Passing the CISSP Exam

At this point I have been a generalist in IT for around 15 years. I have done some work in an administrative role, I have been in support, worked as a support team lead and I've been in professional services for the better part of the last decade. Along the way I have earned various certifications in disciplines including systems, wireless, security, cloud... even CBRS before I learned that very few people care about CBRS.

So who cares, right?

The point is, as a network security professional that has been exposed to a large amount of the CISSP content in one way or another through the years, I am not going to spend a lot of time in this short post going over how I covered the content in all of the domains. I will however include at least a couple resources that I found outside of the work I was doing that were helpful for me.

The Learning Part

To learn the material there were 2 primary sources that I used:

1) The FRSecure Free CISSP Training Program

This is a free program delivered by a great group of instructors and I strongly recommend that you check them out. The mentorship program spans 6 or 7 weeks and includes 2x 2 hour sessions per week. The FRSecure team also maintains a Discord server with many aspiring/certified CISSPs learning along with you.

https://frsecure.com/cissp-mentor-program/

2) The All-In-One CISSP Exam Guide

I used this as a reference far more than the CBK. If you're trying to save a few bucks on the path to getting certified, the CBK is a resource I personally believe that you can pass on.

https://www.amazon.com/CISSP-All-One-Guide-Ninth/dp/1260467376

The Memorization Part

Here are the tools that I used to make sure that I was prepared to succeed on the exam:

1) Destination Certification Mind Maps

For those that feel like writing notes helps for memorization, this one might be especially helpful. This is another free resource that reviews the main topics for each of the domains in sort of a hierarchical model. They provide free PDFs as well in case you want to fill each section in yourself while watching the YouTube videos.

https://youtube.com/playlist?list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu&si=yHQ8Uw3gu-yX7sy1

2) The Destination Certification App

I was genuinely amazed that this was a free offering. At the time of writing, the app contains around 700 practice test questions and almost twice as many flash cards. I was unlucky enough to have an overnight stay at the hospital while less than 2 weeks before my exam so it was great to have a resource like this that I could use while stuck in bed.

https://destcert.com/destcert-app/?gad_source=1&utm_source=Google&utm_medium=cpc&utm_campaign=perfmax&gad_source=1&gclid=Cj0KCQjwz7C2BhDkARIsAA_SZKbY5SdEEhkU6ubCgVBWEvAQoVygQNbJztgiTDUKrGWjQE-vjgfEpRcaAqt7EALw_wcB

3) The All-In-One CISSP Exam Guide

The guide includes a test simulator which I used to go through as many test questions as reasonably possible. Since the DestCert app did not have a lot of depth for domains 4-8 (at least in the free version of the app), I leaned on the "Total Seminars Training Hub" that is included with the book to cover those domains a bit better.

Other Resources

There is no substitution for experience but it is tough, even for a generalist like me to get exposure to everything that is covered in the 8 CISSP Domains. Cryptography and IR were 2 things in particular that I do not have a lot of actual work experience with, but I did read some books along the way that helped me get closer to where I needed to be to pass the exam...

1) Cracking Codes with Python

This is a great book for someone that is interested in coding and cryptography, but doesn't have much (or any) experience with either. The book builds up from the basics and does a great job of explaining what is happening under the hood. It also doesn't hurt that you can get it for free!

https://inventwithpython.com/cracking/

2) Investigating the Cyber Breach from Cisco Press

I read this one back when I thought that I might get into Incident Response. Never happened, but the book was informative and helped me to reason through questions relevant to IR. Unfortunately I don't think they're giving this one away, but I do think that it was money well spent.

https://www.amazon.com/Investigating-Cyber-Breach-Forensics-Engineer/dp/1587145022