About a month ago, I become an Associate of (ISC)². Today, I want to share a little bit about my experience with the CISSP exam itself.
Apparently, the CISSP exam covers eight different domains, they are:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Note the domain weight subjected to have a small change in May 2021. Each domain covers a good amount of information you need to understand and know from a high level. As some people say, it is a mile wide, yet an inch deep exam designed to give you a comprehensive view of the information security as a whole picture but not very deep in each domain. However, by preparing and taking the exam, it really gives me a great picture of information security as a whole and thinks like a risk advisor. I think the exam serves in a purpose.
I started my preparation in the middle of August. The first couple of weeks are quite rough for me as I take the Boson Simulation exam, I always get somewhere between 60 to 65. However, this situation gets better once I finished the “CISSP course” from Kelly on Cybrary and the book “11-hour CISSP”. The last two simulation exams I took were both passed the 70-passing score, which significantly boosts my confidence to conquer the exam. Here is a timeline breakdown for my preparation:
- Week 1 — Watch Kelly’s CISSP course from Cybrary and take good notes
- Week 2 — Watch Kelly’s CISSP course from Cybrary and take good notes
- Week 3 — Read the “11 hours CISSP”, one domain each day
- Week 4 — Read the “11 hours CISSP”, one domain each day (Note, I read it twice so took me two weeks)
- Over the 4 weeks period, do one simulation exam from Boson per week to help you get a feeling of what’s the exam might look like, and also test your understanding of the domains
Regards the preparation material I used. You can find Kelly’s CISSP preparation course here, which is a 19 hours CISSP preparation course that covers all the details you should know in the period to take the exam. Kelly did such a fascinating job to explain the concepts in a very fun way, seriously, I like the jokes in the video:) Take good notes and probably you can watch it at 1.5x speed. The “11 hours CISSP” probably is one of the books I highly recommend for anyone who is going to take the CISSP exam. The book is about 200 pages long and covers the material in a much short yet precise way. Each concept is well explained and really gives you a mind refresh before the exam. Lastly, comes down to the Boson, one of the simulation exams out there did such a good job gives you a real feeling about the exam. When you have 70 + or super close to 70, you know you are ready :) Regard some other books such as “Offical book from Sybex” or the “CISSP All-in-One”, I have the Sybex book but never used it much, because of the long reading I feel isn’t really going to help me much and gets tedious over time, but it might be still a good reference book if you feel you want to know a specific topic a little bit more.
The exam experience went quite smoothly for me. However, the questions might be tricky sometimes and you have to really read the questions. I have to say read the questions at least twice, think deeply about why it asks this way, and what is the best solution for it. Remember, you are the risk advisor or manager here. The most questions might look not very familiar to you, but with common sense and a little bit of analysis, you should be able to answer them without issues. Also, relax during the exam even you feel the exam is rough, this will give you a clear mind to stay on focus. Lastly, review the high level of cloud security and GDPR is recommended. One of the pro tips might help you :)
Lastly, if you are on the journey or about to start the journey, I really do hope you pass the exam and achieve your goals! Hope this post can help you in some ways :)