Blog

Pass the CISSP for $100 — Security Ideals

Written by Steve Huffman | Apr 28, 2021 4:00:00 AM

Here's the list of resources I used to pass the CISSP for $100.  

Official ISC2 CISSP Review (FREE) 

This was an excellent start for me as it introduces the 8 security domains and lots of new security terminology. 

Destination Certification (FREE) 

Mind maps of each domain broken into smaller bits.  I watched a lesson or two every morning while having coffee. 

 

Boson Practice questions ($80 with discount) 

This was the best tool I used to learn the material.  It has a large question bank, but the real benefit is in the explanations that are provided for each answer.  Boson retails at $99, but there's usually a 15% to 20% discount on the site.  

 

FRSecure CISSP Mentor Program (FREE)   

Free CISSP webinar.  This course was very technical and perfect for me.  I recommend going through towards the end of your studies.  

 

Pocket Prep ($20)  

Phone app with a decent question bank.  Keeps stats on your progress. Great for doing quick quizzes.   
 

Certification Station Discord (FREE) 

Friendly community driven to help everyone.  Tons of information on many different certifications.  Has a #quiz-bot Channel. The command to start it is    ?play  

 

Reddit CISSP (FREE)  

Very helpful community.  Pass / Fail testing stories are inspiring.  

 

IT Dojo (FREE)    

2 well thought out questions and explanations per video.  Another one I watched in the mornings.  

 

The following two videos address the "manager mindset."  

Larry Greenblatt - https://www.youtube.com/watch?v=HWg2geVJuvs 

Kelly Handerhan - https://www.youtube.com/watch?v=v2Y6Zog8h2A 

 

Thoughts on the actual exam 

Everything above teaches you the security terminology, the system processes, technical stuff, and the people responsible.  That said, there are about 15 straightforward Boson-style questions at the beginning of the exam.  After that, the test takes on a wordier scenario-based pattern.  Almost as if a lawyer suddenly started writing the questions and bothered to spell out all the acronyms you've been studying.  I found myself reading the questions 2 and 3 times just to decipher what it was actually asking.  Once I figured that out, I eliminate 2 answers and take the 50/50 shot at what I have left.   

 

Very few of my questions were super technical.  Knowing your tech is important, but don't spend a ton of time memorizing encryption ciphers and key bits.  If I had to take it again, I would focus more on memorizing key processes such as but not limited to:  

 

Security Incident Response 

Risk Management Framework      

Forensic Process  

Software Development Lifecycle (SDLC) - I had a lot of SDLC questions. 

Business Continuity Plan (BCP)  

Business Impact Analysis  

Capability Maturity Model (CMM)   

 


Final words,  

Know your tech. 

Know your processes.  

Know who is responsible for what.  

Good Luck!