Why CISSP

Well, this is the credential for security practioners like us that hard to prove the market that “I kinda of know what I am doing and would like HR personnel to make their job easier”. A bit of morale dellima in taking this exam but I have to say the learning experience and knowlege gain is worth the pain. This is a bit of extension on what I jot down at reddit post.

Since I am already in ISC2 circle with SSCP, this is economical since the annual fee is fixed for no matter how many ISC2 credentials you hold. A good alternative can be CISM from ISACA with another 150 bucks more.

CISSP Mindset

I’ll write it down in a cluster non-structured form with points of some mindset and preapation after passing the exam:

  • There is no definite bullet-proof preparation for this exam. You might ask how to approach this exam with high success rate. 3 big criteria is Actual experience, critical thinking as risk advisory & reading recommended books to pick up your weak domains to research and to understand more on some concepts.

Reddit Entry on preparion and resources.

It’s quite a head scratcher and some questions are repeating with different approach to validate your understanding of the topic. Exam cram is quite important to catch up domains or topics you like to forget. I did a lot of logical grouping of technical/ non-technical concepts to make it easy to rule out the noise in multiple choice. There is several questions that I didn’t understand or know at all but smart guess and exam strategy does the job. Resources:

1.CISSP Offical Study Guide 8th Edition: The main source of information that I relied on because it is easier to absorb than CBK. ONLY rely process such as risk management process, change management from this book. Other books will make you confused. Read this book like 4 times in different aspects to grasp most of the concepts and theories. Take notes of stuffs you don’t understand and research online until you get it clearly and note it down what you research to read it when it is like one or two weeks before exam.

2.CISSP in 10 Hours: Read it like a magazine to find out anything missing form book #1.

3.CISSP 21 days: Conceptual digram from this book is quite good to understand big picture of each domains. You can read it all technical stuffs from this books but stick process from book 1.

4.CISSP Offical CBK: Try to read but make me confused and skip.

5.CISSP Shon Harris Practice Exams: I tried all questions. It’s even harder than the actual exam. Quite painful but the reasoning on each questions help you learn something you don’t know or missed to learn.

  1. CISSP Offical Practice Test 2nd Edition: I practiced this book twice. The 2nd time to revisit wrong answers I did the first time after going through book #1 2nd time.

  2. Memory Place 2nd edition : Quite useful and it is based on book #1. Even though it is missing some important concepts, it can become your exam cram after adding missing stuffs by yourself.

  3. Make quizlet based on book #7 but didn’t finish and use it. (exam note)[https://quizlet.com/527740764/exam-notes-flash-cards/?i=33vbln&x=1jqY]