What's the best way to prepare for the CISSP?
January 31, 2012 11:08 AM Subscribe
What is the best way to prepare for the CISSP exam?
Currently, I hold a CISA, CIPP/IT, and Security +. I am going to be taking the CISSP exam in the middle of the year and I am looking for tips from some of you on how best to prepare. For my other certification exams, I just got a book and studied. However, I hear that the CISSP is a beast, which is a little intimidating. I have been offered the options of taking the CISSP boot camp at a cost of $2500 but I am not sure if it's worth it. Please could you guys share some insights please.
Currently, I hold a CISA, CIPP/IT, and Security +. I am going to be taking the CISSP exam in the middle of the year and I am looking for tips from some of you on how best to prepare. For my other certification exams, I just got a book and studied. However, I hear that the CISSP is a beast, which is a little intimidating. I have been offered the options of taking the CISSP boot camp at a cost of $2500 but I am not sure if it's worth it. Please could you guys share some insights please.
I have a CISSP, and I found the best was a mix of bootcamp, a prep book (I used this one from Shon Harris), and online prep. If someone else is footing the bill for the $2500 bootcamp, go ahead, but paying 4x-5x the cost of the test out of your own pocket is IMO way too much. There are other courses for much cheaper.
posted by zombieflanders at 11:50 AM on January 31, 2012
posted by zombieflanders at 11:50 AM on January 31, 2012
Response by poster: Yeah, my work is willing to cover the cost for the boot camp and study materials.
posted by RedShrek at 11:51 AM on January 31, 2012
posted by RedShrek at 11:51 AM on January 31, 2012
iamabot, are you thinking about the CCSP? The CISSP is not a Cisco or network engineering certification, and is completely different in nature than CCNP, CCSP, or CCIE. Actually I would rate it as easier than all of those, but it is more of a long-term grind (other than CCIE).
What I did was this (YMMV because I had a lot of cross-domain infosec experience going into it):
-Watch this CBT start to finish. Pure gold, Clement rules, and it's free. Will give you a great introduction about what the exam actually is.
-Buy Shon Harris "All-in-one" book. Now, you cannot read this book cover-to-cover without adderal or something, but I found a good method to get all of the "juice" out of it. At the end of the chapters there are bullet points, and questions. Read all of these (I wrote them all down several times, to help with retention), and note any ones that you aren't absolutely 100% confident on what they are saying. Go in the chapter and read any information that pertains to your "questionable" bullet points.
-Gain access to the CCCure.org practice tests. They used to be free, but now they are very cheap. By the end, I was doing 250 question practice tests until I scored 90-95%.
This is literally all I did. I walked into and out of the exam with confidence.
I studied 10 hours per day for 14 days. Not ideal, but I was in a situation where I had to get the certification very quickly.
posted by robokevin at 11:51 AM on January 31, 2012
What I did was this (YMMV because I had a lot of cross-domain infosec experience going into it):
-Watch this CBT start to finish. Pure gold, Clement rules, and it's free. Will give you a great introduction about what the exam actually is.
-Buy Shon Harris "All-in-one" book. Now, you cannot read this book cover-to-cover without adderal or something, but I found a good method to get all of the "juice" out of it. At the end of the chapters there are bullet points, and questions. Read all of these (I wrote them all down several times, to help with retention), and note any ones that you aren't absolutely 100% confident on what they are saying. Go in the chapter and read any information that pertains to your "questionable" bullet points.
-Gain access to the CCCure.org practice tests. They used to be free, but now they are very cheap. By the end, I was doing 250 question practice tests until I scored 90-95%.
This is literally all I did. I walked into and out of the exam with confidence.
I studied 10 hours per day for 14 days. Not ideal, but I was in a situation where I had to get the certification very quickly.
posted by robokevin at 11:51 AM on January 31, 2012
I was referring to exactly the CISSP, I'm aware it is not a Cisco centric cert and my recommendation stands.
posted by iamabot at 11:59 AM on January 31, 2012
posted by iamabot at 11:59 AM on January 31, 2012
Okay, it's just fairly common for people to confuse ccsp and cissp and since you mentioned other cisco certs I wanted to make sure that wasn't the case.
I did have a couple of friends who went to a fancy bootcamp, one of them drank every night and failed the test, the other studied every night and passed.
posted by robokevin at 12:11 PM on January 31, 2012
I did have a couple of friends who went to a fancy bootcamp, one of them drank every night and failed the test, the other studied every night and passed.
posted by robokevin at 12:11 PM on January 31, 2012
Get the official guide to the exam. I sat for the test back in 2005, and while I couldn't find a copy of that book prior to the exam, I did see a copy only a few hours afterwards. Although I passed without it, that is the book I wished I had, and it's the one I recommend to most people studying for the test.
posted by deadmessenger at 12:32 PM on January 31, 2012
posted by deadmessenger at 12:32 PM on January 31, 2012
Read study guides, do practice tests. That's all there is to it. I'd get the official one and one other that people at work recommend.
robokevin also has great advice. I did everything he did (well, not as much studying, but I have a natural inclination for multiple choice tests) and did fine. The CCCure tests were what helped me the most, I believe.
posted by zabuni at 1:00 PM on January 31, 2012
robokevin also has great advice. I did everything he did (well, not as much studying, but I have a natural inclination for multiple choice tests) and did fine. The CCCure tests were what helped me the most, I believe.
posted by zabuni at 1:00 PM on January 31, 2012
If work will pay, do the bootcamp. It's the fastest way to get up to speed on what the test demands.
The thing about CISSP is that there's a very dogmatic side to it that heavily determines the answers on the test. Where relevant experience conflicts with CISSP doctrine, doctrine always wins, and a large part of the weeklong bootcamp I attended through work was just making those dogmatic aspects very clear to us. Practice exams won't necessarily make that obvious, while an instructor who's experienced in running the bootcamp will know exactly what to point out.
I had little prep before the boot camp, but had no problem passing the test afterwards. For study outside of the bootcamp, I reread the Gold book and worked through practice questions that came with it.
posted by fatbird at 1:33 PM on January 31, 2012
The thing about CISSP is that there's a very dogmatic side to it that heavily determines the answers on the test. Where relevant experience conflicts with CISSP doctrine, doctrine always wins, and a large part of the weeklong bootcamp I attended through work was just making those dogmatic aspects very clear to us. Practice exams won't necessarily make that obvious, while an instructor who's experienced in running the bootcamp will know exactly what to point out.
I had little prep before the boot camp, but had no problem passing the test afterwards. For study outside of the bootcamp, I reread the Gold book and worked through practice questions that came with it.
posted by fatbird at 1:33 PM on January 31, 2012
Response by poster: Thank you all for the great responses. I will sign up for the boot camp. I have also noted every link and book suggested in this thread. Again, thank you all.
posted by RedShrek at 7:38 PM on January 31, 2012
posted by RedShrek at 7:38 PM on January 31, 2012
« Older Legality of building a software application to... | A Real Leader Faces the Music, Even When She... Newer »
This thread is closed to new comments.
It sounds like you have a pretty good background in the field already, experience matters here. If you're not paying for the bootcamp (work is or whatever), It hink it's worth it for this level of cert.
Disclosure: I don't have any certs, but I manage a team of folks who have CISSP and multiple CCIE's under their belt and fund development and training for these same folks.
posted by iamabot at 11:14 AM on January 31, 2012