CISSP AND CCSP STUDY STRATEGY ...

After I cleared CISSP and CCSP certifications in quick succession, I received a number of requests to share my study strategy. So far, I have been replying to the queries individually. Then I thought of writing this article for the benefit of everyone considering (ISC)2 certification.

In the ensuing paragraphs, I am covering my study strategy for (ISC)2 certifications for the benefits of CISSP and CCSP aspirants. I am sure that many of the certification aspirants reading this article are more learned and experienced than me, hence would know what to take and what to leave from what I am suggesting. I am no authority but a learner like you. I would strongly encourage you exercising your own judgement. There are a number of exceptional professionals and mentors out there like Adam Gordon, Mike Chapple, Ben Malisow, Shon Harris, Kelly Handerhan, Eric Conrad etc., Similarly there are number of good tutors for these certifications like Cybernous (Manoj Sharma), Study Notes and Theory (Luke Ahmed), Infosec Train (Prabh Nair), Effective CISSP (Wentz Wu), etc. I mean no disrespect to them when I suggest a particular source over the other....

1. Time Required for Preparation. That would depend a lot on the prior experience with the respective certification domains and your learning style. Few people could read and retain 100 pages per day, while few could manage only 10 pages per day. The average time required for CISSP is about 3 months and for CCSP 1? months. As memory atrophies over time, therefore, rather than the study duration, regularity of the efforts, matters more. Please try to spare 1 hours a day during weekdays and 5 hours on weekends. This will give you 15 hours of study time per week. I would recommend that you don’t sacrifice your time with family and friends for the sake of any exam. The fact is, certification may not matter in 5 years' time, but you family will always matter and should come first.

2. Study Material. The variety of information you go through like 10 books, 20 video/ audio courses and 30 groups won’t help you pass the exam. But you will surely waste a lot of your time and money which is precious. Let me quote a Sanskrit Sloka which says "????????? ? ?? ?????? ????????? ???????? ?????????? ? ???????? ? ?? ?????? ? ????????" which means knowledge in books and money held by others may not help you in need. So, please don’t focus on gathering too much material, rather, focus on imbibing the knowledge from what you have. All books (Sybex/ All-in-One/ CBK) are equally good. A lot depends on our learning style. Don’t get distracted by different people saying different things, their journey had been different, and their learning path may not be suitable for you. I can assure you, if you know and can apply concepts contained in any of these sources in and out, you will pass. Don’t depends on mind-maps and notes created by others, create your own. You will learn and understand more.

3. Exam Pattern. In the (ISC)2 exam, as per my experience (which off-course is very limited), you will see:

· 30% direct questions (easy to answer, if you have gone through your study material)

· 30-35% cross-domain, based on understanding of related concepts

· 30% close call, judgement based

· 5-10% you wouldn't have seen the topics; you will have no clue about, may be beta

Therefore, attempting thousands of questions from various sources, will only help marginally. Hence instead of focusing on attempting questions, focus on learning, which will pay off much better for your time and energy. 

4. Using Social media Groups/ Internet Sources. I suggest that information shared in discord groups and reddit etc., should be taken with a pintch of salt. Don't overindulge in them at the cost of your studies. For example, if you are using Sybex and you read about the success story of someone who rates AIO much higher, then you will have doubt whether your strategy is right or not. Similarly, someone asks a stupid question in discord which you get wrong, and you are about to appear for your test, that will shake up your confidence. It only prolongs preparation time without any real value addition. No offence meant to my friends in these groups. I would suggest that you give dedicated and undivided attention to your study plan. 

5.        Specific Study Plan for CISSP/ CCSP

(a)      First Learning Resource. I generally recommend using an audio/ video source as your first source, primarily because they cover broad overview of all topics of the exam in 15-20 hours and you could hear them many times over thereby reinforcing the basic concepts. This will give you a mile-wide overview of the certification topics. Enrol for any audio/ video course from LinkedIn/ Cybrary etc. For CISSP, I recommend Kelly Handerhan's audio course and for CCSP, I recommend Mike Chapple. Both LinkedIn (one-month subscription) and Kelly’s audio files are free. Now install VLC player in your smartphone. Play video files (as audio)/ audio files as domain-wise playlist. You could listen to them while you are commuting/ jogging etc., Listen them as many times are required until you know everything they are saying and can predict what they are going to say next. This should take about 2-3 weeks prep with 15 hours devoted to study per week.

(b)      Second Learning Resource. Once you are comfortable with the material covered in the audio/ video course, move on to the main study material for inch-deep understanding of the concepts. Read your main book (Sybex/ AIO/ CBK) once back to back. Second time around start taking notes. I would recommend using Sybex for CISSP and AIO for CCSP. Feel free to use any other resource you prefer. As you go through the main resource, please try to relate it to your daily routine. For example, apple was also falling even before laws of gravity was postulated by Newton. Thus, all knowledge contained in any “Common Body of Knowledge” has come from learnings from years of practice. If you try to relate topics and concepts to your environment, it would be easier to understand and there would be no need to memorize. Further, it will help you with understanding based questions in the exam. This would take roughly 2 months for CISSP and 1 month for CCSP depending upon your speed.

(c)       Attempting Mock Tests. Please select a resource which is authoritative. The questions and their suggested answers, we see in various social media and internet may not be accurate. If we imbibe wrong answer, we run the risk of doing them wrong in real exam. Therefore, I suggest doing at least sybex for CISSP (https://www.efficientlearning.com/) and AIO for CCSP (desktop installer). These are free with respective books (hard and digital edition both). You should start attempting questions, once you are confident with first learning resource and have gone through second learning resource at least once. The idea behind mock test should be to identify weak areas and augment your learning resources with additional materials from the Internet. During practice tests, try learning dissection of questions and glean hints for close call questions of real exam.

(d)      Final Studies. Once you are confident about your first and second learning resource contents, go through official exam outline and see if you have missed something. Augment gaps with additional resources. I however, also recommend that you skim through CBK of (ISC)2, just to familiarize yourself with their phrasing of sentences and questions.

Hope this article helps my fellow professionals in channelizing their energy in devising their own strategy for effective preparation for CISSP and CCSP. I wish the certification aspirants happy learning and standby to welcome them to CISSP and CCSP club. Please feel to reach out to me with any queries you may have.