Monday, February 23, 2009

How I Passed CISSP exam successfully!

Although the idea of taking the CISSP exam had been lurking in my mind from a long time, I could only book the exam on Dec 9th 2008 after a friend of mine did and I also decided to jump the bandwagon....Moral support you know :) The date scheduled was Jan 31st 2009. From the cccure.org forum it looked as if the average time was 3 months+ minimum so the thought of race against time to be prepared was ON right from the moment I had booked exam.

I had chartered a tentative time-table by allocating roughly about 5 days per domain. Although it was difficult to stick to it, it surely helped me in terms of expectations and in the end I was able to work through it almost, per schedule. I relied heavily on Shon Harris AIO 3rd edition (which I had bought in 2007! but kept procrastinating from studying!) and Ronald Kurtz’s CISSP Prep Guide Gold Edition. Once I got to know from the cccure.org forum on the differences between 3rd and 4th edition, I decided to stick to 3rd edition.


However, my advice would be to go with the 4th edition as new topics like SAN, Data on Transit, etc are not covered in 3rd edition and I remember seeing them in the CISSP Candidate Information Bulletin .

I have about 7 years of experience in IT and Security. My current experience in Technology Risk Management and previous stint with a startup company was instrumental in understanding the concepts required for Operations Security, Access Control, Physical Security, Telecom and Network Security with implementation experience.

Very recently in November I had successfully completed ISO 27001 LA course and couple of years back had done a course in Cryptography from Indian Institute of Science, Bangalore as part of continuing education program. Last year, I had completed Diploma in Cyber Law from Mumbai University to get some insight into law in technology. So the buildup was there but without CISSP in mind.

I have never studied like this in my whole life including the 10th and 12th standard which most people in India consider as turning points in ones lives and that too with so much intensity was a long task. My wife along with one and half year kid decided to go her Parents place for a month so that I could concentrate properly. So this holiday season was totally bland for me considering I missed the family, Christmas vacation and usual new year parties!

As for studies, I used to study for couple of hours everyday in the night towards the last two weeks, this increased to 8+hours as I had taken leave. I would read complete chapter in AIO and then take the test at the end of chapter from both AIO and Prep Guide, the mock exam for each chapter that came with AIO and the exams here at the cccure.org site. I did find lot of difference in questions of AIO when compared with questions in cccure.org site and that’s because these questions are contributed by folks like us who might have already cleared CISSP and used their real life experience in framing them. Towards the end, I did mock exams for each chapters from cccure.org site and at end I also did a mock 6 hour exam with a OCR answer sheet (of a different exam from google) that I downloaded from the NET and for this I used the 250 questions from the freepractices.org site to prepare mentally for sitting 6hours!

I also used the various members contributed materials like Mike Overly updated material, Hal Tipton pdfs, FAQs, Memoirs etc apart from NIST guidelines. All of these are except NIST guidelines are available at cccure.org website
During Exam:

I had jotted down points from Cccure.org's Clements' introductory video on CISSP exam (I would strongly recommend this to anyone who is interested in taking CISSP exam) and based on the inputs from various members in this cccure.org forum, I decided to take some fruit juice, a self made sandwich :), and water to the exam hall and I somehow sneaked time to have a quick munch apart from three loo breaks. At the exam hall, coffee and tea were made available outside. Although I had taken pencils, sharpener, erasers and a dictionary, I relied on the pencils
provided by ISC2. I wish I had kept one of those pencils as souvenirs!

When I started I wasn't sure about the first 5 questions or so...but then I remembered some suggestion which though sounded weird -it was to start from the last! Once I was sure of the answers, I would transfer them to the answer sheet and the ones I had doubts I would mark them in question paper for later review. I used the full six hours for the exam and wasn't sure that I would make it and the thought of blowing away INR 28K/550USD was buzzing in my mind. Later I started to think about other things that I had missed in these time...from last couple of days I was thinking about that email from the ISC2 and it did arrive on Thursday....I was actually thinking about letting my wife read that email first...but gathered enough courage to see it myself and was glad to see the congratulatory message of passing...atlast the efforts had paid off! Thanks to ALL here in this cccure.org forum, my friends and Family!

Must Have's (recommendations) for CISSP:

-CISSP Candidate Information Bulletin from www.ISC2.org
- Check the materials and forums at www.cccure.org website
-Clement's introductory video on CISSP (I have posted the URL above)
-Shon Harris AIO book(s)
-NIST guidelines
-5+ year experience in any of the 10 Domains of CISSP Common Body of Knowledge. Practical or implementation experience would do a lot good.

Good Luck and May the Force be with you!

Prasanna

Digg my article

17 comments:

sanwal said...

hi, where can i find:
Ronald Kurtz’s CISSP Prep Guide Gold Edition

I am in bangalore.

((ಪ್ರಸನ್ನ) Prasanna) said...

I remember having seen a copy of that book at Sapna book stall in Majestic area. Couple of places where you can check them is at:

Crossword at Residency road
Higgibothams at MG Road
Landmark at Forum

Regards,

rgs2k said...

Hi Prasanna,

That was a very informative post on CISSP exam! I am in the process of preparing for the exam, aiming Mar 2010.

