In this post I will talk about my experience with CISSP Certificate. Why I study it and how I manage to get certified.
After finishing OSCP certificate I start studying CISSP the next day, it was in my plan to study CISSP right after finishing OSCP. I felt that I need to read/study about information security from managerial level with bird’s-eye view. Many people look down on CISSP and think its useless, However I can assure you that the materials in CISSP is really good and can be beneficial for anyone want to know more about information security from managing position.
for studying the materials I focused on books only, I hate videos and though its unnecessary since the course is theoretical and no hands-on is required.
below is the list of books I used:
In total I spent 4 months reading and studying the materials, this is what I did during this period:
- I was not in a hurry so I spent 2.5 months reading the official study guide, it’s a 1000 page and by that I was reading for 1-2 hours during the workdays and rest at weekends.
- after finishing the official guide I start reading the 11th hour book and finish it in one week to recap what I did learn in the official guide.
- next I start solving the practice test kits but only the questions focused on domains, there is 8 chapters having 100 questions associated with each domains.
- after knowing my weak points I start reading CISSP Study guide by Eric conrad. it’s a fantastic guide ! I wish I started with it in the beginning, However I did read it fast since I was already done with the official guide. But Also I was taking notes for hard things since Mr.Conrad way of illustrating things is great.
- back again to solve the rest of the practice test kits which is 2 full 250 questions exams to test my progress. still need to study and improve in some weak areas, and in this step I was solving each question and correct my answer at the same time.
- before the exam I start skimming through the official guide, at the end of each chapters there is a good summary to read. Also I was skimming through the practice test kits questions specially the red flag ones.
- before entering the exam room I did read for the last time my personal notes and skim through the 11th hour book to memorize the hard stuffs.
I can’t say much about the exam ( NDA ) but the questions is not the same in practice test kits, it’s scenario based and need to think about the best answer that fits the mentioned case.
I did consume the whole 6 hours exam time as I did evaluate and double check every question, did not take any breaks.
After passing the exam you need some CISSP fella to endorse your application, I do not know anyone so I did choose ISC2. Submitted my papers and exactly after 4 weeks I got the congratulations letter.
I recommend CISSP for anyone interested in information security, I do agree that it’s not a technical training and with respectable experience in the field you do not need a certificate to approve you. But the materials do serve as a great refresh for anyone working in the field or someone want to start in managing position.