SecurITyCerts dot Org

       Navigating Security Certifications

Subscribe to SecurITy, our free newsletter

CISSP Training or Self Study?

Planning on taking the CISSP exam? You can't just waltz in and take it even if you have decades of experience. The CISSP covers such a wide area of information that it's simply near impossible that you have broad enough experience.

There are plenty of good CISSP training classes available, often called "boot camps" because they tend to be long and intense (disclaimer: I sometimes lead CISSP training bootcamps). Self study, using some of the excellent study guides available is also a valid option. Which is best for you?

Some people prefer live training and learn well from live events, and if that describes you then a CISSP training class is a great option IF you can afford it and have the time available. Do you learn well from instructor led training? A CISSP boot camp will give you a massive blast of information, and let you know what you need to spend more time studying.

You will not be ready to take the CISSP exam immediately after a CISSP bootcamp. Yes, if you cram and get lucky, perhaps, but planning on being lucky is not a great strategy.

I learn very well from live instructor led events, even though my mind wanders and I never catch everything. I didn't however have the time to attend a CISSP training class.

Other people do very well with self study. I do OK with self study, despite being a world class procrastinator, but prefer live instructor led events. Having a large dedicated amount of time works very well for me and many others (6 days out of the office to concentrate on one thing? Awesome!). Besides, the networking is better, and I learn a lot from other people, not just instructors. I go to many live events, and as an independent consultant happily pay my own way.
Two excellent and recommended CISSP study guides are:
CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris
The CISSP and CAP Prep Guide: Platinum Edition by Krutz and Vines

Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press Series), the "official guide" is a good reference, but don't plan on studying from it. It's like eating cardboard or reading a dictionary. Good fiber and educational, but not a "study guide."

Do you have the dedication, self control, and drive to study an hour or two most nights for perhaps a few months? If so, then studying for the CISSP on your own may be a great option.

In my case, I fall asleep much too easily at night when reading, and I passed out many nights to wake up at 7ish AM on the couch, with all the lights on, and my CISSP study material on my chest! I fall asleep so easily when reading exciting stuff at night, and honestly not all CISSP topics are going to excite anyone - although I find many of the domains utterly fascinating.

Now self study may be the only option you have, but realize that even with lots of experience, you may need to study for MONTHS to be ready.

I took a hybrid approach. I used the SANS SelfStudy for CISSP, and got audio files (mp3s) of my friend Eric Cole teaching the course live, as well as the course material. I listened in the car everyday, and sometimes fell asleep at night listening to Eric too (which did cause some truly bizarre dreams). I read through all the course material once, and on sections where I knew the least, or faired the worst on the SANS sample test questions, several times. There are other "hybrid" approaches as well such as Web based training etc.

Do you learn well from video? If so, then the newly updated Shon Harris CISSP Solution Package might be a good investment.

So should you take a CISSP training class, study on your own, or ???? It depends on your resources and learning style. How do you learn best? Do instructor led live events work well for you, or is studying on your own more effective? Can you have dedicated time during the day to study, or like me will you attempt to study at night after the kids are in bed? Maybe some hybrid is better for you? All these techniques do work, it's just a matter of what works well for you and what resources you have available.

CISSP Self Study Resources

Ted Demopoulos at Caesars Palace
Ted Demopoulos,  Caesars Palace