I wud like to know your opinion on the relevance of CISSP certification and security related jobs in Bangalore? I come from pure tech background with quite some experience in design and dev of security related solutions. I am planning to get back to bangalore soon, so trying to understand the job scope for application security professionals. Any info would be really helpful,

Thanks
Raghu

Prasanna said...

Raghu,

CISSP definitely adds value to your skills, experience and ofcourse to your career (read resume:). I found CISSP content - both course material and exams very helpful in making sound judgments about the security posture in day to day activities.
It has also given me access to many experienced professionals through various forums. But one should not do it just from certification perspective, but the overall value it adds to one's skills and long term goals.

I think the jobscene for AppSec folks in bangalore is just improving...the same goes for security in general.

Good Luck,
Regards,
Prasanna V

shekar said...

Hi Prasanna,

I'm planning to take the CISSP exam in April 2010.

Please suggest me the material and dumps for preparing the exam

Thanks is Advance.

Regards
Shekar

Anonymous said...

I would like to share my experience with all those who are trying to certify for CISSP. I just received an email a few days ago that I have passed the examination. I have been working in the IT industry for over 20 years. Much of my experience has been architecture and application project management and delivery. The most relevant work experience I have with Security is Identity Management which I have been doing for the last 4 years. I learned about CISSP in October, 2009 and start working on it right away because the exam day was on January 16, 2010. I couldn't afford any kind of training. I purchased 2 books, the CISSP Dummy and Sharon All-in-One 3rd edition. I spent a month on the Dummy book and move on to the other for the rest of the time. I re-read the Network, Cryptography, and Access Control capters twice because I wasn't doing well with the practice tests. I found a website with free practice questions and I spent the last two weeks on it. During the exam, I was shock by what I saw because nothing was remotely similar to the practice tests I took. Every choices in each question seem to be the correct answer. I would say there were only about 10% of the questions I felts I got the correct answer for sure. For the rest of the questions, all I can say is I picked the best answer possible to the best of my knowledge. When the exam is done, I pretty much right off my chance of passing it. I felt so drained and discouraged that I put those two books away and thought about moving to a different path. I then enrolled to a community college for CCNA certification. I completed forgot about the whole CISSP ordeal. Then, to my surprise, I got the email that I passed. I am so excited that I just want to share it with someone.

Andy said...

@Anonymous

Way to go! I'm currently studying for a May 2010 exam timeframe.

CISSP for Dummies
Shon Harris AIO 5th Edition
cccure.org practice questions
and hopefully a bootcamp the week right before the exam

Looking back, is there a book or source you regret not turning to in advance of the exam? In particular your comment about the questions being very different stood out to me.

Prasanna said...

@Anonymous. Congrats, glad that the comment form gave you an expression of Joy and also inspiration to others, reading your post!!!

Prasanna said...

@Andy, The Official ISC2 Guide may be a good source of reference material.

As for questions, they are simply NOT SIMILAR to any mock exams!

Good Luck,
Prasanna

Anonymous said...

Andy,

The resources you have are identical to what I used, no more, no less. I have no regret whatsoever in my choice of material because I truly belief that one can never find mock exam similar to what you will face it the exam. This is just my guess that the isc2 has a team of folks working full time on coming up with questions making sure that you will not see it anywhere else. I have to hand it to them that there is only so many ways to ask someone about a concept and they manage to make it diffent every single time. There is about 20% memorization and you really have to understanding the concept enough to handle all the tricky questions. When I study, I spend about 15 to 30 minutes on reading and then I will stop and think about the topic on and off the rest of the day. So, you can spend 2 to 3 hours finish reading one domain but a week or so just to think. The thought process includes asking youself questions and answer the questions, validating with you working experience, and work on the mock examination. I did not participate in any study group or mention it to anyone at work. After I told some of my co-workers, they said what I did was very difficult because a lot of folks took seminars and fail the exam in several attempts. I think that anything is possible if you put your mind into it. So, best of luck to you.

Clement Dupuis said...

Good day,

This is Clement from the CCCure.org web site. I just wanted to say thanks for the kind words about my website and CONGRATULATION on your success.

This is really great.

Thanks for sharing your study plan and feedback with the community.

Best regards

Clement

mithun said...

hank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun. thank u
CISSP Exam

gowshika said...

My cousin recommended this blog and she was totally right keep up the fantastic work!


CISSP Practice Exams

sharma said...

hi.
take a look at sample exam questions with free exam valuation (certificate) at yasna.com/cissp.
This motivated me to take up the cissp certification at first.

Steffi said...

I actually enjoyed reading through this posting.Many thanks.

CISSP

Free Antivirus Download said...

CISSP exam is not effortless in passed. free antivirus download

Serpil Dilay said...

Passed the (ISC)2's CISSP Certification Exam recently and here are some advices that helped me pass the exam. Try to learn from any video course provider for CISSP. Personally I did use CBT Nuggets. They are good and short. You can complete their Video Course for 12 hours. I did run the video course for 4 weekends in a month.

Additionally you should practice with the Exam Prep's there are a lot and pretty much all are the same. Personally I did use an app from an app store called CISSP Certified Information Systems Security Professional - Exam Prep. It is very convenient and practical to have the practice exam in your hands at all time "I was literally practicing even when I went to the toilet" the benefits of technology this days.

You should be able to pass after all of this. I hope this was helpful enough.

Serpil