onfvp

Ashley Pearson

A Basic DFIR Blog

How To Pass...CISSP

Exam Preparation Guide

Ashley Pearson

5 minutes read

The idea of passing this infamous exam is rather daunting and can be overwhelming. If you’ve recently embarked on this journey and are in search of tips and tricks on how to tackle this beast then look no further. This post outlines exactly what resources you need to pass CISSP.

What is CISSP?

Straight from the Internation Information System Security Certification Consortium (ISC2) site:

The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.

The exam itself uses Computerized Adaptive Testing (CAT), which essentially means it will actively adapt to your ability level as you’re taking the test. That is, the number of questions you see will depend upon the correctness of your responses. The more you demonstrate your understanding by selecting the correct answer the fewer questions you will ultimately have.

CISSP Exam Domains

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Experience Requirements

Minimum of five years cumulative paid work experience in two or more domains

Note: Earning a four year degree or regional equivalent or a credential from the ISC2 approved list will waive one year of required experience.

If you provisionally pass the exam you will need to submit an online endorsement application to validate your work experience. It takes a few weeks but once approved you will receive official notice from ISC2 congratulating you on earning your CISSP title.


Personal Experience and Background

Prior to sitting for the exam I had about 6.5 years total experience: ~4 years as a “jack-of-all-trades” system admin including working with servers, workstations, and firewalls; change and configuration management; and vulnerability management. The remaining ~2.5 years were spent in the Information Security realm as a Security Operations Center analyst (incident response and purple team).

Certifications: CompTIA triad, EC Council Certified Encryption Specialist, GIAC’s Certified Forensic Examiner and Certified Incident Handler.


Resources Header

CISSP Bootcamp

I was fortunate enough to use Tuition Assistance (TA) to pay for a week long CISSP bootcamp. Although the information was useful I don’t think it’s necessary if you put enough time and effort into studying. One key takeaway I highly recommend: regularly brain dump or actively recall important topics or terminology like the CIA triangle, access control methods, names of the security models. The repitition and active recall over time will really help those concepts stick.

Study Guides

My bootcamp provided proprietary study materials that I unfortunately cannot share. However, there are many other highly recommended study guides available:

Recommended Reading

Eleventh Hour: This isn’t an official study guide by any means but I recommend grabbing a copy purely for review purposes. Using this book alone won’t guarantee a pass but it’s perfect for reviewing the material the week before you sit for the exam.

Cybrary

Kelly’s Cybrary videos: Look, Kelly Handerhan is honestly your ticket to passing this exam. All of her videos are gold, but the database and Kerberos Carnival videos are especially useful. She breaks down Active Directory authentication and Kerberos so well that I still use her analogy as a refresher and to explain Kerberos to others to this day. I would listen to the audio from her videos every opportunity I had and I highly suggest you do the same.

YouTube

  • CISSP Exam Tips: You Need to Know the SDLC!“: For me one of the hardest concepts to nail down was the Software Development Lifecycle simply because I just didn’t have any experience with it. If you are in the same boat you need to watch this! Seriously, I think I watched it 15 times just to make sure I understand each step in the process. I also watched it in the car right before my exam to make sure it was fresh in my mind.

  • Larry Greenblatt: Kirk and Spock Videos: Personally, I recommend skipping the first few minutes and going straight to the practice question section. He goes through each example question and explains his rationale for each correct and incorrect choice. The videos in their entirety are great review but the practice questions are just invaluable.

  • Larry Greenblatt: “CISSP 2018 Exam Tips

  • I Like To Hack Things: “How To Pass CISSP In 1 Month

  • Kelly Handerhan: “Why You WILL Pass the CISSP

Boson Practice Tests

The Boson ExSim-Max for CISSP is worth every penny. This software comes with five individual practice exams and normally costs $99; however, they regularly have sales and coupons available for anywhere between 15-25% off full price. Word of advice: Only take each practice exam once to avoid question memorization.

Reddit

The CISSP subreddit is full of amazing resources and people who are studying for the exam or who have passed and are willing to share their own tips and tricks. Many of the resources I have listed are also recommended in that subreddit.


Study Methodology

Initially, start a review of each domain just to get an idea of what information you may be tested on. The exam outline details each domain, sub-categories and objectives, and lays out exactly what you need to know to pass CISSP.

  • Daily:
    • Active recall of previously studied material
    • Listen to Kelly Handerhan Cybrary videos - during your commute, before bed, while you’re getting ready in the morning
    • Find YouTube videos, additional study material, and read your study guides on any topics you’re shaky on
  • Weekly:
    • Take a Boson practice test and gauge your readiness in each domain
    • Focus your studying on any weak areas
  • Exam Week:
    • Read Eleventh Hour - keep it light and just review one domain every day
    • Don’t cram study - methodically review and do light review to prevent burning yourself out
    • Get plenty of sleep!

Exam Day

Are you ready for a cliche? Don’t be nervous on exam day. If you’ve studied and prepared enough you’ll absolutely be able to tackle this exam. Good luck!


Source

  1. ICS2 CISSP Information

Recent posts

About

Threat Hunter & DFIR Enthusiast