Let’s prepare for the CISSP #BetterTogether

Uncategorized 8 Minutes
Person reading CISSP Study Guide 2024 with CISSP preparation banner overhead
A woman studies for the CISSP certification in a library setting with books and laptop.

Hi Ya’ll! Since I unfortunately still have time on my hands, I’m going to keep on, keeping on, and learn as much as I can. I am focusing on AI knowledge and also advancing my security skills, since I have led many Identity and Access projects. Also, I feel that in addition to AI being who knows how big, I think securing it is almost as important if not more so.

I’m making an aggressive plan to take and pass this by the end of June. SOooooo….as I find things, I’ll post them here. I ya’ll have good ones also, I’ll post them here also to share….provided no actual questions are provided…..please DO NOT do that.

To start I had CLAUDE make a flash card app to study CISSP Drill Cards. I’ll test it out and refine it as needed. For now, we’ll call this an “Appetizer”. As I drill down deeper into each domain, I’ll make a “main course” slide for each domain as I progress in my training.

CLAUDE’S BEST FREE AND LOW COST STUDY GUIDES

Here’s a well-organized breakdown of the best free and low-cost CISSP study resources:

πŸŽ₯ YouTube / Video Courses (Free)

Kelly Handerhan β€” Cybrary CISSP Course The most universally praised free resource. She constantly reminds students to consider risk, business impact, and organizational perspective when answering questions β€” many candidates credit her approach with helping them finally understand what CISSP is really testing. The course covers all eight domains with lectures, examples, and exam tips. Cybrary requires free registration to access the core content. Also watch her video “Why You Will Pass the CISSP” β€” it’s a mindset changer. Certified CISSP

Pete Zerger β€” Inside Cloud and Security (YouTube) His CISSP Cram Video is free on the Inside Cloud and Security YouTube channel, and beyond his exam cram videos he also has many great videos covering the CISSP material. His videos on “How to Think Like a Manager for the CISSP Exam” are especially valuable. Medium

Technical Institute of America (YouTube) Their “50 CISSP Practice Questions” video is a good resource for getting into exam mode. Medium

πŸ“‹ Official Free Resources (ISCΒ²)

  • CISSP Exam Outline β€” Start with the official CISSP Exam Outline from ISCΒ². This document lists every topic the exam can test β€” not might test. Download it free at isc2.org. Certified CISSP
  • ISCΒ² Free Quiz β€” ISCΒ²’s free quiz has only 10 items, but serves as a good starting point for getting your feet wet. Infosec Institute
  • Official ISCΒ² Flashcards & Study App β€” free to download, great for on-the-go review.

πŸ’¬ Communities (Free)

Reddit has several communities that can be helpful β€” r/CISSP and r/Cybersecurity are especially useful because their members can provide CISSP-specific guidance. There are also Facebook groups and Discord channels dedicated to supporting those taking the CISSP exam. Infosec Institute

The Certstation Discord is a great place to share resources, get advice, and connect with peers studying cybersecurity. GitHub

🌐 Free Websites & Practice Questions

  • Study Notes and Theory (studynotesandtheory.com) β€” Offers hours of CISSP videos, practice questions with full explanations, flashcards, and free content just for signing up. studynotesandtheory
  • CareerEmployer.com β€” Free CISSP practice tests with 285 questions covering all 8 domains.
  • GitHub: jefferywmoore/CISSP-Study-Resources β€” A curated collection of study and reference materials from someone who passed at 100 questions in April 2025, updated for the current exam objectives and the 10th edition of the Official Study Guide. GitHub
  • QuantumExams β€” Helps identify where you need work on understanding concepts holistically; the questions are challenging, but scenarios are more like the real exam than most other tests. GitHub
  • TechExams.net β€” A forum where users share exam techniques and practice questions to help each other earn higher scores. Infosec Institute

πŸ“š Low-Cost Books (Worth the Investment)

  • ISCΒ² Official Study Guide, 10th Edition (Sybex) β€” The authoritative baseline. Bundle it with the Official Practice Tests book for 1,300+ questions.
  • CISSP All-in-One Exam Guide (Shon Harris / Mike Chapple) β€” great for reinforcing and clarifying concepts from the OSG.

🧠 Key Mindset Tip

The CISSP is a management-level certification. You’re expected to synthesize and apply concepts from across knowledge domains. Thinking like a manager, CEO, or owner means you are a business enabler finding solutions that reduce risk in a cost-effective manner β€” and that’s how you should approach every test question. GitHub

Claude’s 7-week study plan

Here’s a well-organized breakdown of the best free and low-cost CISSP study resources:

πŸŽ₯ YouTube / Video Courses (Free)

Kelly Handerhan β€” Cybrary CISSP Course The most universally praised free resource. She constantly reminds students to consider risk, business impact, and organizational perspective when answering questions β€” many candidates credit her approach with helping them finally understand what CISSP is really testing. The course covers all eight domains with lectures, examples, and exam tips. Cybrary requires free registration to access the core content. Also watch her video “Why You Will Pass the CISSP” β€” it’s a mindset changer. Certified CISSP

