The CISSP exam is one of the most difficult information security exams to pass due to the broad base of subject domains tested. Just the thought of the CISSP exam can make even ace test takers nervous of how the allotted six hours will unfold. Information Security professional Andrew McNicol has graciously agreed to be the first interview for what will be a repeating series designed to help you pass the CISSP exam. After all what better way is there to supplement your formal study plan then to hear from those that have been in the trenches and passed the exam themselves?
Andrew, what were your reasons for deciding to pursue the CISSP certification?
My primary reason for seeking the CISSP was to gain certification to advance my career in the information security field.
Did your employer at the time encourage you to take the CISSP exam ?
It wasn’t required, but yes they really liked that I achieved it. Achieving the CISSP along with my work performance lead to promotion quickly after I got CISSP.
It is good to hear that your employer recognized the value of the CISSP and rewarded your efforts. What study method/materials did you use to prepare for the CISSP exam?
I used the following materials to prepare over a 2 month period:
PrepLogic Course/ (Practice Test was good, but video course left a lot of holes).
Carnegie Mellon CERT video course / (Practice Exam – Very useful )
All-in-one Exam Guide 5th edition by Shon Harris
11th hour study guide by Eric Conrad (very good)
40% of Shon Harris’s video course
CCCure.org practice exams (took a handful of the free questions)
What CISSP subject domains did you need to spend the most time studying in detail?
My focus areas were Cryptography, and Application Security because my experience was weakest in these areas.
How did your CISSP exam approach compare to my published CISSP Exam Strategy?
My strategy was very similar. The exam took me 5 hours and 30mins to complete. I took the exam 3 times in the booklet before transferring the answers to the scan-tron and reviewing one final time. I paced myself and took small breaks every 50questions, or as needed. I was clear to underline words in the question that I thought were important to allow them to stand out. I certainly marked my book up and only answered questions I knew and marked ones I had to think about for another run through the exam.
How confident were you that you passed post exam?
I was confident at first….very confident, but as the days passed (21 total to get results) I became less and less confident and nearly signed up again to take it.
Not to break the suspense but obviously you passed since I am interviewing you about your success with the exam. I am curious what is your plan for acquiring the needed CPEs to stay certified?
I do a lot of SANS training so it should not be a problem to meet the CPE requirement for the CISSP.
One final question for you Andrew. Any special tips you have for CISSP candidates that we have not previously discussed?
The key to achieving CISSP success is to set goals for daily study time. I suggest reading a brief summary of the CISSP domains to get an idea of the CISSP scope (Eric Conrads 11th hour study guide is a great source). Once you have a better idea of the test’s scope you should identify the 2, 3, 5, X domains you feel you will need to put forth more study time. Then I suggest spending 1-2 weeks for each domain making very good notes/note cards throughout that week for you to look back on.
The one issue with CISSP is because the test is so large you wont truly feel prepared…once you push 1 domain in your head you tend to forget some small details about another domain. This is where I suggest you use mnemonics to help you remember some very small details that will help you in the stressful situation of the test (again Eric Conrads book and Shon Harris chapter summary’s in her book are a good source).
Once it comes time for the actual exam prepare for the worst — be sure you actually practice taking 300-500 questions at once! I say up to 500 because on the actual exam the questions tend to be paragraph style and practice questions for CISSP tend to be shorter quick 1 line questions in my experience. When you sit for the exam you should accept that you gave it your best shot and will have no problem taking the exam again if needed (helps with nerves).
While you take the exam if you read a question that doesn’t make sense feel free to mark it and move on….don’t get to worried if you feel you are marking a lot of questions because I know I did. I would mark the question and maybe place a mark near the 2 potential “right” answers. Then continue to go through the test once you have finished take a break, get a snack, and go through again starting to tackle some of your marked questions. With the marked questions you should have a conversation with yourself asking “What is this question trying to ask? What is the scope of this question?” and then look at the answers because you will find that often times 2 answers are correct, but 1 answer is more correct based on the wording of the question (tricky!)
I think confidence will go a long with this exam and confidence can be achieved by understanding its okay to fail it your first time around. Hopefully with the tips I have provided your readers will help them reach their goal of passing the CISSP on their first go.
Thanks again to Andrew for the high quality interview and great tips to enable CISSP exam success.