How to prepare for the CISSP

The CISSP is a valuable certification, but it takes a lot more than just your many years of experience to prepare for it. You will likely have to learn about a lot of technology and processes that you’ve never worked with, some of it not especially current and all of it a lot less vendor-specific than you’ve ever imagined.


  • Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
  • Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.

    To get the certification, applicants are required to have at least five years of experience in at least two or more of these domains, but even that isn’t enough to make the test easy. Far from it! So you very likely need to spend some study time in the areas that you haven’t had work experience in – and likely in some that you have.

    The prep class was well worth the time and money spent because it not only helped to familiarize me with a lot of technology that I haven’t ever used, but it gave me an idea what to expect – something of a CISSP exam taking philosophy – and boosted my confidence that I will be able to understand the questions and (mostly) pick the right answers if I spend enough time getting ready. My “boot camp” was taught by two instructirs from the University of Texas at San Antonio – Tomm Larson and Kevin Kjosa (pronounced “Cho-sa”). They did an excellent job of explaining the material and provided guidance and encouragement during our intense five day class. We spent the whole of five days (8 AM to 5 PM, Monday-Friday) with only short breaks and a Q&A session each day during the latter part of lunch hour to get ourselves spun up both technically and emotionally.

    Having a room full of fellow students with many different perspectives and work experiences helped quite a bit. I learned some interesting and relevant things from other students and expect to keep in touch with several of them. One group of students from the class plan to keep meeting and studying together – a great idea for anyone who lives or works close enough to other students to pull that off.

    I feel that I still need to read through the text – Shon Harris’ CISSP All-in-One Exam Guide, 6th Edition – provided with the class slowly and thoughtfully and take a lot of practice tests before I’m going to feel ready, but I’m on a roll now and it’s just a matter of time. Had I not been out of energy by the time I got home every night, I might have tried to read at least some of the material every night when I got home. But we’re talking something like 1,400 pages! Plus, my commute and online teaching eat a chunk out of my days. I think I’ll be spending some of my free time over the next few months filling in gaps and finding ways to keep some things – like all the RAID levels – straight in my head.

    One of the things that surprised me is how vendor neutral the test is. It doesn’t ask questions that are specific to Cisco equipment or Solaris OS.

  • Photo Credit: 

    Sandra H-S

    Join us:






    Spotlight on ...
    Online Training

      Upgrade your skills and earn higher pay

      Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


      Learn more

    Answers - Powered by ITworld

    Ask a Question