How I Prepared for the CISSP Exam

I just took the exam today, and I think I passed. I'll find out for sure in a few weeks, and update this page, especially if I failed, so people know to ignore my advice.

I passed the test! It took 34 days to get the results, however.

Three Study Methods

1. A Simple Textbook

text (9K) CISSP Guide to Security Essentials, 1st Edition, by Peter Gregory ISBN-10: 1435428196

This book is an introduction to the material, not really enough to prepare a student for the test in itself. I taught two classes using this book, so I knew the material in it thoroughly. And to be fair, most of the real exam asked for information that was in this book. But there were topics that were not treated in enough depth, and some of the explanations were not clear enough for me to really understand them well. I would definitely not recommend someone using this book as their only preparation for the exam--you won't be ready. But it was good for a first pass to get the main ideas.

2. Transcender Practice Exam

Then I used the Transcender practice exam. It was very good--not perfect, but good enough. I was under a lot of time pressure, so I did almost all my sample tests in 4 days, this way:

Day 1: 7 tests of 20 questions each. Each time I found anything I did not understand in the question or anywhere in the answer, I researched it either on the Web, or in Shon Harris' book (detailed below) until I got it down. On the first day I restricted each test to just one of the ten domains to make it easier to study the topics.

Day 2: 12 tests of 20 questions each on single domains, then 2 tests of 30 questions each, randomly chosen from all domains. I was getting much faster at the sample tests now. I still stopped to study anything I didn't understand, with special attention paid to anything I was getting wrong even after getting it wrong the first day also.

Day 3: 7 tests of 30 - 35 questions each, randomly chosen from all domains. I went back and read several sections of Shon Harris' book because I could tell I failed to understand some fairly large concepts. I must have studied the difference between a "Data owner" and a "Data custodian" ten times from five different sources, because I kept getting questions about that wrong every time until I wanted to scream.

Day 4: 9 tests of 50 questions each. I was getting really fast at this by now, and scored 90% or more on each test. I hardly opened any reference materials at all, because I knew the answers. I was only looking up two or three concepts on each test, and usually I knew the right answer anyway, but it had reminded me of something I was not clear about. Several more repetitions of studying the difference between a "Data owner" and a "Data custodian" with somewhat less urge to scream about it. I had originally intended to study on day 5 too, but I decided I was ready and decided to just spend day 5 resting and not touching any CISSP materials at all.

Overall, the Transcender exams were excellent, as I expected. I only found three clear errors in the 650 questions, and I sent them off to Transcender using the Feedback system, so they are probably fixed by now. There were a few topics in the practice exam that did not appear on my real test, but that seemed ok. And there were a lot of questions on the real exam that tested the concepts I had been provoked to study by the practice exam, so it worked well for me.

3. Shon Harris' Book

CISSP All-in-One Exam Guide, Fifth Edition, by Shon Harris, ISBN-10: 0071602178

This is a wonderful book. It is really big, but easy to read because it's light-hearted and funny, and the explanations of concepts are very clear and at the correct level. If you only use one thing to prepare you, this should definitely be it. However, I don't recommend using only one resource. To prepare for a certification test, I always use at least two different resources, so I get whatever the first author missed. I didn't actually read much of this book, but when I hit concepts in the Transcender practice exam that I did not understand, I usually found excellent, clear explanations here.

If you are taking, or teaching, a focused boot camp just to prepare people for the exam, this is definitely the book to use. It also includes a lot of practice questions, but I ignored them so I can't say whether they are good.

Many of the Transcender questions referred to an earlier version of Shon Harris' book. I think that means that although I had the latest version of her book, the Transcender test I was using was designed for an earlier version of the exam. But it seemed fine--I did not have any surprises when I took the real CISSP exam. There were no topics covered that I had not seen before. There were some questions that confused me, but none that were completely new to me. So if there are any things that changed with the latest test, they must have been covered in the first textbook I went through. This is another reason I always use two or more different sources to prepare.

I hope this helps people prepare. This was a valuable experience for me, and it is definitely respected in the profession!

--Sam Bowne, 8-27-10