How to achieve the CISSP certification

I passed my CISSP last week on my first attempt! – YAY! 🙂

Short version: If you decide to go for your CISSP certification, carve out ~300-350 hours in your schedule, and at least get started with one or two of the free resources listed below. If you feel that you are ready to continue, then buy the books and read them. After that, buy the then-most recent version of Larry Greenblatt’s video series just a month or so before your exam. After that, go through ALL of the practice questions that come with the books and from Larry – and then schedule your exam.

Details:

There are a ton of other posts on the web that outline a study plan for passing your CISSP. One key issue that I ran into was that all those posts listed either way too few (just one or two) or too many (more than 10) resources to study from. In my personal experience, neither finds a good balance between spending too much or too little time required to actually pass your CISSP. I settled with six resources (3 books and 3 video series) which worked out well for me.

Now before we get into which specific resources to study from, I will quickly outline why CISSP is truly an awesome certification:

• CISSP is like A+, except it’s much more high-level, covers much broader IT topics, is focused on security, and teaches you to think like a manager/director/executive
• You learn to think from other perspectives within IT – business continuity, security, network, software development, service management, risk management, etc.
• You learn to apply security to any organization holistically and focus on success of the organization as a whole, rather than just being focused on technical aspects of IT
• Technology varies from organization to organization and it’s always changing – but CISSP is vendor neutral, and it’s concepts can be applied to any organization and the knowledge gained from the below sources will be valuable throughout your IT career
• Every IT professional knows that security is an indispensable skill that continues to be in extremely high demand, and CISSP is one of the most sought after security certifications. High demand = High Salary! CISSP certification is very likely to lead to a promotion or a better role in another organization.

Despite having 15+ years of diverse IT experience, and 10+ other certifications, I learned tons of new concepts and ideas. Despite having two CCIEs, now after doing my CISSP, I feel much more confident in being able to discuss security with both management and other security professionals. It really forces you to think from management’s perspective about security as it applies to the whole organization. This is highly apparent from both practice questions (in the resources listed below) and the actual exam. Many, if not most questions have multiple answers that are technically correct – and you have to pick the BEST answer. Even the “best” is up for interpretation – as some answers can be technically the “best” while other answers can be “best” from management perspective. The right answers in case of CISSP are the ones that are “best” from management/security perspective.

Now onto the good stuff. In my experience going through these resources would be JUST enough to learn the CISSP exam topics enough to pass the exam. I must admit that I think I just barely passed – although I don’t know with any certainty because when you pass the CISSP, they only tell you if you passed, and they don’t provide a score. You only get a score if you fail, so that you know which domains you need to work on.

Here are the resources I used:

• Kelly Handerhan’s CISSP Course on CYBRARY.it (free Video Series)
• (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition ($36.79 USD, ~$49 CAD, Book + Practice Questions)
• CISSP For Dummies ($23.99 USD, ~$32 CAD, Book + Practice Questions)
• CISSP All-in-One Exam Guide ($40.99 USD, ~$55 CAD, Book + Practice Questions)
• Shon Harris CISSP (free – Video Series)
• CISSP 2018 – Larry Greenblatt ($99 USD, ~$132 CAD, Video + Practice Questions) – email  sales@internetworkdefense.com to purchase

I recommend going through the above resources in the order listed above. It look me about 300 hours, or about 9 hours a week over 8 months to go through all of the above content. Here are some additional details concerning the above resources:

• Kelly Handerhan’s Cybrary.it CISSP course is a great starting point for anyone starting their CISSP journey. It stays fairly high-level while covering a great breadth of topics associated with CISSP.
• ISC2 CISSP Official Study Guide is a must-read resource as many questions on the exam are directly from this study guide.
• CISSP for Dummies is a slightly more casual read, reinforcing the same concepts as the Official Study Guide, but as noted in previous blog post, learning concepts from different perspective and repetition aids in retention, and hopefully positive results on the exam date!
• The CISSP All-in-One Exam Guide by Shon Harris (who sadly passed away due to illness in 2014) is the most comprehensive book for studying CISSP. Similar to the second book, this book reinforces the CISSP concepts from a different perspective, and the repetition aids in retention and better exam outcome. Also many people complain that this book goes into too much detail, but, again, based on research on human memory, learning concepts and ideas in more detail than you need to significantly improves retention.
• Also make sure to do the online practice questions that are provided with the purchase of all three books. Instructions for accessing these questions are available inside the books themselves.
• The Shon Harris CISSP video series is a great resource for again reinforcing the same concepts as the books, but does so visually and aurally. Again, as noted in previous blog post, engaging multiple senses (reading, watching, listening) aids in both short-term and long-term retention. These videos are from 2007! They are still however relevant and a great resource for better grasping various CISSP exam topics. All the other resources I am recommending are all up-to-date so they will adequately fill in any of the relatively few gaps.
• Lastly but definitely not least, I would highly recommend Larry Greenblatt’s video recordings. I recommend going through his training last because I felt that that’s most suited to getting you in the exam mindset. The content is not as comprehensive as some of the above resources, but, there are three main reasons which I consider his video series a must-have for CISSP preparation:
  • He teaches you how to think about each question from management perspective with tons of examples
  • He does a great job of simplifying and clarifying many of the more advanced concepts and other topics that IT professionals typically face hurdles with
  • He’s super entertaining – a no small-feat when dealing some super dry CISSP content!

It is absolutely crucial to go through the practice questions that come with the three books and Larry Greenblatt’s 100 questions – about 2500 combined. Once you can reliably get 90% or higher in all of the above practice questions, then I believe you would have a great shot at passing the CISSP on your first attempt.

One question that I am often asked about any certification is how much it costs. Tally with the books and video based training mentioned above + certification exam cost ($699 USD or ~$993 CAD) works out to be ~$900 USD or ~$1,200 CAD.

Good luck! 🙂

Update April 30, 2019:

Note, there is also the stupid CISSP Annual Maintenance Fee (AMF) of $125 USD or $167 CAD. Boo!