Hello There,
In this post I will talk about my experience with CISSP Certificate. Why I study it and how I manage to get certified.
Intro:
After finishing OSCP certificate I start studying CISSP the next day, it was in my plan to study CISSP right after finishing OSCP. I felt that I need to read/study about information security from managerial level with bird’s-eye view. Many people look down on CISSP and think its useless, However I can assure you that the materials in CISSP is really good and can be beneficial for anyone want to know more about information security from managing position.
Study Plan:
for studying the materials I focused on books only, I hate videos and though its unnecessary since the course is theoretical and no hands-on is required.
below is the list of books I used:
- https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119314011/ref=sr_1_2?ie=UTF8&qid=1507615878&sr=8-2&keywords=cissp
- https://www.amazon.com/CISSP-Study-Guide-Third-Conrad/dp/0128024372/ref=sr_1_5?ie=UTF8&qid=1507615878&sr=8-5&keywords=cissp
- https://www.amazon.com/Eleventh-Hour-CISSP%C2%AE-Third-Study/dp/0128112484/ref=sr_1_4?ie=UTF8&qid=1507615878&sr=8-4&keywords=cissp
In total I spent 4 months reading and studying the materials, this is what I did during this period:
- I was not in a hurry so I spent 2.5 months reading the official study guide, it’s a 1000 page and by that I was reading for 1-2 hours during the workdays and rest at weekends.
- after finishing the official guide I start reading the 11th hour book and finish it in one week to recap what I did learn in the official guide.
- next I start solving the practice test kits but only the questions focused on domains, there is 8 chapters having 100 questions associated with each domains.
- after knowing my weak points I start reading CISSP Study guide by Eric conrad. it’s a fantastic guide ! I wish I started with it in the beginning, However I did read it fast since I was already done with the official guide. But Also I was taking notes for hard things since Mr.Conrad way of illustrating things is great.
- back again to solve the rest of the practice test kits which is 2 full 250 questions exams to test my progress. still need to study and improve in some weak areas, and in this step I was solving each question and correct my answer at the same time.
- before the exam I start skimming through the official guide, at the end of each chapters there is a good summary to read. Also I was skimming through the practice test kits questions specially the red flag ones.
- before entering the exam room I did read for the last time my personal notes and skim through the 11th hour book to memorize the hard stuffs.
Exam:
I can’t say much about the exam ( NDA ) but the questions is not the same in practice test kits, it’s scenario based and need to think about the best answer that fits the mentioned case.
I did consume the whole 6 hours exam time as I did evaluate and double check every question, did not take any breaks.
Endorsement:
After passing the exam you need some CISSP fella to endorse your application, I do not know anyone so I did choose ISC2. Submitted my papers and exactly after 4 weeks I got the congratulations letter.
Fin:
I recommend CISSP for anyone interested in information security, I do agree that it’s not a technical training and with respectable experience in the field you do not need a certificate to approve you. But the materials do serve as a great refresh for anyone working in the field or someone want to start in managing position.