When I was getting ready to start studying for the CISSP exam, I was told by others the exam is a mile long and an inch deep. Now after taking and passing the exam, I can verify the assumption personally. Initially I was overwhelmed with how much information one was expected to learn "remember", but as I began to study I realized one important element; understand concepts and the rest will work out, which held true for me during the exam.
In today's age one can’t be required to remember everything; there is so much information that most of us can’t physically do it, other then what we do on a regular basis as it is reinforced by repetition. What are easier to remember and comprehend are concepts, for example how PKI works, or what’s the purpose of a DMZ, or how a firewall works. Understanding the concept of public key cryptology is more beneficial then knowing that RSA has so many bits; a person can just do a quick look up for the bit size of RSA. The reason is that on the CISSP exam they don’t go into great detail but ask questions at a bird’s eye view. In my opinion CISSP is not a technical certification, but a certification that has a broad body of knowledge that helps pull everything together.
So what do you need to pass the Exam?
1. Experience, The CISSP exam really does leverage a person’s experience and being exposed to multiple technologies and methodologies etc. This will be your greatest asset.
2. A good study guide, Experience is good, but not all people have worked in all the domains for the CISSP exam. I used the CISSP for Dummies and Shon Harris Book; it provided information on areas I was weak in and helped reinforce sections that I was already strong in.
3. A testing tool, ISC2 has a testing engine as well as others like CCCURE. This was immensely helpful, as it helped identify areas where I was weak and needed more work.
4. Stamina, the CISSP exam is an endurance tests, read all the questions very carefully, don’t rush you have 6 hours, and most likely you won’t use all 6 hours.
In closing writing the CISSP exam was an overall positive experience for me, I have joined an amazing security community, I have been able to put my technical experience to the test, and I have found out I really do love the security field in IT.