How I passed CISSP in the first attempt? Preparation Strategy, Resources, & Mistakes to avoid.

Posted on by Shobhit Mehta

I passed the (ISC)2 CISSP on Dec 04, 2018 and since then have received multiple messages asking about the preparation strategy and resources.

Following are the 12 points I have learned in the entire preparation and hopefully, it will help you in outlining your strategy as well.

  1. First things first, book a date for the exam that you can remember easily. This will help you track the number of days you have for the preparation easily. There will be a time in your preparation when you’ll be so engrossed in the preparation that you may often miss the date. Is it 4th or 5th?
  2. Once you register for the exam, give up on everything for at least 4 months. No friends, no parties, minimum contact with the outside world. CISSP demands sacrifice.
  3. Replace your playlist with the Shon Harris’s audio (link attached). Optimize your time. Listen to them every time you commute or cook.
  4. Read, a lot. The official Sybex book & Shon Harris AIO should be read twice – cover to cover. Don’t miss out on anything. Some things may look simple to read or you’ll think you already know – but make sure you still read them. This will give you the inherent confidence that you are well prepared and you will not change your answers in the actual exam.
  5. Watch a lot of videos. For my preparation, I watched the complete Sari Greene series (55+ Hrs) and Shon Harris videos (30+ Hrs).
  6. At least 1 month before the exam, start solving a lot of questions and optimize the question-solving process. For instance, don’t solve the practice tests and questions from the Sybex hardcopy but use this website to solve the questions online. In total, you should solve at least 5,000 questions from different sources to concrete your understanding of each domain and concept.
  7. At any time in your preparation, you should dedicate 50% of the time with the content and 50% of the time with questions.
  8. Make a lot of notes. There are so many protocols, roles, responsibilities for each of the roles, processes, and minor differences between things (Resiliency or Fault Tolerance, SLA or OLA etc.) that no matter how many times you read them, they will slip if you don’t pay them the due attention they demand.
  9. Identify your weak areas. Since I already completed CISM, I had a fair understanding of ‘Domain 1 – Security and Risk Management’ and because of the roles I had had in previous jobs, I was confident in ‘Domain 4 – Identity and Access Management (IAM)’; however, as I never worked first-hand on the networks, I soon realized that I have to dedicate extra attention to ‘Domain 5 – Communication and Network Security’.
  10. When you do the questions, it is more important to know the rationale of right or wrong answer rather than having the answer right. When the question is right, cross check if your understanding was indeed correct or it was a lucky guess. If the answer is incorrect, make sure you note the rationale somewhere and make it a point to not make the same mistake again.
  11. Create your own mind maps. There are 100s of mindmaps available for each domain of the CISSP. But I’ll suggest you create your own mind maps by hand and revisit those often. For me, it was very helpful in the Cryptography and Networks domain.
  12. Most importantly, develop an ecosystem of like-minded individuals. Individuals who follow the same passion and are as driven for passing the exam as you are. I can’t recommend enough to join this community on Facebook. People from all over the world share their preparation strategy, the mistakes, the learnings, the experiences, the hardships and the sacrifices they endure to pass the exam. The founder and admin of Study Notes and Theory (Luke Ahmed) is a great guy and will help you selflessly even if you don’t avail for the membership.

Just so you know, I study full-time and work 20–30 hours per week. The preparation strategy worked for me but you may want to cater the strategy per your own schedule.

Additional resources (I only used the resources in bold):

Books:

  • CISSP All-in-One Exam Guide – Link
  • CISSP Official Study Guide – Link
  • CISSP Official Practice Tests – Link
  • 11th Hour CISSP Study Guide – Link

Videos:

  • Cybrary, Kelly Handerhan’s videos – Link
  • IT Dojo CISSP Playlist: Link
  • Learning Path: CISSP by Sari Greene: Link
  • CISSP Video Course by Shon Harris: Link

Audio:

  • Shon Harris’s audio – Link

Flashcards:

Mind-maps:

  • CISSP Mind-maps: Link

Questions:

  • Wiley Questions Bank – Link
  • Thor Pederson’s Question of the day – Link

Others:

  • Latest Sunflower study guide – Link
  • ISACA, Cyber Security Fundamentals Glossary – Link

All the best!

Note: Originally appeared here.