When I failed in the pass, came to realize that my knowledge wasn't in-depth enough. I knew the syllabus front-to-back, though I didn't know the comprehensive relations between each other. For example, I know about RADIUS, Diameter and TACACS and all the characteristics, though I didn't know when you should use RADIUS over TACACS. Diameter is easier to understand because it's an enhancement over radius, though do you know when you should use RADIUS over Diameter? If I know RADIUS and TACAS, though not Diameter, then it's pointless knowing only 2 out of the 3, because you need to know the understanding between them all.

My previous mistake before was to read the Shon Harris 'All in one' book. Which you would assume has 'all the information' for the exam. You would be naive to think this because the exam is all about understanding concepts, not about "I know blah blah blah".

I have read some CISSP books gave the description of a particular topic then read the same topic in another book. You will be surprised on the difference. I would propose getting 3 books.

• One very concise (I recommend Shon Harris all in one)
• Cram exam book, (I recommend the Gibson cram book)
• Something in the middle (maybe a new edition of your choice)

Every easy to say, very hard to achieve. This is very similar to number 1, though it's easier to say something like this and forget it without understanding the paramount objective.... you need to know the in's and out's along with scenarios and reason why you would use something over something else, not just the understanding of a topic.

For example:
Diffe-Helman was the first cryptographic algorithm for key exchange. It is however common to man-in-the-middle attacks and blah blah blah

This can all be useless because it's not explaining you the reason WHY it's used in situations or why you would use it over RSA or ECC, because they do key exchange plus more! So why use Diffie-Hellman at all?

(Hint: Diffie-Hellman is commonly used with Virtual Private Network (VPN). If that VPN is operating on the IPSec standard, then Diffie-Hellman is certainly in use).

Now think of a scenario on why you would use ECC for key exchanges over Diffie-Hellman or RSA...

I would recommend constructing a matrix all the possibilities of a particular topic. Fire extinguishers or which glass to use are easy ones for example.

Books, forums, practice questions, audio books, videos etc. should all be used. Don't be an idiot and rely on the 'all-in-one' book

The thing about the CISSP exam is that the syllabus is so large, once you've read the 1000+ book, you've probably forgot what the first chapter was all about. To put things in perspective, I read the book on the train and read the book when in bed, though I would be revising 10-14hrs a day for the remaining 3 weeks just so the CISSP is constantly on my mind. I also replaced my rocky songs to the CISSP audio whist at the gym or walking from one place to another. I was like a machine soaking in the final phase of the revision though I was happy I did this because the exam was much easier this time round, even though I failed by 1% last time.

About the author