I am looking to attempt the CISSP within the next 6 months as the material on this exam closely parallels to my daily job responsibilities.

If there is anyone who has passed this exam within the past year, would you mind sharing:
- Learning resources used
- Note / Test taking strategies
- Any additional advice that would be of value

merlin403 said:

---

I am looking to attempt the CISSP within the next 6 months as the material on this exam closely parallels to my daily job responsibilities.

If there is anyone who has passed this exam within the past year, would you mind sharing:
- Learning resources used
- Note / Test taking strategies
- Any additional advice that would be of value

---

I've had mine for 3.5 years now, however, I stay pretty up on the test and help others study. If you have Discord, there is a pretty large community a couple of us started shortly after getting our CISSPs. It's very active, has much more than just the CISSP, and has helped numerous people pass.

I'll throw some advice and recommendations when I'm on my home PC later today.

Thanks for the help!

I started with the "live" FRSecure training path they were doing earlier this year (Apr-Jul) until I got sidetracked with a job change. But they uploaded them all to youtube just as up-to-date content coverage:

FRSecure CISSP Mentor Program (Session 1)

That's the first one, but you can find the other 10 (?) on their channel too. They were basing it all off of the CISSP 6th Edition book by Deane and Kraus.

The Official ISC2 CISSP CBK Reference (6th Edition)

They had a real-time Discord during the period they were doing the sessions 2/week for people who were intending to do it all and then immediately take the test while it was fresh, so Average Joe's Discord link might serve that purpose too..

I also need to get back into it and get it done. Joe, I'd be interested in any links/info you have as well.

I've had mine for five years now and serve on the Exam Development board. Biggest thing in the test for me, as a more hands-on techie type was to ensure the right frame of mind to answer. Think of yourself as a member of the senior management team. The *right* answer will not always be to technologically solve the problem.

Think risk management versus mitigation; you can stand up a large solution to fix a risk, or you can outsource the risk or you can accept the risk, and fixing the risk may not always be the right answer.

The best analogy I have for that is e-mail. An SMB can successfully host an e-mail server, secure it, and protect the server reputation and internal users. This can be done, often times at a large cost of labor. Or, as most SMBs do, this can be outsourced to an external provider who has the economies of scale to do this much more efficiently per user. This is transferring the risk of running a secure e-mail system to an outside vendor. Technologically, this problem can be solved internally. Realistically, most businesses would choose to outsource this risk.

For reference materials; other than the Official CBK, I used the Boson test simulators to ensure I was ready for the question format, and the Sunflower reference chart to refresh my memory of the domains and key elements within them (https://www.sunflower-cissp.com/downloads/sunflower_cissp_layout.pdf)

I appreciate the recommendation!

Thanks for the advice! Please keep it coming!

https://discord.com/invite/certstation

Hopefully that works. Never invited anyone from the phone app.

Great community, ton of incredibly smart and helpful people. Including ones that wrote the books everyone suggests. I'm not on it daily anymore, but spent more time there than I did on TexAgs for a long time.

I echo everything nwspmp said. If you are in a technical role, then start learning how to think like a manager. You're not trying to solve problems as much as make risk management decisions for a company.

There are A LOT of processes. Learn them and know them well, because they will most definitely help you decide between a great answer choice and the perfect answer choice.

I'll add that 11th hour was a great book for the last couple of weeks before the test. It's not very in depth, but a good review to make sure you are not missing any topics.

The discord I posted has a test bot in one of the rooms that asks questions around the clock. They were written by people with a CISSP, so a great help.

Oh, my single best piece of advice to people when they ask how to tell when you're ready: if you can teach someone else a concept without resources, then you know that concept enough. Now just repeat it for all of the topics.

It's a CAT test. It'll figure out your weakness and hammer it over and over. So, it's not good enough to load up on 6/8 domains and think you're good.

That turned into more of a brain dump than intended. Gotta love pointless meetings.

I've been studying for this as well.

Is it wrong to say it's style is a lot like the PMP? Hoping that exam experience helps me. The risk management content seems very similar. Questions on both want you to "think like a CISO/Project Manager" and the right answer is often what's least wrong.

Anyway, I've burned through a few books and am in take a million practice tests mode. Also hoping my actual job experience as a IT Sec manager helps.

SJEAg said:

---

I've been studying for this as well.

Is it wrong to say it's style is a lot like the PMP? Hoping that exam experience helps me. The risk management content seems very similar. Questions on both want you to "think like a CISO/Project Manager" and the right answer is often what's least wrong.

Anyway, I've burned through a few books and am in take a million practice tests mode. Also hoping my actual job experience as a IT Sec manager helps.

---

You were on point until "the right answer is often the least wrong". Most questions there will be multiple answers that are not wrong answers, but it's which one is the most ISC2 answer that is correct.

It doesn't ask what the second step in the SDLC is. It's going to give you a scenario or a problem, and you will have to know to use the SDLC. Then know what to do in the second step of the SDLC. Meanwhile, the answer choices will be other steps in the process, or a step from other processes.

Cool, thanks - guess "most right" is better.

I need to study more...