CISSP The Easy Way: A 30 Day Plan

Like many of my InfoSec brethren, I am bored to tears with news of the “IT security skills gap.” There are far too many intelligent and hardworking people left on the sidelines because they don’t have the exact right mix of certifications, education, and experience for us to be talking about a skills gap. But I’m not one to complain. Like it or not, InfoSec hiring managers, recruiters, and HR professionals love certifications. So I’m going to show you how to get them!
This study guide is the first in a series of guides I plan to write about how to prepare for information security exams. I’m starting with the Certified Information Systems Security Professional (CISSP) study guide since it is the most recognized Information security exam.
This exam prep guide consists of four phases: plan, review, practice, test. In the following sections, I’ll provide a brief overview of what’s done in each phase. This guide is aimed primarily at experienced IT professionals. Many of you will easily be able to complete this certification in 30 days (or less) by following this plan.

Days 0 to 2: Planning Phase

The purpose of this phase is to make sure you create a study plan that addresses all the CISSP material. Too many people skip this step and are surprised to learn they didn’t spend enough time studying what’s actually on the test. There is no excuse for this.(ISC)2 tells you right up front what’s going to be on the test!
Tasks:
  • Review the CISSP CIB (aka Certification Exam Outline).
  • Schedule the exam.
  • Create your study plan (or follow this one).
Recommendations:
  • Create a dedicated document or notebook for your CISSP studies. I use OneNote, but there are dozens of great alternatives, including paper notebooks.
  • Print a copy of the CIB or write down the objectives in your notebook.
  • Schedule your exam right away! The most time I would recommend to spend on the exam is nine weeks. One week for each domain, plus another for review. If you follow this guide, you shouldn’t need more than 30 days.
  • Set aside a regular study time. If you can devote 90 minutes per day over the next 30 days to get through this process, by day 30 you'll have spent 45 hours of study time preparing for the CISSP.

Days 2 to 10: Review Phase

The purpose of this phase is to make sure you actually cover all the relevant exam material. Don't waste too much time in this phase. Your goal here is to get a high-level overview of what's on the exam. Don't worry if you don't understand the CISSP topics right away. You'll do a much deeper dive into the material in the next phase.
Tasks:
  • Identify and review the most useful exam preparation material.
Recommendations:
Use the Pareto Principle (20% of written material conveys 80% of the information) to reduce your reading time:
  • Read the front and back book covers, table of contents, intro, and conclusion to understand how the book is organized.
  • Read through the glossary and index. Highlight and review any terms that are unfamiliar to you.
  • Skim the rest of the book. Make note of bold or italicized words, notes, tables, and graphs.
  • Quickly review each chapter. Read the first couple sentences of each paragraph to better understand the author’s key points for each section. Review the chapter summary and any review questions.
  • If the chapter doesn't have a summary, then summarize the chapter in your own words.

Days 10 to 25: Practice Phase

The practice phase is where most of your real learning takes place, so it should be the phase where you spend most of your time. You should expect it to take one to two weeks to get through this phase.
For knowledge-based tests like the CISSP, I recommend practicing for the exam using the Feynman Technique. With the Feynman Technique, you test your understanding of the material by teaching (or pretending to teach) it to others. The Feynman Technique requires four steps:
  1. Take out your exam prep notebook and write a single topic from the CIB at the top of each page.
  2. Write down as much information as you can about the topic. Force yourself to use simple terms. Pretend like you’re teaching it to a class.
  3. If you get stuck on a topic, go back to the source material to get a better understanding of it.
  4. Simplify even further and use analogies to better explain the material.
Using the Feynman Technique is the single-best way to guarantee a pass for the CISSP exam. It’s a much better use of your time than re-reading the material or going over incomplete study notes.
Tasks
  • Use the Feynman Technique to teach yourself difficult CISSP topics.
Recommendations:
  • Reference more in-depth material as necessary to fill in knowledge gaps. You can use more detailed CISSP study guides (such as the Shon Harris books) or the supplementary references from the CIB.
  • After compiling your notes, use the Hemingway Editor App to test how clear your writing is. Shoot for the 8th-grade level or lower.
  • Scott Young has a great four-minute intro to the Feynman Technique here: https://www.youtube.com/watch?v=FrNqSLPaZLc

