Hi All,

I passed the CISSP in 2015 and wanted to share my experience.  Its definitely difficult and took a lot of effort so I wanted to detail exactly how I did it for the benefit of others.  The entire experience took 4-6 Months on and off studying, but really the last 3 weeks I focused in and studied daily.

CBT Nuggets videos – Link to CBT

Listened to them while driving for a month or two.  This really got the language solid in my mind as I found it easier to digest the amount of information casually over an extended period of time.  Most of the time I could not see the diagrams or written information but a few quick glances at stoplights etc helped me learn alot.  I watched the Security Architecture and Cryptography sections multiple times as I was weakest in those areas

Shon Harris AIO – Link to Amazon

I read about half of this but gave up because it was so long and boring.  I did use it as reference here and there in the PDF version when looking up definitions and concepts while studying exam questions.  The full book is not for everyone but probably the most efficient way to master the material if you have the stomach for it.

Pass4Sure Exam Prep – Link to Site

Bought this for 100ish dollars and did about 400 questions.  Made flashcards for every answer I got wrong to understand the concepts.  Alot of people will trash Pass4Sure but the principle is still solid.  You get a question wrong, you write down and learn the topic, you will learn what you need to learn.  In total Pass4Sure has about 1000 questions to go through so its pretty good.  For other exams I hear pass4sure is hit or miss and can really suck.

CCCure.Org Exam Prep – Link to Practice Questions Site

These were great questions and I did 3 mock 250 question exams prior to my actual test date.  What I found was that Pass4Sure probably bought the exam and copied all the questions out because alot of them were similar or exactly the same.  Not sure who copied off who but I am pretty sure we can all guess where the content originated from ?  The extra content and detail on each question helped me make my flashcards more comprehensive and was a great purchase.  I would start with this over Pass4Sure if I was doing it over again.

11th Hour by Eric Conrad and others – Link to Amazon

Great quick read that helped me cram in the final days before my exam.  This was digestible and to the point.  Only useful if you have already studied alot as I did to pick up the last few pieces you may have missed studying other more comprehensive material.

While reading/skimming each book, and taking exam questions, I wrote a flash card for every concept I got incorrect.  In total I must have made a stack of 400 Flashcards.  For me, writing things down helps commit to memory and I think for most the same concept is true.  I highly recommend doing this if you are serious about memorizing the stupid amount of random stuff this test wants you to know.

As others have stated, the exam was by far much more difficult than practice exams.  On CCCure.org, I got a 75% on my last practice exam and most say 80% is what you need to comfortably pass.  Most of the questions I encountered in practice were straight up, what is this, what is that kind of questions.  The real exam was what is the best, most, least, first, last, etc type of questions.  This essentially makes you evaluate each answer carefully and rank them before selecting an answer; a much more thought intensive process and very time consuming.  Practice exams were about 1-2 hours to complete 250 questions.  The real exam took me 4 hours and I did not stop reviewing until my brain was mush.

For me, the most effective studying was listening to the video’s while driving to get in the right mindset, and then doing practice questions with flashcards for every wrong answer.  I took Thursday and Friday off from work and studied about 6-8 hours a day, taking 2 practice exams a day.  The weeks leading up to the exam I did 60 question mini exams to gauge my areas of weakness.  It was also a pain to memorize all the cryptography, encryption, Virus/Malware, Common Criteria and Orange Book content but its absolutely necessary as many of those questions came up in the exam(duh).

-I work full time, and go to grad school part time and found the time to study so it can be done with some discipline over a few months.  No drinking or going out the last 3 weeks helped.

-I currently work as a Senior Information Security Analyst and have been in Security for about 2 years now.  My work experience may have contributed to…10% of the tested material, so not much.  I have held management positions in the past and I believe that helped.

-I took the GMAT last year, which is a similar testing style so it took less effort to adapt to this tests question format.

-I encountered maybe 10 questions that were straight up and similar to practice questions I had already done.

-I Encountered 4 drag and drop type questions which were fairly easy and seemed a bit overkill for what it was asking.  I guess it just switches it up a bit which is kind of nice.

I took breaks at 100 questions, 200 questions, and half way into my review of about 60 questions.  I had marked so many for review because I was so unsure about so many answers.  I thought I had bombed the exam as many others did and was pleasantly surprised to see that I had passed.  I have already completed my resume and domain details, and have a coworker providing endorsement so official certification should be ok.

-Phil