Preparing for CISSP!

tl;dr
Securing CISSP certification took me these 3 straight forward steps, build your appetite, commit yourself to a targeted study calendar and plan your 6hrs.

This blog is an unofficial reflection of what I believe what it takes to pursue CISSP (Certified Information Systems Security Professional) certification.

Know your appetite and develop on it

You always have a strong reason why you want to be a CISSP. It may vary from building a bright trail in your professional career to mere paranoia. If you have a mix of many reasons, you have a company :).

Your passion towards cryptography and security systesm is a very important catalyst here. If you are a person who wonders how HTTPS does the server auth, SSH PKI system functions, digital currencies/signatures work, RSA key fob does its magic, surveillance system tracks the evils etc. etc., you have it in you.

Develop on your interests and find ways to feed your passion. Follow internet security portals (like securityweek, krebsonsecurity, darkreading etc.), crypto blogs (like Moxie’s, Adam’s etc. ), dissect security incidents and their root causes, take online video courses from renown sources (coursera, MIT OCW etc. ), brush up your basics on cryptography and maths etc.

Study plan

You start with the exam blueprint downloaded from the ISC2 site. There were a few sources which I used the main study materials. Among them, 60-70% of the topics were covered in All in One Exam Guide by Shon Harris, which was based on the previous 10-domain syllabus. I also bought the official study guide from ISC2 to cover the changes that were introduced in Apr 2015 (8-domain restructuring). Also video lectures available on youtube helped me to be in touch with the domains expecially during burn out times; as a good watch during my official commutes.

When it comes to internalizing something new, I am old school. I read, recollect and jot them down. This really helped me to make quick notes for reviewing later. They come handy during the last few days to the exam. There are practice tests available from Shon Harris as well as online (cccure). They are good to make sure that you span all the corners domains. Do not expect any direct questions from these sources.

The whole idea is to digest all 8 domains which include both technical and non-technical ones. My recommendation is to gain an expert hold on at least 4 of them to pass the exam. I was more lenient to ‘Security Engineering’, ‘Communications and Network Security’, ‘Security Operations’ and ‘Security and Risk Management’ in that order.

Set your target date and register well in advance

Thats what I did. I registered for the exam almost 2 months in advance and tightened up my preparation schedule with the exam date in mind. The last 4 days to the exam, I was officially off from my work dedicatedly revising the domains. Took as many practice questions as I could. Read about the experiences and recommendations from CISSPs in blogs.

Keep referring the ISC2 site for any announcements or changes in patterns or exam related instructions at least once in a week. Read the instructions in the hall ticket and make sure that you are all set.
Call the pometric center a day in advance to avoid any last minute confusions about the exam center or rules etc.

Try to avoid as many distractions as you can. Go low profile on social activities. Tell your closests how busy you are for whatever reasons.

On the day of exam

On the exam date, go medium on food and keep a couple of caffeine doses (RedBull for example) to sustain 6 hours of high level concentration to the questions. Since the break times are counted in, you might want to keep it short just to refresh yourself with a sip of your drink, stretches etc..

More importantly, decide on your timelines and plan your breaks. (for example, first 50 in 60mins… so that you can cover 250 questions in 5 hours… and you have 60 minutes left to review the questions… I consumed almost 1.5 cans of 300ml RedBulls in 3 parts, one before the start of the exam, the rest during the two breaks I took. The first break was taken at the 3hrs mark, second before the last hour which I reserved for reviewing the flagged questions. Oh yeah, don’t forget to flag the questions you want to revisit later. They will show up in the summary page for quick access before you submit.

I recommend attending all the questions in the first pass and choose the answer to your intuition. If I am really confused on the answers, I go by my first guess and flag it for review. This helps in case you end up in short of time for review. Do not leave questions un-attended. During review, I think I changed my choice on almost of 5 of the flagged questions playing “weed the odds out” game 🙂 .

“Submit” only once you are done. You get the result of your exam as soon as you finish your exam.

Best of Luck!!