I started my prep by reading all of the All-in-one CISSP books. At the end of each chapter, I did the tests to gauge how well I retained the information and then at the end of the book, I took the assessment. I passed all the chapter exams and the assessment the first time. Once I had completed that book, I moved on to the official certification guide where my intention initially was to only use the book as a reference but after seeing how different the two books were from one another, I ended up reading it all too. However, I did things a little differently with the Official Cert Guide! I took the chapter exams first and then I would then read each chapter (not in order). I focused on my weaker areas first and then used the other chapters in the book as a general review and this helped me maintain some of the knowledge. Once I completed each chapter, I took the assessment test in the Official Cert guide. As soon as completed the chapter tests and assessment test, I reviewed the questions I got wrong (chapter by chapter) and then revisited those topics in the book before taking the chapter exams again. Taking the chapter exams again, allowed me to gauge whether I had retained the information and done better than on my first attempt. Summarising the books, I would say that the All-in-one book is very detailed, and it is more than what you will need for the exam. The official CISSP book is perfect and doesn’t go into mega detail when compared to the All-in-one book. If I had to do it all again, I would start by reading the official cert guide first and then use the All-in-one guide to further expand on some of the topics.

Confident that I had exhausted the tests in the books, I downloaded the Official ISC2 app and I would try and do one practice test every other day. Regardless of whether I passed or not, I would review the questions that I answered incorrectly and then refer to those topics in the official cert guide to refresh and understand why I got it wrong. I used the flashcards from the app too but only used these in the last few days before the exam. I went through approx 250 exam essential flashcards 1 day before the exam.

I also purchased the Think Like a manager for the CISSP exam book and read it cover to cover. This book provides some challenging questions and breaks down each potential answer and the correct answer to each question and explains why the answer is the answer. The purpose of the book is to get you to think like a manager or look at the question from a manager’s point of view. While the book is good, especially for technical folks like me, I would say it’s optional because while the exam and the practice questions do cover questions that require a ‘management’ hat on, there is also a good few questions that require technical knowledge.

I took two practice exams from the Pearson Test Prep (Access online via the Official CISSP book). These questions were a lot harder, and I fell short of the pass mark. But these questions are good because they make you think and challenge your understanding of each topic. If you use this resource and don’t pass, don’t use this as an indicator of how well you will do in the exam and the questions in the exam are different. Use this as a tool to solidify your knowledge by answering tough questions.

The exam is very different to any practice test question that you will come across so use each practice test regardless of where you choose to do them as a tool to see how well you understand each topic. Part of the challenge on the exam is understanding the question and often it’s because of the way it’s worded. At no point in the exam did I feel as though I had passed, and I had to read some of the questions about 4 times before answering. I don’t think this is because I wasn’t well, I think it’s because the questions are worded in a way that gets you thinking and second-guessing the answer. Nevertheless, after I read the question, I looked often found myself going through a process of elimination before deciding whether to put my technical or managerial hat on to select what I believed was the right answer. Having industry knowledge also helps somewhat but don’t get bogged down in the ‘but you could also’ or ‘but what if’, especially if you are technical because you’ll waste too much time.

Lastly, I finished the exam relatively quickly (approx 2 hours 40) and the exam stopped after question 125. I thought I had failed because I often took more time with the practice tests, but this is another reminder not to compare practice test performance to the real exam.