Acing your CISSP exam, a guide

I recently passed my CISSP exam, after plucking up the courage following a long revision period. I decided not to attend any of the week-long courses as I learn better at my own pace and I would rather cover it part time alongside my work.

Here are my hints and tips based on what I learned from my time studying.

What is the CISSP exam?

According to the (ISC)², the Certified Information Systems Security Professional (CISSP) qualification is designed for experienced security professionals and managers ranging from Security Analyst roles to Security Managers and CISOs.

The examination covers a broad range of security domains to help you to learn more about the management of effective Cybersecurity Programmes. As a Cyber Security Analyst I felt that this was the next step to help me to progress in my career.

Before the exam

1. Read the books (but not the way you might think)

Although it’s usually the beginning of the books you’ll read, do yourself a favour and don’t start with trying to learn all the different acronyms in the security and risk management section – Security Domain 1 (such as ISO , NIST , COBIT , and TOGAF ). These will all make a lot more sense when you see them referred to across the other domains.

Trying to memorise all these acronyms and publications at the beginning of your study is more likely to put you off and is unlikely to help you. It’s better to see how they link into everything else you learn by going back to them later.

However, the rest of the chapter is really useful and will give you a good basis for the rest of your study, so make sure to read this first.

2. Change up your learning style

Try to find different sources to learn from. For me, changing up the learning materials helped me to learn the content more easily.

Sometimes, I wanted to tuck up in bed and read a chapter of the CISSP books (Shon Harris) , but others I wanted to watch videos or do some practice papers.

Simply Business provides its employees with access to lots of different learning materials and working environments – sometimes I revised by reading in our quiet library and other times I took some time at my desk to watch a quick video.

3. Take practice tests

Test yourself at the end of everything you read. If it’s not going in, take a break and come back to it.

The CISSP training videos from Sari Greene test you at the end with a 5 second cards quick challenge which really test your understanding of everything you read. Or you can get your hands on the official CISSP practice papers which divide the questions up into the chapters.

4. Put things into context

It always helps to understand what you’re reading than to just know it for the purpose of the exam. Some of the questions in the exam will test your understanding of what you’ve read, so you can’t just rely on a photographic memory of the content you have been studying.

One way to do this is to try and link up the chapters to fully understand all the domains. How does encryption from “Domain 3: Security Engineering” fit into the OSI model from “Domain 4: Communication and network security”? How do the common attacks you read about in “Domain 3: Security Engineering” link into the controls you learned about in “Domain 7: Security Operations”? Mind map these and draw them into diagrams if it helps you to understand how it all fits together.

5. Seek outside help

Speak to other CISSP professionals or even form groups with others who are studying in the area. Finding other people who have passed the exam previously helped me out a lot. Some friends at Simply Business offered me some books they had used and also some advice on preparing for the exam.

During the exam

1. Read the question, read the answers and then go back and read the question again before submitting. This will help you catch any negatives you might miss when you first read the question, such as “Which of the below is not XYZ”
2. Make sure you have read all the answers rather than stopping for the first one you think it might be (also helps with catching any questions that you may have misread).
3. If you’re not sure on the answer to the question, instead of guessing completely, try to eliminate the answers you know it can’t be. Usually you will find you’re left with 2 options after elimination, and then your chances of a correct answer will be 50:50.
4. Breathe. A lot of mistakes are made by rushing – if you slow down and try to stay calm while taking the exam, you’ll have an easier time getting the outcome you want. If you don’t pass first time, it’s not the end of the world, so try to be kind to yourself.

Recommended Materials

There are loads of resources out there, but these are some that I found particularly helpful:

1. Shon Harris – CISSP All-in-one
2. Sari Greene’s CISSP Complete Video Course
3. (ISC)² Official Practice Papers
4. CISSP (ISC)² Certified Information Systems Security Professional Official Study Guide

Good luck and if you have any other tips, leave them in the comments below!