I am extremely delighted to announce that I passed my CISSP certification in first try within the first 125 questions with an overall experience of 5+ years in the industry. The path to this certification was an amazing journey that taught me great self-skills apart from the enormous technical and management knowledge it gives. So, in today’s article, I would like to share some insights on what CISSP is, What resources to use for CISSP preparation, and some Tips and Tricks for Cracking your CISSP exam in the first attempt.
The CISSP (Certified Information Systems Security Professional) certification is a globally acknowledged credential in the field of information security. It is established by the International Information Systems Security Certification Consortium, commonly referred to as (ISC)². CISSP is a vendor-neutral certification that validates the technical expertise and practical experience of IT security professionals in designing, implementing, and overseeing security programs. CISSP is one of the golden standards in the information security field. There are some criteria you must fulfil before you can add this certification to your profile.
You need a minimum of 5 years of experience full-time.
You should have experience in a minimum of 2 domains within the 8 domains.
You can use a relevant ‘4-year degree’ or ‘Approved Credential on the ISC2 Approved List’ as a 1-year waiver.
If you don’t meet the above criteria, you can achieve the status of an Associate of ISC2 by passing the CISSP exam. As an Associate of ISC2, they will have a period of six years to accumulate the required five years of professional experience.
Domain 1. Security and Risk Management – 15%
Domain 2. Asset Security – 10%
Domain 3. Security Architecture and Engineering – 13%
Domain 4. Communication and Network Security – 13%
Domain 5. Identity and Access Management (IAM) – 13%
Domain 6. Security Assessment and Testing – 12%
Domain 7. Security Operations – 13%
Domain 8. Software Development Security – 11%
There are two primary guides officially from ISC2 which are (ISC)² CISSP official study guide: Which covers all CISSP course domains and Official ISC2 CISSP Common Body of Knowledge (CBK) Reference: A good choice for going straight to the source.
Apart from these official sources, there are numerous other audio, video, and books available in the market, I am listing out few of the materials that I have gone through and an overview of it
Thor Peterson Bootcamp on Udemy – Udemy is not a free resource but luckily, I had access for free via my corporate which helped me a lot. When I first saw the 1300-page book ‘Official Study Guide’ I was totally clueless and didn’t know how to begin, Thor’s video came in handy to me. He has amazing free resources as well on his website and study groups, Please visit https://thorteaches.com/cissp/
on YouTube – This comprehensive exam cram provides a valuable overview of the eight domains, serving as an excellent starting point before diving into your official study materials. In addition to this, the accompanying video playlist offers in-depth explanations of complex and crucial exam topics. Pete’s memorization tips, shared within the resource, are of high quality and have proven to be extremely beneficial.
: This is another remarkable free resource accessible on YouTube. Their mind map series is particularly beneficial for bridging the gaps and making connections between concepts. I highly suggest incorporating this video into your final preparation phase, as it will greatly enhance your understanding of the complete content across all eight domains.
The Memory Palace by Prashanth Mohan: This book served as my go-to resource for last-minute preparation, and the most appealing aspect is that it’s available at no cost. Mr. Prashanth has done an outstanding job in condensing the entire content into a concise format. I found it extremely valuable for self-assessment and ensuring I hadn’t overlooked any topics.
: Prabh is a well-known figure among CISSP exam takers. His role as a trainer is truly impressive, and his educational materials prove invaluable in simplifying complex concepts. Furthermore, he offers comprehensive domain summaries that greatly aid in understanding the content.
Eleventh-hour cissp: This book was also helpful in summarising the content.
The previously mentioned resources focused on the learning aspect, but now let’s shift our focus to the equally crucial component: practice questions. When it comes to acing your CISSP exam in a single attempt, there’s a single key answer: practice, practice, practice. Before delving into the questions, there are a few important considerations to keep in mind, which we’ll discuss later. Here are some exceptional resources I utilized during my preparation.
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests– Within this book, you’ll find questions dedicated to each of the eight domains, along with four practice tests. It’s essential to note that these questions are designed to enhance your understanding of the material, rather than to shape your mindset for the actual exam. Therefore, it’s advisable to incorporate them into your study phase, as they will effectively reinforce your grasp of the topics.
Thor’s easy and medium questions on Udemy, This resource proved valuable for clarifying concepts. However, I would personally refrain from recommending the ‘Hard questions’ in Udemy, as some of them were quite perplexing and lacked clarity.
Coffee shots by Prabh Nair, which also contain good-quality questions.
Boson Questions: These questions were incredibly valuable. Their wording closely resembled what you’ll encounter in the actual test, so practicing with them will train your mind to better understand the exam questions.
Think Like a manager By Luke Ahmed- This exceptional book includes a total of 25 questions, each accompanied by a detailed explanation of the thought process leading to the answer. Engaging with these questions will not only improve your critical thinking skills but also help you develop the right mindset for the exam.
“
” by Andrew on youtube: Andrew’s challenging questions and his insights on approaching them were exceptionally helpful. I recommend saving these for the final stages of your preparation.
