How I got my CISSP
The Certified Information Systems Security Professional or CISSP is known for its rigorous exam and challenging requirement of needing at least 5 years of experience working in security-related roles.
I'm happy to say I was able to pass on the first attempt and would like to share my experience and study path with others interested in the CISSP.
I. Career Background
DevSecOps engineer for 4 1/2 years building security features for a platform in AWS cloud with Python, Go, and Kubernetes which obtained the ISO 27001 & ISO 27002 type I and Type II. During that time, I also received the AWS security specialty certification. Then moved to a whole security infrastructure security analyst job for about 5 months before attempting the CISSP Exam.
I felt that being in a DevSecOps role building a platform was advantageous since most of my day-to-day work revolved around the 8 tested domains of the CISSP;
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
II. Study Plan
II.a Get a Smaller Cert First
Obtaining a cert or two before going after the CISSP will be helpful because it will aid in building/refreshing study skills and building confidence. So, I first went after the AWS Security Specialty certification and recommend readers to do the same by selecting one of interest for themself.
II.b Books, Courses, and Bootcamp
I read it on my kindle over a month by aiming for 1-3% a day before bed, spacing it out helped me since the material is dry and is what I would recommend for all the books provided. But some folks are able to read them all in a month. In the end go at the speed that works for you and at which you can retain information without falling asleep.
- Thors course and Boson questions
I didn't use Thors Course at all— the material felt redundant with info found in All in One and Official Study Guide. Also, I wouldn't say I liked that I had to set the play speed for each video manually to x2, so it interrupted me while working and listening. However, it is a well done video course for those who prefer videos.
I went through every question at least once until I got 90% of them right. For those that might not be aware within Official Study Guide books there are registration codes for Wiley's digital practice exams which I strongly recommend.
I did the BootCamp because the company offered to pay with no strings attached, so I figured sure why not. It was a grueling 5 day 12 hour a day experience with great books provided. Yet, I didn't read the books that came with that course felt redundant since I had already read the others.
However, I took lots of notes from the in-class session on the digital pad (my style of learning, which was especially helpful for the cryptography sections.
I focused on the "test-taker mentality" that the course instructor taught. Like how to select the best answers for the CISSP exam and how to think like a manager (I think this was most beneficial but can be found online pretty easily).
- Pocket Prep phone app
I tried it but found it to be lesser than the already paid-for OSG tests and questions.
I didn't like the paywall since I had already paid for other resources and frankly the official resources are more than enough despite what others might say.
Doing, all the above took around 6 months to a year to accomplish. I prefer to space things out but others might prefer prepping in a shorter amount of time.
What is most important is finding a routine and sticking with it which for me was typically reading before bed and doing at least one practice exam a day of 120 Questions.
III. Days leading up to test
I kept doing OSG practice tests and
listened to YouTube videos by Larry Greenblatt and Kerry for thinking like a manager for the exam
IV. Day of test
I didn't sleep the night before from nerves, so I arrived with only 4 hours of sleep and went through the exam in 175 Qs at around 143 mins.
I took a break when I got frustrated with the vagueness of some questions and just started to click out of annoyance.
IV.a Test taking strategy
I focused on picking the best answer and trusting my gut.
It would be mentally exhausting to pick the 'right' answer each time versus the other choice, so I trusted my gut after reading the question 3 times.
- Read each answer choice once
- Start with the Last answer choice, then read up
- Pick the Cheapest option if stuck between choices
- Pick the thinking option if stuck between 2 choices
- Test Qs review
The technical questions were decently similar to tech questions from OSG in terms of format 1-3 sentences
Overall, though, the questions weren't anything like the study material as anyone who's taken it will tell you.
I hope my shared plan helps you if you're going after the CISSP. I'm happy to answer any other questions as well!