My CISSP Exam?Strategy - prep & tips

Version 1.1 October 2022 (Original Version 1.0 February 2022)

Here you'll find my CISSP Exam Strategy - just keep in mind what worked for me, may not work for you.

Disclaimer: This is an opinion piece from my personal perspective. I advise candidates to read other strategy guides and come to their own conclusions. I will not be held personally liable or responsible for exam fails. Reader-beware and perform your own research and exercise due diligence in your preparation.

"You must never think of the whole street at once, understand? You must only concentrate on the next step, the next breath, the next stroke of the broom, and the next, and the next. Nothing else."

―?Michael Ende,?Momo

A brief mention

To pass the CISSP you need a score between 700 - 1000. Pass rates are not published, but according to speculative sources <= 50%. The exam is described by some sources as having an adaptive mechanism whereby with each correct answer you will get more difficult questions and if you miss questions then you will get easier questions. A large question bank ensures that you shouldn't have the same questions at successive sittings.

Keep in mind the following:

• if you are tracking between 700-1000 (likely much higher than 700) at 125 question mark that it is probable that you will finish early and pass the exam
• if you are on a trajectory that means that >700 is still achievable you will have 50 more potential questions to pass (175) (unless see below)
• if the trajectory means that you are unlikely to achieve 700 (e.g. you are sitting on 500 with no possibility of higher score) then the exam will finish early and you will need to re-sit at a later point. This can occur at any time (e.g. could be question 70 or question 124).

Here is a link to ISC2 FAQ re: exam scoring that is the official source - Exam Scoring FAQs | (ISC)2 (isc2.org)

The exam is 4 hours long following revision last year (up from 3 hours), with boosting of question numbers to 125 or 175 questions (see below).

• Note: Keep in mind that the earlier iteration of this exam was 6 hours duration and around 250 questions... hence, less onerous than 10 years ago for Western countries (although still this format for Chinese version of CISSP - https://community.isc2.org/t5/Member-Support/Is-The-CISSP-Exam-Rule-in-Chinese-Changed/td-p/43716 ).

"Mile-wide and an inch-deep"

This is a tough exam due to it's breadth. Spend time formulating a strategy that works for you and spend enough time to study. A week for most people won't suffice and often people will spend 6 months studying for this exam. Shorter time frames are possible but reliant on background knowledge.

I've included a link at the bottom to a deeper dive article that includes further perspectives. For this article, I've tried to keep the article light weight. I believe that half of the challenge is getting into the right mindset, and hopefully the deep-dive article will help describe an approach in-depth.

My CISSP Exam Strategy

I had a relatively short preparation time frame (for myself) and sat this exam a little over 2.5 months. Ideally, I would recommend taking your time as opposed to cramming this exam. If you have 6 months where you can study intensely (rather than super intensely) I think is way better.

Strategy was quite simple in the end:?

1. use every available moment to study (that I wasn’t doing anything else), start with a chapter a day (where possible) — some chapters took few days and some a week due to other busyness. Many days awake till 2–3 am then wake at 6am then goto work?
2. Do practice tests once finished reading book (ended up being very close only 2 weeks) and do as many questions as possible, look at explanations/reasons and read any material I didn’t understand

If I had more time I would have read the official course book 3 times, but only had enough time for once.

Extra details:?

1. I had several connections who had done CISSP and I reached out to ask some questions (recommendations on books/courses etc). I have self-funded — so didn’t have $$$$ to spend on boot camps etc.?
2. There were people also who posted their CISSP exam completion — I connected with those who posted tips and messaged me for their recommendations. These people had a longer prep phase (6 months), which in retrospect would have made me better prepared/confident.?
3. Initially I tried to do online courses, including through Cybrary, but quickly realised that I needed to know far more detail. If you have time and money then maybe use Cybrary. They had a really good course that I trialed when they were running a??1 week promo.?
4. An important tip was to do lots of practice tests after reading the book. Probably for the last 2 weeks I was doing between 200–400 questions / day. I would read around questions/areas that I was uncertain/forgotten. I would have liked to do more but work a super busy job and finishing up post-grad studies (with assignments) and other stuff?
5. The main book that I would recommend really is the official Sybex CISSP study guide. Some people don’t recommend (plus it’s 1000 pages), but to be honest, a lot of the detail is there already. It’s got a weird set-up where modules are combined for chapters and some material sooner/later. There is no escaping covering all material (and extra) from this book.?
6. Other books that I used were 11th Hour CISSP and CISSP for dummies. I used the CISSP for dummies book just as an alternate source to cover topics I didn’t quite get (e.g. Bell La Puda / Biba / Clark-Wilson models and orange book)?
7. Test books included CISSP practice exams by Harris & Ham. Official Practice tests from Chapple and Seidl.?Boson was the other source. (link to Boson - Network Simulator - IT Practice Exams - Training | Boson )
8. I also had this course and practice tests from Mohamed Atef. He gave some helpful tips and prep content — https://infosec4tc.teachable.com/p/the-ultimate-information-security-certificates-bundle/
9. The CISSP sunflower was the item that was recommended from the course teacher. This was probably one of the more valuable resources.?Sunflower-CISSP.com
10. Last points to mention is that I had good knowledge from teachers at university covering general concepts and an excellent paper on network/security and privacy with hands-on couple of years back at uni. Recently completing certificates for Alibaba and Microsoft and other professional certs for the last year also lessened the gap if that helps. Keep in mind that you may have your own experience that lessens or increases the gap.
11. Finally, some people suggested to use "CISSP: How to Think Like a Manager" and this sounds like it would be good for those people who are technically inclined. Several questions require a different mode of thinking than what you might think from a technical angle.

Analysis tables?

Note: this is from pre-May 2020 for Official CISSP study guide but likely that it still applies. I think this is a good way to think about prepping from the book.?

A suggested order for the book by domain is: 5,6,8,2,4,1,7

I have provided 2 tables that give an idea of domain cover and number of pages. I would suggest that you run your own math on the latest edition but to me, this is one of the most logical ways to understand which domains are the highest point scoring first.

Additional Links

Deep-Dive Article - CISSP Exam Strategy— Tips and Tricks to passing this mammoth exam | by Derek Buchanan | Feb, 2022 | Medium