My CISSP Test Experience

2021, Jul 28

Some have asked for my opinions on the CISSP test so I thought I'd repost my message to the internal CISSP Mentorship Program study group. Here it is with minimal edits. (The formatting is odd but the info is more valuable than the presentation)

The test was different than I was expecting. I've taken a lot (30+ certification tests) so I sifted through the two bad answers and picked/guessed at which one was the MOST correct. I don't know if the test is different due to the update in May or if I was planning on more memorization than I needed. Was pretty much sure I failed when the test ended after 100 questions.

Resources used:

  • The excellent FRSecure Mentorship sessions
  • Pluralsight CISSP course (almost all of the 2015 edition and a good portion of the just-released 2021 edition)
  • Syngress CISSP Study Guide (third edition)
  • Read the WHOLE thing, even the practice tests
  • Syngress 11th Hour CISSP (third edition)
  • (ISC)2 CISSP Official Study Guide (app)
  • (ISC)2 CISSP Official Tests
  • CCCure Practice Tests

Experience:

  • 25 years in the IT industry
  • Mostly working for an MSP (break/fix, design/install/configure server and networking)
  • Networking experience (helped with the OSI models)
  • Firewall experience (helped with network security)
  • Remediating audits for financial institutions
  • Familiarity with taking certification tests

Preparation:

  • Read the books listed cover to cover
  • Attended the sessions or watched the recordings
  • Watched and listened to a LOT of Pluralsight
  • Wrote down concepts or charts that I wanted to cement into memory
  • Drilled the practice tests
  • When I got a question wrong, I researched what made the correct answer the right answer in the context of the question
  • When I guessed and got a question right, I researched what made the correct answer the right answer in the context of the question
  • By the time I took my test I was 75% or higher in both test engines

Advice:

  • Read the books
  • Seriously, don't cheat and skim-read them because there are nuggets in there that don't always stand out
  • Write key things down if they are hard to process/remember
  • If you memorize the charts of random things (ex: symmetric block ciphers) after you start your test, can write down all of the charts, and facts on the provided whiteboard for easier recall
  • Drill the practice tests until you get 70% or higher
  • DO NOT memorize question/answer pairs
  • Try to understand why the wrong answers are wrong and the correct answers are correct
  • Use different sources to learn abstract topics
  • Example: encryption algorithms were new to me, I've used them for years but didn't understand them
  • Brad did a great job stating what they were, but I needed more so I found the Pluralsight videos used more time to explain it and eventually it sunk in
  • Take a practice test as if you're taking a test, especially if you haven't taken a certification test before
  • Testing centers require you to be quiet, wear a mask (odd times we live in), no beverages, no gum, raise your hand to use the restroom
  • Take a long practice test under these conditions, because those conditions are different than taking a practice test on your phone while in the drive-thru
  • Do. Not. Panic. This is only a test :)
  • Slow down: slow is smooth, smooth is fast
  • If you read so fast because you are rushing you will miss details or have to reread the question

If you have any questions about my preparation, let me know. I'll try to help because I did swear to "advance and protect the profession" after all :)

# certification# cybersecurity