I cleared my CISSP exam in March 2010. In June 2010, I was finally certified as CISSP by (ISC)². It was the most difficult exam I ever appeared in. Earlier, I was under an impression, that RHCE is the most difficult exam. But CISSP broke the record of “difficult-ness”, at least for me. Since the result came out, many people asked for some sort of guidance on how to clear CISSP exam. And, in-fact, I also had the same thought to put up some article which would prove helpful. Because of lack of free time, and (mostly) my laziness, I could not do it. Today, I decided to get over with it.

Before you start preparing for it, first you should evaluate yourself, whether CISSP is in line with your career objectives or not. CISSP is a more Architect / Managerial role, if I may call it so. If you are looking to move your career from a technical field to more of a managerial / solutions architect position, in the security field, then CISSP may be for you. On the other hand, if you like doing stuff with your own hands, and want to stay a little longer in the technical / hands on field, then may be CISSP is not suitable for you. You may want to go for technology specific professional certifications, such as CEH, LPI, RHCE, RHCSS, CCNP, CCIE, CCSP, etc. There is one more thing. CISSP is not a cake; in terms of the concepts it tests, and the level of English language used in it. If I may use the word “twisted”, for the level of English in the CISSP exam, it would be more appropriate. The exam questions will surely confuse you a lot, if English is not your native language, and/or if your English language skills are weak. The fee is normally in excess of 500 USD. So make sure that you really evaluate yourself against all the points mentioned here.

The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). The CBK is based on a triad known as CIA, or, Confidentiality, Integrity and Availability. There are ten domains within the CBK, which are part of the CISSP exam. These are:* Access Control

  • Application Development Security
  • Business Continuity and Disaster Recovery Planning
  • Cryptography
  • Information Security Governanceand Risk Management
  • Legal, Regulations, Investigations and Compliance
  • Operations Security
  • Physical (Environmental) Security
  • Security Architecture and Design
  • Telecommunications and Network Security

Study material:

First, I want to tell you that I studied for exactly three months, until the day of the exam. That included me going to office and attending family engagements and responsibilities. I studied from 7 AM to 10 PM, every day, without break, other than the necessary ones. The mileage vary from person to person, based on your professional experience, your English language skills, and how much can you absorb. There are a few books, which you can use as text books to prepare for this exam. They are:* Second Edition Of The Official (ISC)²® Guide To The CISSP® CBK®

  • CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris

I would highly recommend all of you to additionally watch the video lessons by Shon Harris, titled: Shon Harris CISSP Video Seminar

Study plan:

To study for CISSP, I recommended the following study plan to a friend of mine. You can adjust this plan as per your liking / pace. Personally I studied from the Shon Harris CISSP book and her video seminars. That is what I have put below in the study plan too. If you want to use some other material you are free to do so.

  • Watch Shon Harris video lessons – One domain each day (10-15 days)
  • Read Shon Harris CISSP book – One domain per two days or less (20 days)
  • Watch Shon Harris CBTs again – One domain each day, making notes of important stuff (10-15 days)
  • Read Shon Harris book again– One domain per two days or less, making notes. Attempt questions at the end of each chapter, and keep a record of your score (20 days)
  • Attempt sample exam at the end of book (one day). Note / mark your weak areas.
  • Read CISSP book, and check internet for weak areas, (e.g. master the Kerberos topic, etc) (5-10 days).
  • Attempt the (same) exam at the end of the book again, and see if you improved yourself. (One day).
  • Re-read the CISSP book again (few days). Attempt CISSP practice exam, available in the CD accompanying the CISSP book. Record your score. (One day)
  • Your score must not be less than 90% in your final preparation exam before appearing for actual exam.

This makes the study duration a minimum 50 days (roughly), and max of 80 days (roughly). Personally, I felt that even 90 days were barely enough for me!

Remember, CISSP is one of the toughest exam in the IT field, and highly respected. Make sure that you prepare very well for it. Be very focused, with all your energies, and InshaAllah (God Willing), you will do it.

I hope this study plan proves helpful. Please do let me know through email, if you find it helpful, or if you feel there is anything unclear, or there is any room of improvement. I would really appreciate that. I am reachable through kamran AT wbitt DOT com

Tahiati, wa, Ma’ ssalama,


Muhammad Kamran Azeem, CISSP