CISSP- My journey into Unknown!
Krishnan R.
Certified Information Security Architect | IT Auditor- Security/ Infrastructure | IT Security Risk Management
**Long Post Alert!!**
I provisionally passed CISSP on 7th October with 100 questions in 120 Mins and was certified on 30th October 2020 after a successful endorsement process. This was my 1st attempt. Four months of efforts paid off. This is by far the most gruelling exam I have attended. I felt CISA was far less demanding which I cleared last year.
My Experience
I've total of 12+ years in various domains. Since being a Commerce & Finance graduate, I spent 1st 4 years of time in accounting related roles. After that I had chance to work for ITGC controls & Audit, which changed my path into Info Security & IT Audit area for the last 8 years.
Preparation Experience.
Precisely on June 5th, I started preparing for CISSP. Being a Non-Technical graduate, I had to put in lots of efforts in understanding System architecture, networking and SDLC areas. Though my experience in IT Audit domains helped a little, but it was not way near the vast area to be covered in this exam.
I completely isolated myself from the Social Media, OTTs and other distractions. I prepared a full project management chart and slowly started preparing by setting off targets for each week and months.
As days started nearing, I started attending full-fledged mock exams from Sybex 8th Edition, ISC2 official Test 2nd Edition and BOSON. I only got 70 Plus % on avg. on all these tests. Made silly mistakes. In fact, the fear and confusion started to build and I started questioning myself if I'm even ready for this exam.
I made sure that I spend at least 2 hours (on average) every weekdays and 8-9 hours during weekend. I generally sat after 10.30 PM every night after I’m done with office and personal work. There were good days and bad days. Some days will be super productive, and I was able to go even until 3 AM and some days were quite tiring, and I wouldn’t go beyond 11.30 PM. Some days I’ve challenged myself on why did I sign up for this? Lol.
However, with the help of my sweet mentors and groups like subreddit, I gained little bit confidence and courage and convinced myself to make an attempt to give the exam. For the days nearing exam I even had sleep issues due to fear and stress.
Last 2 days to go for the exam I completely lost all the interest and motivation to study any further. I felt totally brain drained. Just a day before exam I only gave one BOSON repeat exam and rest of the day I relaxed. I made sure that I had a good night's sleep before the exam.
Materials I mainly used:
Thor Videos from Udemy and Plural Sight: It gave a good head start for the whole journey. Using good videos to start the CISSP is quite essential. It helps us to understand the basic elements of different domains and the topics covered.
Sybex OSG 8th Edition: Best material to start your reading. Gives a depth of concepts to make our understanding easier. I would recommend registering for the Wiley Online module as given in the back of the book for online mock tests and flashcards.
ISC2 Official Test 2nd Edition: The test questions makes you understand your gap and focus on the areas that you are lagging. If you have this material register for the Wiley Online module as given in the back of the book for the online mock tests.
BOSON: If it was one material which truly gave me lots of pace it was BOSON Test bank. In my opinion it over prepares you, which is good. Focus on the explanation for both the correct and incorrect answers. Refer the white-paper links for better understanding of the Technology. Also, be mindful that exam may not be testing the minute technical details, however you must have a sound understanding with them to make a decision for the answers in the real exam.
Other Materials: The-memory-palace-Prashant-Mohan, 11th CISSP by Eric Conrad and Sunflower. Found them quite good for the last-minute ref. points.
Please note that exam is about Common Body of Knowledge, which a security professional is expected to be aware of with a reasonable experience. So, it’s advisable to refer 2-3 consistent materials like Sybex, SHON HARRIS and BOSON.
Study Pattern
I created a project plan for 120 days before even starting the CISSP journey. I made sure that I’ve all the major resources to start with. I never wanted this to go beyond 120 days (4 months) considering I’ve other personal things to do.
I started off with Thor Pederson videos to get a insight on the topics covered under each domain. I made some bookmarks in the notes to revisit on the areas which I couldn’t understand in the 1st take. It took me two weeks for me to complete them.
Then the big thing comes. Reading the Official Study Guide. This was bit brain draining for me. Since, I was not originally from the IT background in my education, it took me lot’s of time to cover domains like 3, 4, 5 and 8. Generally, I’m a slow learner. To make sure that I understand a particular concept, I took time in reading it several times.
Since OSG is divided into 21 different chapters out of these 8 domains, after completing each chapter I took an assessment given after each chapter. This helped me to identify the preliminary areas of gaps. It took me almost a month to complete the 1st full read of OSG. I pasted sticky notes with quick notes in my dashboard to read it whenever I see them.
