I've been working at e92plus for a while and have meant to take my CISSP (Certified Information Systems Security Professional) exam, but was put off by my peers with the old adage that "it's a mile wide and an inch deep" or putting other things first, like my family.
I did mean to take the exam this summer, but other commitments meant I rescheduled it to the end of this year. September this year was my 7 year anniversary at work, so I decided to go for it, rather than reschedule it to next year.
I did my research and I bought a few books. I had the following books:
- The Official (ISC)2 Guide to the CISSP CBK (3rd Edition)
- All in One CISSP Exam Guide by Shon Harris (6th Edition)
- CISSP Study Guide by Eric Conrad, Seth Misenar & Joshua Feldman (2nd Edition)
- CISSP 11th Hour Study Guide by Eric Conrad
- Exam Cram CISSP Practice Questions by Michael Gregg (3rd Edition)
Before I tell you how I found these books, I have to give some of my background. I've worked in IT for 19 years, starting from a more generalist IT support role, to a more focused security role. I have been an MCP since 1998, as well as hold an MCSE for NT4 and Windows 2003. I have had roles where I was part of the DR/BCP planning team as well. I carry out presales consultancy, installations, some support and training in a number of solutions, but seem to focus on two factor authentication and SSL-VPNs.
With that in mind, I'll let you know what I think of the books!
The Official (ISC)2 Guide was a little dry for me, but was starting at too basic a level for me. I would expect my less experienced engineers to be able to read and understand the topic from this book, but it's a thick book!
The Shon Harris book is recommended by a lot of people, but I found the book too chatty for me. I wanted my facts and less fluff.
The Eric Conrad books helped me pass my exam! It was written at the right level for me, and there was a lot less "chat" with these books. The study guide is around 500 pages, but the 11th Hour book which I read on the train into London is less than 200 pages summarising what I consider the essentials.
The Exam Cram was good for the software to let me test my knowledge after reading the Conrad book.
My experiences may not work for you, but I was using the books above, the supporting Conrad website for podcasts and tests, as well as the TechTarget website.
There is no score, but I was thankful I passed the exam today!
I have been unsociable (more so than normal) for the last month or so, and my Freeview (PVR) box is overfilling with programmes I haven't watched. My children will see me again, just in time for Christmas!
So Merry Christmas to you all and if you decide to do you CISSP, let me know how you get on.