Introduction

The CISSP exam is considered one of the most valuable 'vendor-neutral' certificates to carry if you plan to broaden your skills and knowledge of the cybersecurity landscape. I would recommend anyone to at least read the CISSP CBK, even if they do not plan to take the exam, as it is quite an eye-opener on the vast ocean of what we call 'information technology'.

Passing the CISSP exam was one of my greatest achievements in my cybersecurity career. Reaching the 125th question and having the monitor flash in front of me with a passing message was an unforgettable experience. After passing the exam, your journey does not stop there. On the contrary, you now have the responsibility of maintaining it which makes the CISSP certification unique.

How the CISSP Exam Works

Mike Chappel does an excellent job of explaining the exam process and also explains how to meet the requirements.

Here is a quick breakdown of what happens during the CISSP Exam: (Source)

• The first thing you do is complete an NDA, which is why I’m not being specific in this article and won’t divulge any exam material.
• It is a computerized adaptive test with between 100 and 150 questions which you complete on a computer.
• You will not be able to go back to a previous question and change your answer. When you click next, that answer is locked in.
• Questions will be multiple choice with four answers and interactive questions.
• You will get a wipe-clean board to write notes.
• One surprise is you don’t get a score, most sites refer to 70% but you actually just get a pass/fail.

The Objective of this Post

Preparing for the CISSP exam was one of the greatest challenges. Knowing how dense the exam was as it is constantly described as a "mile-wide and inch-deep" adventure, a proper study plan had to be set.

I am referencing below how one of the books I used described it:

If you ask 10 CISSP exam takers how they prepared for the test, I am almost sure you will have 10 different answers as each individual is tailored to absorb the material in a different way. Some prefer reading, while others go down the instructor-led and video road. From my experience, it is best to rely on both sources as each delivers the content in a unique approach.

After passing the CISSP exam, I was asked by many colleagues how I prepared for it. So the purpose of this blog is to describe the method and resources I used. I hope it helps answer many of your questions. If you have any inquiries, feel free to email me and I'll get back to you.

Resources Used

N.B.: The resources are not listed in any particular order of importance.

Books

Official (ISC)² CISSP Study Guide

• Amazon
• Wiley

I am a huge fan of Sybex books as I have used them for exam preparations since my early career days. (namely Cisco CCNA and CCNP)

How I used it: I read this book cover-to-cover and completed every quiz/assessment/review question/exam. The book has an assessment at the very start which is a great way of measuring where you stand.

Official (ISC)² CISSP Practice Tests

• Amazon

Another essential resource to help you practice and understand the nature of CISSP questions.

The book provides over 1300 unique practice questions. The first part of the book provides 100 questions per domain. At the end of the book, you get access to four unique 125-question practice exams.

How I used it: after reading the "Official (ISC)² CISSP Study Guide" and completing a few video courses, I started solving questions related to each domain. I kept the 4 exams until the end of my learning and solved them a few weeks before taking the exam. Make sure you time yourself while taking these exams.

CISSP All-in-One Exam Guide, Ninth Edition

• Amazon

This is easily one of the best books I read during my preparation. Plus I am a big of Shon Harris who is one of the authors.

The book also contains over 1400 questions which serve as additional practice.

How I used it: another book that I read cover-to-cover. It is rich in detail and provided much-needed information to further illustrate complex topics. After reading each chapter, I finished the accompanying quizzes while taking notes.

How To Think Like A Manager for the CISSP Exam

• Amazon

Taken directly from the book description:

"How do you think like a manager?" It is one of the most common questions asked when preparing for the CISSP exam. Using 25 CISSP practice questions with detailed explanations, this book will attempt to answer how to think like a member of a senior management team who has the goal of balancing risk, cost, and most of all, human life. The questions will take you through how to resist thinking from a technical perspective to one that is more holistic of the entire organization.

I enjoyed what the author, Luke Ahmed, presented in this book. As someone who is technical-oriented, it was a good practice to help me think "Like a Manager" which is a critical skill you will need to implement during test taking.

He also runs the studynotesandtheory website that contains a wide variety of helpful content.

Video Courses/Guides

Cybrary - Certified Information Systems Security Professional (CISSP)

Free CISSP Certification Prep Course Online

Take our CISSP course online to prepare for your certification on your own time and at your own pace. Why wait? Start today!

Cybrary

I cannot recommend this course enough. The instructor, Kelly Handerhan, delivers the content in a very detailed-oriented manner. She also throws in lots of knowledge from her career experience which further enriches the content.

I managed to take the course for free.

Linkedin- Prepare for the (ISC)² Information Systems Security Professional (CISSP) Certification Exam (2021)

Prepare for the (ISC)² Information Systems Security Professional (CISSP) Certification Exam (2021) Learning Path | LinkedIn Learning, formerly Lynda.com

Gain the skills you need to prepare for the Certified Information Systems Security Professional (CISSP) exam from (ISC)². Each course maps to one of eight domains from the CISSP Body of Knowledge, updated for 2021.This certification is for anyone looking to advance in their cybersecurity careers.