After completing the OSG almost twice I started taking domain wise tests from ISC2 Official Test 2nd Edition. Things started getting smashed when I started attempting questions. I would feel like demotivated on seeing my answers. However, I focused on why I went wrong and how I can better understand the topic. Also, I always focused on the rationale rather than just memorizing stuffs. Having had the experience of preparing for CISA last year helped me a bit. I was more focused on why I’m making mistakes and the areas where my knowledge is having a gap. I took time to understand every bit of it. I never omitted any concept or area.
Once I gained a little confidence and with just 20 days to go for the exam I started with BOSON question bank. It was by far one off the best decision I made. BOSON question bank was hard to crack. It made me to consolidate my knowledge quite well. On an average I scored only 70-73% in it. However the focus I made on the incorrect areas helped me.
Exam Experience
True to all who say, this is an exam of it's kind and it's a beast. No matter what you study and what best material you use, the exam still catches you off guard.
On the day of the exam I got up just at 7.30 am. Made my tea and relaxed with the morning newspaper. Then as I got ready for the exam with breakfast, I was just relaxing myself with few humour videos. Then with tons of prayers, I started off to the exam centre early. I wanted to get an hour before the exam which was at 11.30 am. While on the way to exam I glanced a little bit on the memory palace by Prashant Mohan, only to find out that it's making me even more nervous and closed it.
After reaching and completing all the formalities, I meditated for 5 mins and encouraged myself. Since the administrator told that I'm allowed to start the exam, I composed myself and went for the battle.
After accepting the NDA, the exam started. I was like blind folded. It took me 1st few questions to realize that the exam is no way near what I've prepared. For the 1st 30 questions, it took me more than 50 minutes to complete. Halfway through the exam I decided that I'm not going to make it. I even started thinking how the hell am I going to prepare for questions of these kind for my 2nd attempt. Then when I saw the clock I panicked, and I paced a little bit faster. I reached 100 questions when it was just 62 minutes left for the exam. Fear started gripping when I was doing the 100th question. After I completed the answer for the 100th question and clicked next, the system showed the message that the exam ended. Honestly, I expected that the exam would go until 150 questions.
I was thinking that system has given a clear message not to waste it's time. I composed myself and was only thinking that how I'm going to prepare for the 2nd attempt, while walking to the admin. Then when I went to Admin, he told me to clear the exit formalities and clear the personal locker before collecting the result. Just few steps away from the admin section, it was the longest walk I made. I was shivering and sweating.
Then I went to admin to collect the result. With No expression in his face he handed over me the result slip. Hola, I saw the message Congratulations! I passed. I couldn't believe myself. Was pinching myself to check if it's a reality. I was staring at result paper and was swallowing the result. I was clearly underestimating myself all this time. The joy of passing is inexplicable after the months of hard work and sacrifices.
10 Tips for the Aspirants:
Understand the concepts in depth. Memorizing never helps (at least for me it didn't). Brainstorming the concepts can help in understanding the concepts in depth. Mostly exam tests on the decision that will be taken by a manager or a leader or a consultant in a particular situation. So, you should challenge and reason yourself on why use a particular technology compared to other.
Practice as many questions as possible. I practiced close to 4000 questions. This will be preparing your mind for this battle. Use only reliable materials like Sybex, Wiley, BOSON and other popular sources.
Mistakes are good. The more the number of mistakes you make in the practice tests make you prepare for the actual exam if you take time in addressing the root cause for that wrong choice.
Co-Relate and inter-relate domains. This is by far one of the most important tip. Understanding the cross-domain implications while studying really helps.
During exam reading the question and choices twice really helps in eliminating the choices and finalize on the correct answer. Sometimes the choices given will be extremely similar other than few small details. So, it can be a close call.
Never assume things while answering. Things not given in the question or choices need not be assumed.
Time Management is extremely important. Based on my experience, we always need to assume that we will be tested for 150 questions and keep sufficient time for the worst-case scenario.
Right from the Day 1 to the exam Day, have a project management and target milestones in place. It really motivates us (At least it did for me). Also, keep sufficient buffer times to compensate for the lost days.
I recommend not to be in too many forums and try attempting all the questions posted by everyone. Based on my experience I can say that few users put questions from different Non reliable sources. Sometimes these questions confuse us even more.
On the day of exam relax and reflect. No last-minute preparation can make us ready for this battle. It only adds panic which might be a detrimental factor.
All the Best. It is certainly doable exam.
#CISSP #ISC2 #CISSPJOURNEY #Achievement
Digital Audit Senior Associate
1 年Thank you for sharing Krishnan R. ISMS LI this is insightful.
?? Zero Trust IAM Maverick | Global IAM Leader | Zero Trust & NIST Advocate | IAM Strategy | IGA, AM, CIAM, PAM, CIEM, IDaaS, MFA | SSO & Federation | Converged IAM | M&A IAM Integration | Pre-Sales & Advisory
4 年Congrats and you are a good story teller.
Congratulations Krishnan, Got some valuable information here. Please share your preparation journey for CISA as well.