My name is Omer Kaan Aslim, I have been working in the information security field for five years. I attribute much of my success on the exam to my work experience. I currently provide information security services to federal government contractors. I have provided privacy-related consulting services to a state education agency. As part of my work, I read information security-related NIST special publications daily. I also possess an IT helpdesk and sysadmin background. My past certifications include the CompTIA A+, Network+, Security+, and the EC-Council Certified Ethical Hacker.
The Exam Seeks to Fail Loose Cannons
If you are the person who patches a server before getting approval you will fail this exam. If you like to power off a computer infected with malware before documenting the incident you will fail this exam. The exam seeks to determine if you are a competent information security professional. A competent information security professional follows policies and procedures. A competent information security professional doesn’t protect a $20 bill with a $50 security control. A competent information security professional uses basic security principles to solve complex problems.
How I studied for the CISSP
I read the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (8th edition) several times. It is a big book so it took me a while to get through it
While reading I took notes on what I thought was important. This allowed me to better understand the study materials and gave me a good study guide
I watched the CISSP MindMaps videos on YouTube (see link below)
I completed all of the online practice test questions that came with the book
After answering a practice test question, make sure you read why the answer was correct or incorrect
I used the online practice test question tool that came with the study guide to generate an exam consisting of all the questions I got wrong. I made sure that I answered all of them correctly
I memorized and UNDERSTOOD all of the risk related formulas (ALE, SLE, EF, ARO etc.)
I memorized and UNDERSTOOD the business continuity plan processes, business impact analysis, change management procedures
I memorized and UNDERSTOOD the various cybersecurity related laws and regulations (e.g., CFAA, FISMA, ECPA, HIPAA)
I memorized and UNDERSTOOD the various encryption algorithms and concepts
I memorized the basics of the various security models (e.g., Biba, Bell-LaPadula)
I memorized and UNDERSTOOD the various fire suppression methods
I memorized and UNDERSTOOD the OSI and TCP/IP models
I memorized and UNDERSTOOD the various common ports
I memorized and UNDERSTOOD access control models
I memorized and UNDERSTOOD RAID and other backup methods
I memorized and UNDERSTOOD security control types (e.g., technical, administrative, detective, corrective)
How to Prepare for the CISSP Exam
Read over the book several times. Take notes while reading. After reading the book read all the chapter summaries. Start taking the practice exams for each chapter. Identify which chapters you are weak on and re-read those chapters. Keep taking practice exams, watching the mindmap videos, and re-reading the topics you don’t completely understand. Watch the video “Why you will pass the CISSP”. You will then be ready for the exam.
How to Take the CISSP Exam
Do not go to the exam tired. Get a good night of sleep before exam day. Try to schedule the exam for around noon or later. This gives you time to review before the exam. Some of the questions on the exam are wordy and will require good concentration. While taking the exam, read each question carefully and read each answer carefully. If you studied well you will be able to quickly eliminate choices that are clearly incorrect. I finished the exam relatively quickly, perhaps in 70 minutes. Time wasn't an issue for me even though I carefully read each question and answer.