I recently completed what some consider to be the capstone of information security certification exams: the Certified Information Systems Security Professional (CISSP) examination.
Since I’m now in the “waiting for endorsement” stage, I figured I would take some time to write up what I did and how I prepared.
First of all, I want to give the biggest shout out in the world possible to Mike Chapple at www.certmike.com
Mike has numerous books and video courses in the field of IT security and his ability to educate is beyond question.
This is a direct link to the LinkedIn Learning CISSP Preparation course by Mike. You’ll need LinkedIn Premium to access it.
For my fellow military veterans, it’s possible to get a free Premium account for a period of time.
I watched that series roughly twice. I skipped some lectures the second time because I felt I knew them.
Next, let’s make a 100 day plan to watch one of the IT Dojo Daily CISSP Questions of the Day…each day, right? Or you can binge watch them in a week like I did. Po-tay-to-po-tah-to.
Alright, that’s your video learning.
Now let’s consider daily review.
One fairly famous resource is “the Sunflower PDF.” You can download the latest version here. Honestly, just open it, pick part of it, and start memorizing. I didn’t have any method to this other than trying to digest as much of it as possible. You won’t be able to fit it all in your brain so aim to just remember the general gist of each section.
My personal favorite daily review item, however, is the PocketPrep CISSP exam app available on mobile devices. You get a daily “Question of the Day” with an explanation as well as the ability to load “Quick 10” exams. You can knock out one of these in a few minutes. There’s a detailed explanation for each question so it really helps you learn the material. I feel like I essentially read the All In One book from this app.
I can’t not mention Boson exams. This is the practice test offered by Boson. Now I’m going to be completely honest… I didn’t use this that much. I found that by the time I was taking the Boson exams, I was scoring 80%+ and didn’t feel the need to devote the time to them. Boson has great test software though and I will definitely use them on every exam that I take which they offer practice tests for. Since I’m on a soapbox, I’m not actually a big fan of their lab software. There isn’t an offering for the CISSP but I’ve tried it out for some other exams. I’d recommend setting up your own VMs for those (although it might require a bit of learning to get a domain controller and a few servers running smoothly.. then again, that’s learning too, right?).
I mentioned books and what CISSP preparation would be complete without books. I personally only used the 11th hour CISSP.
It’s short and filled with high density information. Whereas some books are conversational and filled with filler, this one cuts straight to the point and just throws facts at you.
I did buy the normal All In One book although I didn’t make it very far into it since I’d already registered my exam slot and ran out of time. I blame… well, myself, really.
I think you can get by without the AIO if you have sufficient background.
Be a manager not a technician. You’re a risk advisor. Kelly Handerhan says it better than me:
If you follow those study resources, I have no doubt you’ll succeed on the CISSP examination. Once you get your congratulatory email, you have to go through the CISSP Endorsement process to validate your experience. It’s recommended to have another CISSP endorse you otherwise it can take a bit longer to process your application.