Every individual’s path to the CISSP exam is unique, given the diverse backgrounds of candidates. Therefore, it’s essential to tailor your preparation to match your specific skill set. As a security professional with over 5 years of experience, my expertise lies more in technical roles, particularly within the defense team. To succeed, I had to enhance my proficiency in management and other technical areas like asset security and software development. Hence, it’s advisable to review available resources, identify your strengths and weaknesses, and allocate your study time accordingly.
As working professionals, finding time to sit down and read a book like we did in college can be quite challenging. Fortunately, audiobooks and video resources are accessible for many study materials on platforms like Amazon. However, it’s highly advisable to go through at least one of the official ISC2 study materials before your exam.
One significant challenge faced by CISSP candidates is that many of us come from technical backgrounds. It’s often more challenging for technical individuals to pass this exam because they are accustomed to constantly “fixing problems” as part of their job. This perspective needs to be adjusted, emphasizing the importance of altering the mindset to succeed in the CISSP exam.
Tips and Tricks for Cracking your CISSP exam in first attempt:
The book: Make sure you have read at least once any one of the official CISSP guide. Research on the same, pick which one you are going for. Rest is up to you, find whatever makes you comfortable and go for it.
How to study: While You study you will definitely come across many topics you are unfamiliar, relying on multiple resources will give you better idea. If you are a person with Zero networking background module 4 is going to be super tough, please watch short, animated videos on networking topics which will make your life so easier than sitting reading this plain old books.
Practice questions: I’ve met people who spent most of their time studying and didn’t practice with questions, which is a big mistake. You might think, “Why bother with questions if I’m learning everything?” But unless you’re an expert with good technical knowledge and lots of management experience, this approach can backfire.
How you practice your Questions? As much as you do your questions how you practice the questions also have a great effect.
While you are practicing your questions make sure to mark the questions you are confused or have done wrong and restudy all the topics
Do not redo the same question paper, the second time you do the same questions you are most likely to memorise the answer rather than actually tackling it
Rely on trusted sources, there are a lot of sites giving you exam questions, do your due diligence find the right resources.
CISSP Exam Dumps: Everyone of us will at least search once on the internet for CISSP exam dump, let me save your time. The are no exam dumps, The ISC2 is very strict about maintaining the integrity of the questions.
Memorisations Tips: Create and use a lot of mnemonics, create your own silly diagrammatic representation of topics especially the attacks, frameworks. Please do not by heart the topics, understand them. During your day-to-day life when you see things try to correlate with what you have learned, when I saw my office building the topics like secure facility designs will come to mind. Write handwritten notes, talk to people who are working in different domains, all these were so helpful to me to understand how real world works.
The Mindset: You might have heard a hundred times from everyone “Think like a manager” for CISSP exam. What is think like a manager, it simply means you are not fixing anything, you are just there to advise based on the overall knowledge you have and what will be best solution it that particular situation. Always think about the end result. There is a video on YouTube by Kelly Handerhan “
” This is a great video that will get you into that mindset.
I am generally a person with a little bit of anxiety, and I knew this was a very challenging exam and I wanted to crack it so badly. Its always better to be over prepared than underprepared. I am in a point in life where I don’t have much extra responsibilities and I thought this is the best time to dedicate myself for this exam. I gave my 100% dedication to it, I practiced more than 3000 questions, I was scoring more that 75% consistently towards the end of my preparation. I went through all the resources available to me. Everyone around me was also so supportive, during office time me and my colleagues will start heated discussions on some technical topics and the people around me gave deep insight into many areas.
I was not much stressed on my exam day, somewhere I read trust on your preparations, and I trusted all the efforts I put into it. I made sure my technical background will not be a hindrance to this management exam, on the previous day of my exam I completely focused on fixing my mindset rather than studying topics. It was definitely helpful.
Was the exam difficult? It definitely was, but I was expecting worse, so it was not that bad.
The exam is offline there are only very few centres for the CISSP exam, there is a total of 175 questions with 4 hr time. You will be monitored though out your exam. This is a CAT exam and the algorithm decides that you are good enough to pass the exam or not and will stop anywhere from 125 -175 questions, luckily I passed with 125 questions.
Before you go for your exam make sure you are rested enough, and your mind is calm. Eat food, have some glucose or chocolate with you to have just before exam which will give you that instant boost of energy. Trust your preparations and everything will be fine.
“Motivation is a scam discipline is the key”. Most of us will get highly motivated by seeing someone pass the exam or watching some motivational video. Motivation is just an initial push, but what keeps you going is the disciplined hard work you put into it, this is exceptionally true in the case of CISSP exam preparation. This exam will push your limits, test your patience. You will see your friends and family enjoying while you sit in a corner and study, remember its worth it.
I hope this article helped you in understanding what CISSP is, what resources to use for CISSP preparation, and some Tips and Tricks for Cracking your CISSP exam in the first attempt. In case of any query feel free to reach out to me on LinkedIn.
You may also like these articles:
Aroma is a cybersecurity professional with more than four years of experience in the industry. She has a strong background in detecting and defending cyber-attacks and possesses multiple global certifications like eCTHPv2, CEH, and CTIA. She is a pet lover and, in her free time, enjoys spending time with her cat, cooking, and traveling. You can connect with her on LinkedIn.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.