Pete Zerger β€” Inside Cloud and Security (YouTube) His CISSP Cram Video is free on the Inside Cloud and Security YouTube channel, and beyond his exam cram videos he also has many great videos covering the CISSP material. His videos on “How to Think Like a Manager for the CISSP Exam” are especially valuable. Medium

Technical Institute of America (YouTube) Their “50 CISSP Practice Questions” video is a good resource for getting into exam mode. Medium

πŸ“‹ Official Free Resources (ISCΒ²)

  • CISSP Exam Outline β€” Start with the official CISSP Exam Outline from ISCΒ². This document lists every topic the exam can test β€” not might test. Download it free at isc2.org. Certified CISSP
  • ISCΒ² Free Quiz β€” ISCΒ²’s free quiz has only 10 items, but serves as a good starting point for getting your feet wet. Infosec Institute
  • Official ISCΒ² Flashcards & Study App β€” free to download, great for on-the-go review.

πŸ’¬ Communities (Free)

Reddit has several communities that can be helpful β€” r/CISSP and r/Cybersecurity are especially useful because their members can provide CISSP-specific guidance. There are also Facebook groups and Discord channels dedicated to supporting those taking the CISSP exam. Infosec Institute

The Certstation Discord is a great place to share resources, get advice, and connect with peers studying cybersecurity. GitHub

🌐 Free Websites & Practice Questions

  • Study Notes and Theory (studynotesandtheory.com) β€” Offers hours of CISSP videos, practice questions with full explanations, flashcards, and free content just for signing up. studynotesandtheory
  • CareerEmployer.com β€” Free CISSP practice tests with 285 questions covering all 8 domains.
  • GitHub: jefferywmoore/CISSP-Study-Resources β€” A curated collection of study and reference materials from someone who passed at 100 questions in April 2025, updated for the current exam objectives and the 10th edition of the Official Study Guide. GitHub
  • QuantumExams β€” Helps identify where you need work on understanding concepts holistically; the questions are challenging, but scenarios are more like the real exam than most other tests. GitHub
  • TechExams.net β€” A forum where users share exam techniques and practice questions to help each other earn higher scores. Infosec Institute

πŸ“š Low-Cost Books (Worth the Investment)

  • ISCΒ² Official Study Guide, 10th Edition (Sybex) β€” The authoritative baseline. Bundle it with the Official Practice Tests book for 1,300+ questions.
  • CISSP All-in-One Exam Guide (Shon Harris / Mike Chapple) β€” great for reinforcing and clarifying concepts from the OSG.

🧠 Key Mindset Tip

The CISSP is a management-level certification. You’re expected to synthesize and apply concepts from across knowledge domains. Thinking like a manager, CEO, or owner means you are a business enabler finding solutions that reduce risk in a cost-effective manner β€” and that’s how you should approach every test question. GitHub

.plan-wrap { padding: 1rem 0; font-family: var(–font-sans); } .week-card { background: var(–color-background-primary); border: 0.5px solid var(–color-border-tertiary); border-radius: var(–border-radius-lg); padding: 1rem 1.25rem; margin-bottom: 12px; } .week-header { display: flex; align-items: center; gap: 12px; margin-bottom: 10px; } .week-badge { font-size: 12px; font-weight: 500; padding: 3px 10px; border-radius: var(–border-radius-md); white-space: nowrap; } .week-title { font-size: 15px; font-weight: 500; color: var(–color-text-primary); } .week-hours { font-size: 12px; color: var(–color-text-secondary); margin-left: auto; white-space: nowrap; } .domain-tags { display: flex; flex-wrap: wrap; gap: 6px; margin-bottom: 10px; } .domain-tag { font-size: 12px; padding: 3px 9px; border-radius: var(–border-radius-md); border: 0.5px solid var(–color-border-tertiary); color: var(–color-text-secondary); } .tasks { list-style: none; padding: 0; margin: 0; border-top: 0.5px solid var(–color-border-tertiary); padding-top: 8px; } .tasks li { font-size: 13px; color: var(–color-text-secondary); padding: 3px 0; display: flex; gap: 8px; align-items: flex-start; } .tasks li::before { content: “β†’”; color: var(–color-text-tertiary); flex-shrink: 0; } .phase-label { font-size: 11px; font-weight: 500; letter-spacing: 0.08em; text-transform: uppercase; color: var(–color-text-tertiary); margin: 1.5rem 0 8px; } .tip-box { background: var(–color-background-secondary); border-radius: var(–border-radius-md); padding: 0.75rem 1rem; font-size: 13px; color: var(–color-text-secondary); margin-top: 1rem; border-left: 3px solid #5DCAA5; border-radius: 0; } .tip-box strong { color: var(–color-text-primary); font-weight: 500; } .pill-phase1 { background: #E6F1FB; color: #0C447C; } .pill-phase2 { background: #EAF3DE; color: #3B6D11; } .pill-phase3 { background: #EEEDFE; color: #3C3489; } .pill-phase4 { background: #FAEEDA; color: #854F0B; }

