Hello There,

In this post I will talk about my experience with CISSP Certificate. Why I study it and how I manage to get certified.


After finishing OSCP certificate I start studying CISSP the next day, it was in my plan to study CISSP right after finishing OSCP. I felt that I need to read/study about information security from managerial level with bird’s-eye view. Many people look down on CISSP and think its useless, However I can assure you that the materials in CISSP is really good and can be beneficial for anyone want to know more about information security from managing position. 

Study Plan:

for studying the materials I focused on books only, I hate videos and though its unnecessary since the course is theoretical and no hands-on is required.

below is the list of books I used:

In total I spent 4 months reading and studying the materials, this is what I did during this period:

  • I was not in a hurry so I spent 2.5 months reading the official study guide, it’s a 1000 page and by that I was reading for 1-2 hours during the workdays and rest at weekends.
  • after finishing the official guide I start reading the 11th hour book and finish it in one week to recap what I did learn in the official guide.
  • next I start solving the practice test kits but only the questions focused on domains, there is 8 chapters having 100 questions associated with each domains.
  • after knowing my weak points I start reading CISSP Study guide by Eric conrad. it’s a fantastic guide ! I wish I started with it in the beginning, However I did read it fast since I was already done with the official guide. But Also I was taking notes for hard things since Mr.Conrad way of illustrating things is great.
  • back again to solve the rest of the practice test kits which is 2 full 250 questions exams to test my progress. still need to study and improve in some weak areas, and in this step I was solving each question and correct my answer at the same time.
  • before the exam I start skimming through the official guide, at the end of each chapters there is a good summary to read. Also I was skimming through the practice test kits questions specially the red flag ones.
  • before entering the exam room I did read for the last time my personal notes and skim through the 11th hour book to memorize the hard stuffs.


I can’t say much about the exam ( NDA ) but the questions is not the same in practice test kits, it’s scenario based and need to think about the best answer that fits the mentioned case.

I did consume the whole 6 hours exam time as I did evaluate and double check every question, did not take any breaks.


After passing the exam you need some CISSP fella to endorse your application, I do not know anyone so I did choose ISC2. Submitted my papers and exactly after 4 weeks I got the congratulations letter.


I recommend CISSP for anyone interested in information security, I do agree that it’s not a technical training and with respectable experience in the field you do not need a certificate to approve you. But the materials do serve as a great refresh for anyone working in the field or someone want to start in managing position.


Leave a Reply