Well, I'm another on the pass list. I took the test a few weeks ago in
Austin, TX on a Sunday and heard that I passed the following Friday. I just
got my card and cert in the mail yesterday, and I wanted to let you know
what I did to prepare, which was a little different than what I've read.
Shon Harris Book - This was the first thing I used. I read all ten of the
domain-related chapters, and I wrote down anything I didn't know (which was
obviously quite a few pages!). I thought this was a very good first step to
prepare me, and it filled in a lot of blanks. I also reviewed the prep
questions, and after taking the test, I will say that some were useful, some
were not. My notes from this book gave me a good studyguide for the rest of
my preparation.
Krutz & Vines Book - I took this one out of the library and used it as a
reference, to clarify something that didn't make sense. I also used the
prep questions. Like the Shon Harris book, some questions were useful, some
were not.
Cccure.org questions - These were very helpful to me. I found out during
training (mentioned below) that some of the questions here are not related
to things on the test, but overall they were good to help prepare for the
question wording, the long exam, and a good chunk of the exam content.
CISSP-D Mailing list - This group was very helpful. I posted an occasional
question regarding something I had read, and got a couple of quick,
intelligent responses each time. Also, it was useful for me to just read
the threads of others.
Hands-on Experience - In my mind, nothing you read can replace this one. I
have been working for a few years in a position dedicated to security, which
is a big plus when taking the test. I know some sysadmin or networking
types that take the test, and they can do very well, but my personal
experience is that being a dedicated security engineer helps you to develop
a security mindset and not be distracted by a lot of other things. I am not
saying that this cert isn't valuable for sysadmins (quite the contrary),
just that my recent concentration really helped me prepare.
The Training Camp - I went to a week-long preparation course offered by The
Training Camp. I thought that this course was absolutely fantastic. This
company is the "official" CISSP training provider for ISC2, and that is why
I took the course. I did the 7 day track, with 8am-6pm sessions during the
week, review questions at night, a Saturday practice test and the exam on
Friday. The course material was extremely close to what was on the test,
and quite often during the exam I found myself remembering my teacher
discussing the topic clearly. I was so glad to take the course right before
the exam, as everything was fresh in my head. My teacher was Dennis Lee,
and I have to give him kudos for a great job. He kept a high level of
energy the whole time (yes, even during the Crypto domain!). We also had
side discussions on some of the topics I had covered in my other prep
materials that were not actually on the test. For example, there are quite
a few questions on Cccure.org that relate to vendor-specific information
and/or U.S. standards, and there are also some topics in the Shon Harris
book that she goes into some really nice detail on, but they are not on the
exam. (No offense, Shon and Clement, your work is still excellent and
helpful!). I was just glad that during my ramp-up of studying right before
the test that I knew what was on the test and what wasn't, so I concentrate
on what was important. The class itself cost $4500, which includes the
exam, hotel and breakfasts and lunches for the week. I was fortunate enough
to have a company that paid for it. I received some good-spirited flack
from a friend I know through my work with the SANS organization for not
going to their course offering, but I believe that if you want a cert, get
your training from the source.
Overall, it was a great experience, very educational, and a lot of fun.
Good luck to anyone else working on this cert, and feel free to drop me an
email with any questions. Just be sure to reference this mailing list in
the subject line so I open it! :) Thanks to those on this list for
answering my questions and those who posted good questions, initiating a
nice discussion.
And this is the first email I'm sending with CISSP in the signature! Time
to update the resume. :) Anyone know someone looking for a security
engineer in the South Jersey/Philadelphia area? :)
Jerry Patterson, CISSP
Senior IP Security Engineer
Comcast IP Services
"What troubleshooting have you done that makes you believe it's the
firewall?"
