Passed the CISSP exam!

Passed #CISSP exam! Long exam but not that hard.

— Andrew Roderos (@andrewroderos) May 22, 2017

Yesterday was a good day, at least for me. I passed the CISSP exam on my first attempt! While it wasn’t that hard (in my opinion) compared to other exams that I have taken, it still felt awesome to pass it on the first attempt.

Quick background

As of this writing, I have been in the IT field for 13 years. The last ten years of my IT career has been in the networking field. I’ve heard from some CISSP folks that people in the networking field have some advantages when preparing and taking the exam. The reason could be because there are some overlapping topics in networking and security. Additionally, information security and networking departments work closely together, so there is some knowledge sharing.

Exam preparation

Technically, I started reading CISSP topics back in January. However, I wasn’t that serious about it and stopped reading. Sometime in February, I took the CISSP boot camp from Global Knowledge. I had hoped that I would learn a lot from it but ended up learning only a few things. Though, nothing that I wouldn’t learn from the book.

If you’ve decided that you’re going to take the boot camp, then I would suggest to take it only from SANS – the MGT414 class. They charge more than other vendors out there, but I have read and heard many good things about their training.

I initially considered taking it from SANS but decided against it. The main thing that discouraged me in taking it from them was the price. While I didn’t have to pay for it, their pricing was significantly more than Global Knowledge. The certification isn’t a requirement for my job, so I figured might as well save some money for the company. Furthermore, the training vendor included a “free” CISSP exam voucher, which was probably the most valuable thing I got from the boot camp.

Anyway, after the boot camp, that’s when I shifted into a different gear. I started reading the CISSP book every day. I also watched training videos. Though, to be honest, I didn’t finish them all.

The latter part of March, I knew that I would be finished reading the CISSP book by mid-April. I wanted to schedule the exam, but I kept procrastinating and lost my spot. I had to push my schedule longer than I wanted to. However, it gave me some time to take practice exams and review some more topics that I don’t quite know.

Study materials

In this section, I’ve listed all of the study materials that I had access to or have used. I clearly stated below if I used it or not. Hopefully, it would help CISSP aspirants for their preparation.

Books

I used Sybex’s CISSP Official Study Guide as my primary resource for my studies. This book is the best seller and has good ratings on Amazon. For good reasons, I feel that the book is sufficient by itself as the only resource in preparing for the exam. I read all 21 chapters of the book even though I have a great understanding of one of the domains.

UPDATE: The one I used was the 7th edition which was applicable to the CISSP 2015 exam objectives. The Sybex’s CISSP Official Study Guide 8th edition is meant for the CISSP 2018 exam objectives.

Another book that I used was the Eleventh Hour CISSP. This book has only 21 reviews, but the rating is high. I read this book from cover to cover. It is good for a refresher before the exam, but I still think that the previous book was enough. I’d say, just go back to the topics that you’re weak on and you should be good to go.

Since I took a boot camp, I have access to Official (ISC)² CISSP training handbook, flash cards, and Guide to the CISSP CBK book. I didn’t use any of them, but it’s good to have for reference.

Videos

I have or had access to boot camp recordings and Cybrary. Out of the two, I’ve used only the Cybrary.

Cybrary’s instructor is Kelly Handerhan. I haven’t come across her name in the years I’ve been in IT field. That’s not a shot to the instructor since I mostly know people in networking. The videos are good, so I recommend to go through them. I think for the level being tested on CISSP, their videos are a great learning tool.

Honestly, I stopped watching their videos because they were making me fall asleep. Again, not a shot to the instructor. I just couldn’t finish the videos without falling asleep. Your mileage may vary.

Practice tests

I have or had access to Transcender practice exams (included with the boot camp), Sybex’s CISSP Official Study Guide practice tests and Sybex’s CISSP Official Practice Tests. Out of the three, I’ve used only two of them.

The Sybex’s CISSP Official Study Guide have four full practice tests accessible via online. Each full practice tests contains 250 questions. I’ve only tried two out of the four practice tests.

When I took the first full practice test, I scored around 77 – 78%. It is a low score but still a passing mark. At the time, I felt so confident that I will pass the CISSP exam if I took it that day. Boy, I was wrong. Because the following day or so, I took the second full practice test and I failed. I scored between 65 – 66%. To my defense, I was quickly picking the answers and weren’t paying too much attention. My average time taking the practice exams was between 70 – 95 minutes (can’t remember). Not very long at all.

The Sybex’s CISSP Official Practice Tests have 100 questions per domain plus two full practice tests. The best way to use this resource is to access the online portal. To me, it is hard to use it as physical book or ebook. The online portal was more convenient than using the book.

