ninth Edition
- Eleventh Hour CISSP Study Guide (3rd Edition)
- ITProTV Accelerated CISSP Course (referral link)
- Certification Station Discord server
- Destination Certification MindMap videos
- Sunflower CISSP
- The Memory Palace
- IT & Cybersecurity Pocket Prep app
- Boson Ex-Sim Practice Exams
- 'Why You Will Pass the CISSP'
Best of luck for your exam and thanks for taking the time to read this post. I hope this has been a useful insight that can help with your journey towards CISSP certification.
If you have any questions or comments then feel free to drop me a message on Twitter.