So I passed my CISSP exam last Tuesday and it is not as hard as everyone makes you believe. I've summarized a few tips & tricks to help you pass the exam as well:

  • If it's possible, follow a classroom course. I was lucky enough to follow a 10-day course at Fox-IT which I can recommend to everyone in the Netherlands or Belgium!
  • Do a lot of practice questions/tests. If you get an answer right, great! if you get an answer wrong, you get an explanation on why. For me, there is no better learning than this. I've probably made around 2000 practice questions before I took the exam, the sources I used for that:
    • Sybex / Wiley online questions and tests. These come free with the Official Study Guide. Great starting source.
    • CCCure. Great questions to get to know things. Not to understand it.
    • Boson practice exams. This program gives you access to 5 practice exams of which the questioning comes closest to the real exam.
  • The Eleventh Hour CISSP study guide by Eric Conrad is a great summary to get through when you get close to your exam date. Understand these concepts and the exam will be a breeze.

Finally, the most important thing to know is that you really must understand the concepts, knowing what IPSEC, MD5, IPv6 or BCP is, is not enough. Make mindmaps, try to explain the concepts to your colleagues that aren't as security-savvy etc.

Good luck!

Very cool breakdown and fun to see how things appear to become more realistic...

Source: Wired


Cool research from the Radboud University in which they have found some serious security flaws in SSD's from Samsung and Crucial.

The full research paper can be found here.