I didn’t try the domain tests. I felt that it would go into too much detail compared to the CISSP exam. Having said that, I went straight ahead and took one of the full practice exams. Again, I failed. I scored 69.20%. Since it was a practice exam, I also rushed taking the exam and didn’t pay full attention.

Days before the exam

I booked the exam probably six weeks ahead of time. At the time, I was not sure if I was going to be ready or not. Though, I knew I had plenty of time. I just had to make sure I used my time efficiently. Though, I would say that the last two weeks before the exam, I relaxed and started watching some Marvel shows on Netflix. The relaxation that I did was the main reason why I was panicking few days before the exam.

24 – 48 hours before the exam, I had a mixture of relaxation and also some exam cramming. I focused reading my weak topics because if I were to get those questions, I would totally fail. I guess my cramming for the exam worked because I passed it.

Day of the exam

I slept late the night before and woke up at 5:30 in the morning. Having enough rest is important when taking any exam so make sure you do. Even though I didn’t have enough sleep, I felt fine.

Since I woke up early, I had plenty of time to prepare and get to the Pearson Vue testing center. I made sure I ate breakfast before I left, prepared my snacks, meal, and water to bring to the testing center. Since the test won’t stop the timer when you take a break, it is important that you bring food. Do not attempt to skip your snack or meal. I think it is important to have food in your body.

Arrival

When I arrived at the testing center, I was 40 – 45 minutes early. I talked to some of the test takers that day and found out they weren’t taking any exam related to IT or IS. Makes sense since Pearson Vue handles non-IT related exams as well.

The testing center’s employees started to arrive and eventually let us in 30 minutes before our scheduled time. During all of this, I was still having some second thoughts if I was going to pass. I was saying to myself that it’s okay if I pass or not. At least I attempted it, and failure is part of any journey.

When it was my time to check in, the person almost turned me away because of the two forms of identification rule. I did have my government-issued ID and credit cards, but they weren’t signed. The person eventually decided to let me through. It would’ve been bad if I was denied to take the exam. I would’ve wasted the “free” exam voucher.

Exam experience

As I was going through the questions, I started gaining confidence that I will pass the exam. But then, I started getting questions that I am not sure if I answered correctly. As time went on, I knew I was going to pass the exam. I would’ve been shocked if I didn’t. Don’t get me wrong though I had plenty of flagged questions for review. However, I was sure with my answers on a lot of them. I just wanted to go over again just in case I wasn’t thinking right.

I thought the questions weren’t as hard as the full practice tests I have taken. While I didn’t take a lot of them, I feel that they were similar to the real one. Unfortunately, due to NDA and the fact that I don’t know what I could say, I will stop discussing the exam now.

Breaks

As you know, a CISSP exam taker can take up to six hours to finish it. In this timeframe, exam taker can take breaks at any time. This break could be used to go to men’s or ladies room, eat some snacks or meal. It is up to the exam taker on how he/she would use it.

I took four or five breaks. The first break was around my 77th question. I took a restroom break and also walked around the hallway to relax a bit. My second and third break were pretty much the same. During this time, I had plenty of time left. On my fourth break, I ate my sandwich and walked around a bit. Close the 250th question I had to go to the restroom. Apparently, I drank too much of water.

Review flagged questions

As mentioned, I had plenty of flagged questions. I went through all of them and changed some of the answers. On some of the flagged questions, I just didn’t know how to answer them. I just picked whatever I felt like the best answer. The review took probably between 40 – 50 minutes. By the time I was done, I had between 40 – 45 minutes left on the clock. I didn’t feel like going through the questions again, so I ended the exam.

Exam Results

Apparently, (ISC)² CISSP exam does not give the results on the screen. I actually closed my eyes when I hit the end exam button and waited few seconds before I opened my eyes. It was for nothing because I had to go to the front desk for the printout. Since I’ve taken quite a bit of Cisco exams, so I assumed that it would be the same thing. I couldn’t be more wrong.

When I saw the congratulations part, I wasn’t shocked about it but I was relieved that it’s finally over. Another difference between the Cisco and (ISC)² is that the results didn’t say what my score was. Not a big deal but it would’ve been nice to know.

Final words

As mentioned earlier, I believe that the Sybex’s CISSP Official Study Guide book is all one would need to prepare for the exam. Let me reiterate that this is coming from someone with networking and some security experience. Though, I still think that if one spends enough time understanding the book and some memorization, then anyone could pass the exam. So, if one is on a small budget, I’d say only buy that one.

If one wants to learn more about the topics, definitely go through the Cybrary videos. It will help in day to day operations and solidify the concepts that you read from the book.

Some people would like some exam tips. I’d like to give plenty, but I only have one. That is, read the questions carefully and pick the best answer.

Good luck in your CISSP journey and I hope you get the same success as I did!

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.