Before we begin, Congratulations on beginning your journey to become CISSP certified. The International Information Security Systems Certification Consortium (or ISC²) have gone to great length to really produce and maintain an exam, which is widely recognised as the gold standard in Information Security certifications. Preparing for an exam of this magnitude is no small task, even for the most experienced InfoSec professional, and so if you are looking for tips on how to tame that CISSP beast on your first attempt, then keep reading.
If you want to know what to expect on the day of the CISSP exam and my tips, check out my blog on that here
What Is CISSP?
While you will never hear CISSP expressed using its full name you should absolutely know what the acronym actually means. It stands for “Certified Information Security Systems Professional” and is one of many certifications offered by ISC².
In the world of InfoSec, it actually counts for a lot and unlocks a whole bunch of doors, not only into job opportunities but also into social events, boards and panels, communities and much, much more. There are even local CISSP chapters which you can join to meet and exchange information with other people in the industry.
The CISSP exam previously focussed on 10 Common Bodies Of Knowledge but recently restructured in 2015 and now squeezes everything into just 8 domains (or CBK). The current 8 domains are:
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
- Asset Security (Protecting Security of Assets)
- Security Engineering (Engineering and Management of Security)
- Communication and Network Security (Designing and Protecting Network Security)
- Identity and Access Management (Controlling Access and Managing Identity)
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
- Software Development Security (Understanding, Applying, and Enforcing Software Security)
Each of the domains includes sub categories and a list of subjects which you should be familiar with for your studies. You can find the latest ISC² CISSP CBK list here.
(Not feeling confident in the Security Testing domain? – sign up to my hacking crash course today here!)
How To Get CISSP Certified?
To become certified, you must of course pass the CISSP exam but there is a little more to it than that. Here are the things you’ll need to do in order to become certified.
- Have at least 5 years of experience in 2 or more of the 8 domains the exam covers.
- You can reduce this to 4 years experience if you can demonstrate a 4 year college/university degree or local equivalent.
- Schedule and Pass the CISSP exam.
- This is mostly done through Pearson VUE test centres. I sat mine at Pearson VUE in Sheffield(UK) for around £500.
- When you book the exam you’ll also have to sign an agreement attesting to your work experience and commitment to the ISC² code of ethics.
- Complete CISSP Endorsement
- Once you have passed, If you know another CISSP, they can give you their member number and you can enter them as an endorser in the ISC² portal. They will review the work experience you have recorded and if they can, they will endorse you. Mine was done within a few days of passing the exam (Thanks Dave!).
- If you do not know a CISSP who can endorse you, you’ll need to provide a detailed account of your experience and supporting documentation so that ISC² can verify and endorse you themselves.
Once you have done all of the above, you have technically only passed the CISSP exam, and have not yet become CISSP certified until ISC² validates your endorsement which for me, took around 4 weeks. You will get an email confirming your exam and endorsement has been accepted and you can now watch the following video. If you’re lucky you should also get the certificate and warrant card through the post but that will take a while longer.
So now you know what you need to do, lets look at how you pass that exam!
How To Pass First Time?
Even the most complicated tasks can be tackled using the simplest of solutions, and the CISSP is no exception. I wont be the first or the last person to say that, your biggest help in passing the CISSP exam is absolutely going to be your experience. With 5 years under your belt, you really should be strong in at least 2 of the 8 domains.
That being said, that leaves around 6 domains that you might not have much experience in at all. However you are not alone if you feel overwhelmed by this, almost every CISSP I know felt the same way. Very few CISSPs have experience in all of the 8 domains prior to passing the exam and I would still be surprised to find many that regularly focus on all 8 once they have qualified. It’s really not common in the industry.
Accepting you have weaknesses is important and I used it to help guide where I spent my study time. I passed CISSP in around 8 weeks of study time and was in and out of the exam in under 4 hours. Here is the approach I recommend you take in order to improve your chances of passing first time.
First of all, keep things simple. I broke my approach down into 2 stages which should take around 2 months to get you ready for the exam:
- Preparation – 1 Week(max)
- Revision – 7 Weeks
You might think revision and preparing are the same thing but there is more to it than that. We are talking about preparing for how you will study, what you will study, and when! This should really only take a day to sit down and work out but if you decide to order any supplies or study material in it could take you a full week.