CISSP 7-Week Study Plan

Phase 1 β€” Foundation (weeks 1–2 Β· 8–12 hrs/week)
Week 1 Domain 1 β€” Security & Risk Management ~10 hrs
15% of exam Heaviest domain Think like a manager
  • Watch Kelly Handerhan’s Domain 1 on Cybrary (free)
  • Read ISCΒ² Exam Outline β€” understand what’s actually tested
  • Flashcards: risk terminology, CIA triad, legal/regulatory concepts
  • 15–20 practice questions daily (CareerEmployer or Study Notes & Theory)
  • Watch: “Why You Will Pass the CISSP” β€” Kelly Handerhan (mindset)
Week 2 Domains 2 & 3 β€” Asset Security + Security Architecture ~10 hrs
10% + 13% of exam Crypto-heavy
  • Cybrary: Domain 2 (shorter) + Domain 3 (crypto, models, architecture)
  • Focus extra time on cryptography β€” consistently hardest area
  • Pete Zerger YouTube: Security models & architecture explainers
  • 10–15 practice questions per domain; log weak spots
Phase 2 β€” Build-out (week 3 Β· 8–12 hrs/week)
Week 3 Domains 4 & 5 β€” Networks + IAM ~10 hrs
13% + 13% of exam Likely your strongest area
  • Leverage your hands-on experience β€” these should move faster
  • Cybrary Domains 4 & 5; supplement with Pete Zerger IAM videos
  • Review OSI model, protocols, firewall types, VPN, zero trust
  • IAM: federated identity, OAuth, SAML, Kerberos, PAM
  • 20+ practice questions; start timed sets (90 sec/question)
Phase 3 β€” Intensive (weeks 4–5 Β· 20 hrs/week)
Week 4 Domains 6, 7 & 8 β€” Assessment, Ops & Software Dev ~20 hrs
12% + 13% + 11% of exam
  • Cybrary: Domains 6, 7, 8 β€” all three this week
  • Domain 6: pen testing types, audit strategies, vulnerability management
  • Domain 7: incident response, BCP/DRP, forensics, change management
  • Domain 8: SDLC, security in code, agile vs waterfall
  • 40–50 practice questions/day across all domains
  • Start using QuantumExams β€” harder scenario-style questions
Week 5 Full review β€” all 8 domains, attack weak spots ~20 hrs
Consolidation week Fill all gaps
  • Watch Pete Zerger’s full CISSP Cram Video (Inside Cloud & Security)
  • Pull all flagged/wrong questions β€” re-drill those topics specifically
  • Take 2 full 125-question timed practice exams (simulate CAT format)
  • Join r/CISSP β€” read recent “I passed” posts; note mindset patterns
  • Study Notes & Theory: scenario-based questions daily
Phase 4 β€” Final prep (weeks 6–7 Β· 20 hrs/week)
Week 6 Exam simulation & mindset lock-in ~20 hrs
Exam-mode only No new material
  • 2–3 full timed exams this week; review every wrong answer deeply
  • Pete Zerger: “Ultimate Guide to Answer Difficult Questions” (YouTube)
  • Watch: “How to Think Like a Manager” β€” internalize the mindset
  • No new concepts β€” reinforce what you know
  • Practice eliminating wrong answers, not just picking right ones
Week 7 Final cram + exam day Light β€” protect your brain
Rest is studying
  • Days 1–3: light review of your personal flashcards/weak areas only
  • Day before exam: no heavy studying β€” review mnemonics, sleep well
  • Exam day: arrive early, read every question twice, think risk & business
  • Remember: the CAT exits early only if you’re clearly passing or failing
The golden rule: Every CISSP question has a “best managerial answer.” When two answers seem right, pick the one that prioritizes risk management, policy, and least disruption over technical heroics. You’re the CISO, not the sysadmin.

A few things worth calling out for your situation specifically:

You’re in a sprint, not a marathon. 6–7 weeks is aggressive but very doable for someone with 2–5 years of hands-on experience. Domains 4 (Networks) and 5 (IAM) should feel familiar β€” don’t over-invest there. Pour that saved time into Domain 1 (Risk Management) and Domain 3 (Cryptography), which tend to surprise experienced practitioners.

The CAT format changes everything. The exam adapts in real time. You could pass at 100 questions or go to 150 β€” don’t panic either way. The algorithm is testing your consistency above the passing threshold, not your speed.

Your biggest risk is over-rotating on memorization. The CISSP doesn’t ask “what is AES?” β€” it asks “as a CISO with limited budget, which encryption approach best balances risk and cost for this scenario?” Practice questions that force you to reason, not recall.

Unknown's avatar

Published by markbgrimes

Published

Leave a comment