Monday, August 1, 2022

How I Prepared for the CISSP Exam

By Joseph Montes, CISSP

CISSPIn 2021, I decided to pursue the CISSP. I was looking for a certification that would help me to stand out and prove to myself and my peers that I know my field. I had experience in Unix, Irix, Linux, Windows, Networks, Servers, storage, project management, virtualization, telecommunications, terrestrial and submarine networks. I had some certifications and a master’s degree in Cyber Security. CISSP seemed like the most sensible progression in my career.

STARTING MY JOURNEY TO CISSP

Things started simple enough. I researched what I needed to know. I started looking at Reddit, Discord and Twitter for any information on how to study for my CISSP. The results were consistent; this is not a certification you can cram for. You need technical experience in all the domains and to be willing to read, read, read and read. I was able to take a course with a training provider, which was helpful. One underlining theme repeated throughout the course was that there are no question banks online, you must read all study materials.

EXAM SET UP

This is the most important advice you can be given: you are studying material for a test which you do not know the questions. Regarding other vendor certification exams, if you take enough tests or question banks, you will eventually glean enough information to grasp an idea of what the actual test questions can be. How many ways can you answer, “what is “NAT,” “OSFP,” or “GREP”?” If you review enough questions, eventually, you can surmise an actual question.

CISSP is not this way. You study questions like an engineer but must remember that when you sit at the terminal, you are not an engineer but a manager. If you can’t change your mindset, you are doomed. CISSP Prep

HOW TO STUDY

I started with a course from a training provider. I purchased three books: Official (ISC)² CISSP CBK Reference, CISSP for Dummies, and a book from Audible. The audio book was excellent but tricky when they spoke about websites; however, easy to listen to and helpful. CISSP for Dummies was an easy read and pretty good, but not much substance. The best book for me was the official (ISC)² guide. This is the only book you need. It is long but has everything you need to know. You will need to read it at least three times. 

It is not all doom and gloom. I broke studying into three parts:

Step 1 – Video: I watched the training course video from a training provider, twice.

Step 2 – Reading: I read CISSP for Dummies to get my mind right, listened to an audio book and read the Official (ISC)² CISSP Study Guide.

Step 3 – Test Banks:  CISSP for Dummies, a training provider and the Official (ISC)² CISSP Practice Tests are perfect for getting your confidence up, but none of the questions are on the test. I suggest taking at least 4,000 queries and remembering it is the explanation. Memorizing the answers is a waste of time because they are not on the test. The questions to the test are the explanations to the questions. That is the trick. Even if you get the question right, look at the answer. If you get it wrong, understand the reason.

Six Months from Test Date: When you are six months from the test date, start picking your weakest chapters in Official (ISC)² CISSP CBK and review, review, review. Read the test banks' explanations.

One Month from Test Date: When you are 30 days out, change your tactic. Read What You Need to Know About (ISC)² Exams where it breaks it down into each step in the exam process and review this video of what to expect in the test center.

Test Day: They say stop studying the week before and to relax. Not me, I kept reading until about an hour before my exam. I already lowered expectations by telling myself I was going to fail. The Computerized Adaptive Test (CAT) for CISSP has approximately 125-175 questions and about 50 of them are pre-test items and therefore are not scored against you. So, you will get questions wrong – a lot wrong. If you keep your cool, this is a gift. The test is adaptive and will hammer you when you get a question wrong and move on if you know a topic. Again, a blessing and a curse because when they change cases, you won’t see it again.

On the test day, I sat down at the terminal and thought to myself, “let’s see how close I get to passing.” The least number of questions you can take, and pass, is 125. Make sure you read ahead of time about the CISSP Computerized Adaptive Testing process. 

It felt like I got my first three items wrong. I thought I was in trouble. Note: there are no sample tests online, no accurate exam dumps. My sponsor advised me that if I thought that all the answers were wrong; go with the slightest wrong and think like a manager. I was picking the least evil. Each question I thought would be my last.

After answering 90 questions, I was excited. I told myself, “Slow down, don't rush—plenty of time. Relax. Read each question twice. Read it once, read the answers and read the question again before answering.” Remember, think like a manager, not an engineer. I then hit 100. I was like, I do know this stuff. Then I stopped. Took a break and gave myself a mental pep talk, “I have 45 minutes, keep your cool and relax.”

On question 125, I had a question I initially answered like an engineer and then I changed my answer to be more in line with a manager’s thinking. The screen went blank, and I knew I had passed.

The exam is not impossible. But it is a cumulation of life experience, studying and mastering an exam. Everything you need is in the (ISC)² study guide. The question banks are helpful, but it is the explanation you must know. You cannot memorize the material; you must know it. The cost and the penalty for failing is brutal. This is a certification you get towards the middle of your career. It is a badge of honor and validation that proves you know your stuff.

CommunityPlease stay away from test banks online, they are suitable for practice, but there is not one single question from them on the test. Don't fall for posts saying, “some of the questions are still valid.” It is a lie. Use them for prep, but I recommend (ISC)² Study Guide and Practice Tests, CISSP for Dummies, or the training provider’s questions. Again, these are only suitable for getting you in the mindset, and the explanations are essential. If I had one option, I would use the (ISC)² Study Guide. The latest has over 100 more pages than the older one, and I read both so that I would recommend the latest version.

Connect with others who are preparing for the exam in study groups such as the (ISC)² Community Study Groups for each exam.

Finally, you’ve got this. Relax, take your time. Read the questions twice, take a break, and remember you will get questions wrong. Don’t panic. The funny thing is, I couldn’t even remember a single question from the test once I was done. I just knew I had never seen a question before, and I went with the best answer. I could have argued why the others might be right but go with the information provided. Don’t over think it, go with the facts presented and choose accordingly. Again, you’ve got this. You have prepared your whole life for this.

The post How I Prepared for the CISSP Exam appeared first on Cybersecurity Insiders.


August 02, 2022 at 09:09AM

0 comments:

Post a Comment