LinkedIn

Another resource to add to your collection comes from LinkedIn. You can activate a 30-day free trial and watch the full course. The course instructor, Mike Chapple, is well-versed and is capable of delivering the content in a clear and concise approach.

I completed this course when I first started preparing for the CISSP exam.

YouTube

YouTube contains a rich variety of freely available resources that help you further solidify your knowledge.

• Destination Certification Channel: Rob Witcher's channel is a treasure trove of information related to CISSP. I highly recommend his CISSP Mindmap series. These serve as a great review before taking the exam. Also, check out their official website for more resources.
• Inside Cloud and Security: The CISSP Exam Cram playlist has a free 8-hour course that covers all CISSP domains.
• FreeCode Camp CISSP Course: a 13-hour free course that is also a must-watch.
• Kelly Handerhan's "Why you WILL pass the CISSP" is a must-watch before you take the exam. It contains lots of advice on how to set your mind frame.

Mobile Apps

I always managed to do some learning while on the go. My goto app was and still is IT & Cybersecurity Pocket Prep. It has a "question of the day" feature which constantly reminds you of the importance of micro-learning sessions. It also motivates you to complete the QOTD in order to maintain your streak.

Another solid and well-developed app is (ISC)² Official CISSP Exam Prep App

Both apps have subscription plans which you can try. I personally stayed on the free plan.

Practice Exams

I purchased Boson practice exams to further boost my knowledge. As of this writing, the practice exam contains around 700 questions. When you purchase the exam, you get access to it for 1 year before you have to renew it. Keep an eye out for sales or discounts.

Simplilearn offers a free 250-question exam which you can find here.

Other Notable Resources

• Thor's Courses: I did not get the chance to try Thor's courses but the reviews speak for themselves. I used Thor's courses when I was preparing for my CompTIA Cybersecurity Analyst (CySA+) certification.

Learning Methodology

The CISSP exam is a dense and information-heavy journey. The CBK book currently sits at around 600 pages and continuously grows (Other books contain over 1500 pages of knowledge). To be able to efficiently absorb the content, I relied on 3 studying techniques:

N.B.: Everyone has their own way of studying and absorbing information. I am just detailing what works for me.

• Physical note-taking: taking notes using pen and paper
• Prepare Flashcards
• Using spaced repetition

Taking Notes:

Watching and reading any CISSP-related study material was always accompanied by note-taking activities. The physical action of writing down helps you learn, retain and recall information. It also makes the learning process more interactive thus improving focus.

Another major advantage of note-taking is the ability to quickly review what you just learned and mark down points that need further study or research.

During my study sessions, I divided my notes per domain. When I encountered a challenging section, I made sure to highlight it for further research. It is very helpful to always consult different resources when trying to understand a specific topic as it provides different approaches to the same subject.

Flashcards:

Flashcards are a great way to review hard-to-master topics or terms. They help with the active recall process as you try to remember the content of each card.

For those who like to create electronic flashcards, I highly recommend ANKI which is supported on Windows, Mac, Linux, iOS, Android, and any device with a web browser.

Spaced Repetition

It is a complex topic to describe in just a few lines. Check these excellent resources that delve deeper into how it works.

In layman's terms, it is a way of engaging your brain by trying to remember what you study as time goes by.

Final Notes and Tips

During Exam Preparation:

• Treat the CISSP exam as a marathon, not a sprint. Do not expect to be able to cram the material and rush in to take the exam.
• Set a deadline: there is nothing like setting a target goal to achieve or deliver a task. Deadlines will help you maintain and plan your roadmap.
• Try to practice as many questions as possible in order to understand the mindset you have to be in when taking the exam. Sometimes you will find that all answers are correct and you will have to select the answer that "mostly" covers the solution.

• When practicing, read the question very carefully and pay attention to the wording
• Stay away from exam dump sites or resources that guarantee they can provide real-exam questions. They are unreliable and definitely violate the (ISC)² code of ethics which is something you do NOT want to get into.
• Understand your weak points: no matter your experience, you will come across chapters that are quite hard to grasp. Take note of them and reinforce your knowledge as much as possible. Do not underestimate any section.
• More tips can be found here

Before Taking the Exam:

• Keep an eye on the (ISC)² website as they occasionally offer free retakes in case you did not pass on the 1st attempt
• This post explains how to approach test day.

After Passing the Exam:

Congratulate yourself on a mission well accomplished :)

Next, start preparing for your endorsement phase. Once endorsed and in order to maintain your membership, (ISC)² requires a 125 USD yearly membership payment.

Once the above is complete, you will need to complete 40 CPEs every year to maintain your membership and ensure that you are constantly updated on the latest trends and technologies in the IT community.