How I Passed CISSP exam successfully

Although the idea of taking the CISSP exam had been lurking in my mind from a long time, I could only book the exam on Dec 9th 2008 after a friend of mine did and I also decided to jump the bandwagon….Moral support you know 🙂 The date scheduled was Jan 31st 2009. From the cccure.org forum it looked as if the average time was 3 months+ minimum so the thought of race against time to be prepared was ON right from the moment I had booked exam.

I had chartered a tentative time-table by allocating roughly about 5 days per domain. Although it was difficult to stick to it, it surely helped me in terms of expectations and in the end I was able to work through it almost, per schedule. I relied heavily on Shon Harris AIO 3rd edition (which I had bought in 2007! but kept procrastinating from studying!) and Ronald Kurtz’s CISSP Prep Guide Gold Edition. Once I got to know from the cccure.org forum on the differences between 3rd and 4th edition, I decided to stick to 3rd edition.

However, my advice would be to go with the 4th edition as new topics like SAN, Data on Transit, etc are not covered in 3rd edition and I remember seeing them in the CISSP Candidate Information Bulletin.

I have about 7 years of experience in IT and Security. My current experience in Technology Risk Management and previous stint with a startup company was instrumental in understanding the concepts required for Operations Security, Access Control, Physical Security, Telecom and Network Security with implementation experience.

Very recently in November I had successfully completed ISO 27001 LA course and couple of years back had done a course in Cryptography from Indian Institute of Science, Bangalore as part of continuing education program. Last year, I had completed Diploma in Cyber Law from Mumbai University to get some insight into law in technology. So the buildup was there but without CISSP in mind.

I have never studied like this in my whole life including the 10th and 12th standard which most people in India consider as turning points in ones lives and that too with so much intensity was a long task. My wife along with one and half year kid decided to go her Parents place for a month so that I could concentrate properly. So this holiday season was totally bland for me considering I missed the family, Christmas vacation and usual new year parties!

As for studies, I used to study for couple of hours everyday in the night towards the last two weeks, this increased to 8+hours as I had taken leave. I would read complete chapter in AIO and then take the test at the end of chapter from both AIO and Prep Guide, the mock exam for each chapter that came with AIO and the exams here at the cccure.org site. I did find lot of difference in questions of AIO when compared with questions in cccure.org site and that’s because these questions are contributed by folks like us who might have already cleared CISSP and used their real life experience in framing them. Towards the end, I did mock exams for each chapters from cccure.org site and at end I also did a mock 6 hour exam with a OCR answer sheet (of a different exam from google) that I downloaded from the NET and for this I used the 250 questions from the freepractices.org site to prepare mentally for sitting 6hours!

I also used the various members contributed materials like Mike Overly updated material, Hal Tipton pdfs, FAQs, Memoirs etc apart from NIST guidelines. All of these are except NIST guidelines are available at cccure.org website

During Exam:

I had jotted down points from Cccure.org’s Clements’ introductory video on CISSP exam (I would strongly recommend this to anyone who is interested in taking CISSP exam) and based on the inputs from various members in this cccure.org forum, I decided to take some fruit juice, a self made sandwich :), and water to the exam hall and I somehow sneaked time to have a quick munch apart from three loo breaks. At the exam hall, coffee and tea were made available outside. Although I had taken pencils, sharpener, erasers and a dictionary, I relied on the pencils
provided by ISC2. I wish I had kept one of those pencils as souvenirs!

When I started I wasn’t sure about the first 5 questions or so…but then I remembered some suggestion which though sounded weird -it was to start from the last! Once I was sure of the answers, I would transfer them to the answer sheet and the ones I had doubts I would mark them in question paper for later review. I used the full six hours for the exam and wasn’t sure that I would make it and the thought of blowing away INR 28K/550USD was buzzing in my mind. Later I started to think about other things that I had missed in these time…from last couple of days I was thinking about that email from the ISC2 and it did arrive on Thursday….I was actually thinking about letting my wife read that email first…but gathered enough courage to see it myself and was glad to see the congratulatory message of passing…atlast the efforts had paid off! Thanks to ALL here in this cccure.org forum, my friends and Family!

Must Have’s (recommendations) for CISSP:

-CISSP Candidate Information Bulletin from www.ISC2.org
– Check the materials and forums at www.cccure.org website
-Clement’s introductory video on CISSP (I have posted the URL above)
-Shon Harris AIO book(s) 6th Edition is available from Flipkart.com at a discount
-NIST guidelines
-5+ year experience in any of the 10 Domains of CISSP Common Body of Knowledge. Practical or implementation experience would do a lot good.

Good Luck and May the Force be with you!

Prasanna

24 thoughts on “How I Passed CISSP exam successfully

  1. hi, where can i find:
    Ronald Kurtz’s CISSP Prep Guide Gold Edition

    I am in bangalore.

  2. I remember having seen a copy of that book at Sapna book stall in Majestic area. Couple of places where you can check them is at:

    Crossword at Residency road
    Higgibothams at MG Road
    Landmark at Forum

    Regards,

  3. Excellent review! Mint takes Ubuntu and makes it work! After your review, I plan to use it.

  4. @Laura many thanks. Afraid I don ‘t have time to sign up though it sounds interesting

  5. Now that you passed, how are you going about the next step of certification which requires endorsement? There are no CISSPs at my workplace so not sure how to proceed.

  6. Great commentary on how to pass and congratulations.

    How are you going about the next step of the certfication which requires an endorsement? Since there are no CISSPs at my workplace, I do not know I would proceed from the test.

  7. Thanks. If you meet the ISC2 minimum criteria for CISSP, all you need to do is just concentrate on the exam, please do not worry about the endorsement. If you do not know someone who is a CISSP, just send the relevant documentation to ISC2. You will be audited for your credentials and if it meets stipulations, you will get your certification. However, getting endorsed by ISC2 will take about 4-8 weeks time.

  8. wow prassana.. tats a reallly coool post… was very informative and motivational indirectly.. good one.. keep posting 🙂

  9. Wow! Thank you! I always wanted to write in my site something like that. Can I take part of your post to my blog?

  10. Hi Prasanna,

    Where do i go for a training in CISSP? Are there any good institutes in bangalore? Any idea about intellisecure?

    Thanks

  11. Ravi,

    Frankly, I do not know and am more of a DIY kinda person. I have mentioned all the books and resources that I used, above…Good Luck!

  12. Hi,

    Just got my results and have passed the CISSP exam !!
    And I neeed to thank you for this blog, the information and also for redirecting me to the cccure forums!

    Thanks a lot!

    Vaibhavi

  13. Vaibhavi,

    Congratulations on passing the CISSP exam! Its a great feeling seeing that email from ISC2 and am glad that the blog was of help to you! All the very best!

    Regards,
    Prasanna

  14. Hi Prasanna,
    I have been preparing for the CISSP exam for the last 1 month.
    Can help me with procedure to register for the exam and where could I find SHON Harris that u had used to study?
    I want to build my career in Information Security.
    I am an MBA in Systems.
    Can you tell me the minimum criteria to be eligible to take these exams?
    Thank You
    -Anupam

  15. Anupam,

    Firstly as outlined please go ahead and download Candidate Information Bulletin (CIB) from ISC2 website. I had bought SH book from one of the bookstore in Bangalore but now, updated and recent edition should be available on sites like flipkart.com, crossword bookstore, sapna books online as well. Min criteria is 5 years experience in any two of the 10 fields as outlined by ISC2. However some waivers exist. CIB should help you.

Comments are closed.