Nobody ever picked up the CISSP book and read it from start to finish and got the most benefit they could. You have to be methodical in your approach and know how to get the right results from your study. Your first steps into CISSP preparation should be:
- Understand your strengths and weaknesses
- Which domains have you worked in where you need little study and which domains do you need the most?
- Which learning style is the best for you?
- Map when you can study
- Don’t just “plan” on studying, create a schedule and put time aside, away from distractions when you can really focus.
- Decide where you will study
- Revising at home for me is hard but not impossible. With a young family I find myself jumping from room to room to avoid distractions. It’s not the best and so I will often work and study from local Coffee shops or Hotels when I am working away.
Once you have a plan which covers all the above points, you should have a good idea of what areas you will be focussing your study on, as well as knowing where, and when you will study.
You can also begin sourcing any items you might need around the house to help you study better, such as additional stationary and flash cards, topping up the coffee selection or even introducing supplements like nootropics into your study sessions. I recommend Alpha Brain as a great way to enhance memory and focus, I use this regularly. You can read my review of Alpha Brain here
OK, now you have 5 years of experience, you know where your weaknesses are and have a plan of attack to get your revision done. Here is what I recommend to get the most out of your revision sessions over the next 7 weeks.
Weeks 2 – 5
- Test yourself before and after
- Check your knowledge before you read a new domain using practice tests and repeat afterwards to measure the improvement.
- In the study book I used there were short quiz’s in the end of each chapter. I used these before and after each chapter and recorded my progress.
- This should typically be around 20 questions.
- Do not move on until you are confident you have learned the material
- It’s easy to read one chapter after another but unless you can answer at least 90% of the chapter tests correctly, then you still have learning to do.
- Its only 20 questions and so you should be hitting 90% + easily by your third attempt or sooner.
- Do not waste time on content you already know
- Every session counts. Spending valuable time reading a chapter on a subject you know inside out is very likely a waste of time. Instead, focus on your weak areas and if there is time at the end, use it to check your knowledge on these areas.
- Use multiple study sources
- I usually learn best by actually doing a task, and so reading and CBT study is much more challenging for me. I overcame this by using a selection of sources. I would test my knowledge on a chapter and record my score, then read the chapter, THEN… watch the corresponding CBT video on the same subject and finally I would test my knowledge again. This didn’t make study any easier but it helped unfamiliar content to sink in after absorbing it in different ways.
Weeks 6 – 8
- Begin using full length practice tests.
- In the weeks leading up to the tests I would recommend moving on to the full practise tests you can get online. Most of the good providers will break down your results into categories so that you can identify which areas you are still weak in. With around 2-3 weeks left before the exam you should have covered most of the subjects and now be testing yourself regularly.
- Use the results to figure out where you need to focus and go back to the material to review.
- Make sure you are testing yourself on pro/hard level on the test exams. There’s no point getting 100% on the easy level only to get overwhelmed on the day of the exam.
I began by using the official CISSP study companion and really did not like it. I found the content hard to read and very boring.
I then moved onto CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide and found this to be much easier to digest. I used the sample tests on the end of each chapter to measure my understanding and I really recommend this book over the official ISC2 book.
I used the CISSP CBT Nuggets course to aid in my study. I would typically watch the video while traveling on my tablet but found that combining the study books with CBT content really helped fill any gaps. They can however be a little on the pricey side.
Free Practice Tests might not be free(not sure why they call it free) but the test engines are still great. You can subscribe to the CISSP test exams for around $90 for 3 months and also get access to a whole bunch of other practice exams and so I think it’s great value for money.
As i said, I use Nootropics regularly and certainly made sure to have plenty around the house while preparing for CISSP. You can read my review by clicking here, or head over to XBrain to order yours today.
I’m confident that using the CISSP study plan that I used, you will do great and pass the exam on your first attempt! Please let me know if this works for you by commenting below sharing and subscribing to the blog for the latest updates!