CISSP Exam Preparation

CISSP Exam PreparationSo, the CISSP. Largely considered the gold standard by business types around the world, I finished the certification process last month and found everything underwhelming. Here’s what I did for CISSP exam preparation!

CISSP Exam Preparation: Books!

I picked up the official study guide and the official practice test book and that was the vast majority of the studying I did. I studied out of the book with a highlighter off and on for six months, and attended a five-Saturday class offered by my local ISSA chapter. I bought the official Android study app, but the testing mechanism was a buggy mess that would crash from memory leaks after 50 or so questions.

If I had to do it again, I’d just buy the official study guide and nothing else. The book covers everything in an easy to grasp format, but it’s a doorstop in size. Limit yourself to a chapter or two a week and really try to soak in and understand the concepts before moving on. That way, you can come back and review the chapters relatively quickly and cram immediately before the test.

Time costs the most; I spent less than $100 on my study materials. Time spent reading, time spent with flash cards, time time time. Much as I spent hours on the material, I don’t feel I am a significantly stronger security consultant. I feel like I’m a stronger CISSP test-taker.

CISSP Exam Preparation: Takeaway

The only solid advice for the test itself is to get a good night’s sleep and eat a decent breakfast. Six hours is plenty of time. For me, the test itself was anticlimactic. I finished at the two and a half hour mark, and spent another thirty minutes reviewing all 250 questions. I felt strong on half the answers, reasonably good about another quarter, and no idea on the last quarter.

The “you passed!” certificate certainly feels good, but having the CISSP on your resume, by itself, really shouldn’t mean a lot to employers. It’s a mile wide and an inch deep. Spending extra hours on practical security endeavors is a better way to up your security game (maybe the OCSP?). That said: the CISSP is something employers do look for, good or bad.

Leave a Reply

Your email address will not be published. Required fields are marked *