Days 25 to 30: Test Phase

In the week leading up to the exam, you should take at least one practice test that simulates the conditions of the real exam. Transcender.com and the CCCure Quiz Engine offer practice tests that you can use to prepare you for the real exam. Practice tests are useful for helping you to identify gaps in your learning. If you miss any questions on the practice exam, go back and review the relevant material using the Feynman technique.
As for the actual test: You can find dozens of tips on the internet about how to get through the exam. In my experience, it all boils down to preparation and relaxation.
There's nothing special about test day. Just show up and take the test.
If you've followed all the steps up to this point, passing the test is a just a natural result of all the hard work you put in. Get a good night's rest, eat a good meal, and make sure you show up on time and ready to take the test. The rest is just a formality.
Tasks:
  • Take a practice test on day 25 (or earlier) to identify any gaps in your learning.
  • Use the Feynman Technique to go back over any material that you're unsure of.
  • On test day, show up on time and be ready to take the actual exam.
Recommendations:
  • Take some time to read up on test-day tips from other authors. I found Cyber Security Test Tips and Methods by Jim West to be a good resource.
  • Don't let the horror stories discourage you: I found the CISSP exam to be much easier than most people claim. It's nowhere near as hard as the CISSP concentration exams or the CISM. But if you've never taken a certification exam before, it can be a challenge. Don't take it too lightly.
  • Preparation and relaxation are the keys to success. If you've done the proper amount of prep work (40+ hours of study), then the actual exam is easy. Knowing that the test is easy will help you relax while going through it.

Wrapping Up

If you've made this far, I hope you're strongly considering downloading the CISSP Candidate Information Bulletin and getting started on your CISSP journey today. If you've already taken and passed the CISSP, I would love to hear your feedback on this guide, any useful information you think I might have left out, and any additional resources you think my readers would find useful. Please leave a comment below if you have any other questions. In the future, I plan to prepare similar guides for the rest of (ISC)2's exams, ISACA's CISA and CISM exams, and steps I'm taking to prepare myself for the GIAC Security Expert exam.

Thanks for reading and good luck! And please -- like, comment, or share this article if you found it useful or know someone who would.

 

Comments

Post a Comment

Popular posts from this blog

AWS Interview Questions?

AWS Well-Architecture Framework 1. Operational Excellence OPS 1: What factors drive your operational priorities? OPS 2: How do you design your workload to enable operability? OPS 3: How do you know that you are ready to support a workload? OPS 4: What factors drive your understanding of operational health? OPS 5: How do you manage operational events? OPS 6: How do you evolve operations? 2. Security SEC 1: How do you manage credentials for your workload? SEC 2: How do you control human access to services? SEC 3: How do you control programmatic access to services? SEC 4: How are you aware of security events in your workload? SEC 5: How do you protect your networks? SEC 6: How do you stay up to date with AWS security features and industry security threats? SEC 7: How do you protect your compute resources? SEC 8: How do you classify your data? SEC 9: How do you manage data protection mechanisms? SEC 10: How do you protect your data at rest? SEC 11: How do you pr...
Read more
      Domain 1 Emphasize Ethics Emphasize authenticity and nonrepudiation (properties of Integrity) Change “ global ” context to “ holistic ” context (legal and regulatory requirements) Move Investigation types here from Domain 7 Change SCA to Control assessments (security and privacy) Remove Asset valuation from risk management Mention Risk maturity modeling Use the term, Supply Chain Risk Management (SCRM) Mention social engineering, phishing, security champions , and gamification Domain 2 Use the term, asset handling requirements Move Provision resources securely here from Domain 7 Specify data lifecycle Emphasize asset retention (EOL, EOS) Identify Data protection methods Move Digital Rights Management (DRM) here from Domani 3 Domain 3 Specify secure design principles Identify 15 (add 7 more) vulnerabilities of architectures, designs, and solution elements. ( Microservices , Containerization , Serverless , High-Performance Computing systems , Edge computing s...
Read more

How To File Cybercrime Complaint Online In India : Step By Step Process

Image
                                                      Cyber crime Complaint Online In India This is how you can lodge an online complaint about cyber crimes God forbid, but if you are a victim of such fraud. The very first step is to open the website –   https://cybercrime.gov.in/ Step 1 – As you open the website, you will see the following prompt on your screen. You can notice, next to the home button tab, there are two other options – Report Women/Child-Related Crime and Report Other Cyber Crime. Step 2- If a woman or a child is a victim of cyber crime, then you can click this button. Upon clicking, you will find an option of Report anonymously and report & track. If you want to hide your identity then the ...
Read more