Computer Information System Security Professional (CISSP) Credential is an aspiration for almost all security professionals who wants to grow up higher in the ladder. Obtaining CISSP credentials proves your ability to understand all aspects of security holistically and provides a minimum level of assurance to your leadership that you are capable to make the right decisions in the ever-challenging security landscape.
If you are the one aspiring to pass your CISSP exam in the first attempt, worth to follow the below tips:
Have you committed yourself?
CISSP is an intensive engagement. It very important that you are committed to yourself before you start preparing for CISSP since this may take a few months based on your experience and understanding of security. While you need not be an expert in each and every domain, you need to at least understand the basic concepts of a wide range of technologies. It’s important to understand how much time you can devote to preparation with your current project/work engagements. I have seen a lot of security professionals getting started for preparations but don’t see a lot touching up the final line due to the fact that they are not committed well.
Many people fail or leave preparation due to a lack of proper planning. Have you planned better?
Failing to plan is planning to fail. It’s recommended to plan your preparation before you dive in. Based on your experience and expertise you may plan out the preparation duration from 2 -6 months. As per my experience, if you are not the one backed with lots of experience, 4 -5 months should be a better bet. There are a total of 8 domains and you can’t afford to skip any one of it. If you are not a super-efficient scholar, which it’s always recommended to go for an online/classroom training to have a grasp of the entire coverage. The biggest benefit is that you get to know the overall context and concepts within a short time and then you can go through the books which will make it super easy for you to plan and read. So plan it better.
What’s your preparation strategy?
Few things to cover up in this section;
Don’t dig too deep – While there are no limits to acquire knowledge, CISSP is more about What, When, Why, Where and little much about How. Most techies get stuck in the last part as they are more keen on How. Exam intent is to test your understanding of the basic concept rather than the detailed working of technology. CISSP is called as one each deep and a mile wide. If you start digging everything too deep, you will land up nowhere.
Single point of reference – While online portals are flooded with a lot of reference books for CISSP, it’s better that you refer to a single book as a reference. Reading multiple books can make you crazy sometimes.
Notes and Mind maps: I see a lot of folks are too fascinated with free notes and Mind maps available online. While referencing notes may be immensely helpful, Mind maps may not. Mind maps are a way to express your understanding through documentation. If you are referring to the one prepared by someone else, it may provide you a false sense of learning. I strongly recommend that once you are done with a concept, prepare your own mind maps with your own short keywords. A lot of free tutorials are available on the internet to learn how to make mind maps. Mind maps are a great tool for learning but cautions are that it should be your own.
Do you have the right references?
The right reference book: While there are a lot of reference books available including official CISSP CBK and all are great treasures of knowledge. My personal favorite is (ISC)2 Certified Information Systems Security Professional Official Study Guide. That book has it all that you need to know from the CISSP perspective. Eric Carnard’s Eleventh Hour CISSP: Study Guide (Syngress Eleventh Hour) is a great resource to be referred to summarize things you learned in more detail.
Exam Dumps: Many aspirants are very much keen on dumps. You may find a lot of sites providing CISSP dumps for low to high cost claiming a 90-100% pass guarantee. My only question to those providers is that from where are they getting these questions? You need to sign a Non Disclosure Agreement(NDA) before you sit for the exam. I see most of these providers are business peoples and don’t know anything about CISSP. Having said that, Dumps really helps in shaping you up through questioning your understandings, you should not expect any questions to be replicated to the exam. Majority of CISSP questions are based on real-world problem scenarios if you understood the concept well, it’s just a matter of applying your management mindset rather than a techie mindset.
How much to dig or how much to remember?
Do not overload yourself with the expectations of holding everything into your brain. Many people struggle with this in mind and are overburdened. This is a big mental barrier for some aspirants. Please note, (ISC)2 intends to test your security and management attitude rather than testing your knowledge. The Exam contains scenarios that test your decision-making skills based on your understanding of security concepts.
When to book your exam?
While this is a very personal decision and may vary from person to person, I would recommend booking the exam once you are done with your initial 4 domains. Ideally, keep 1.5 times the time it took for you to complete your initial 4 domains.
When are you ready?
This was the most difficult question for me while I was about to appear for CISSP exam in 2016. Somewhere at the back of my mind, I was feeling unprepared for the exam. My entire preparation was based on Shon Harris and my mindset was to face similar difficult questions as provided that the end of each domain in Shon Harris (Sixth Edition). I would recommend once you are able to score above 75% in the (ISC)2 Official
Feel free to contact me for a free mentoring session on [email protected]