# BLUF: I studied for the CISSP for ~2 months, including over 1300 practice Qs. Passed at Q# 100 with 90 minutes remaining. # Background: I have a full time job as a patent attorney with a toddler. So my study time is limited to ~1.5 hours on weekday evenings after my kid goes to sleep and ~1.5 hr per weekend day while the kid is napping. I have experience in private practice representing big tech clients that span e-commerce, memory controllers, RF front-ends modules, computer vision, computer networking, AI/ML, and more. Over the years, I have had to become adept at absorbing new technologies out of professional necessity, which helps a lot for tests like this. # Study Materials: - Pete Zerger’s Exam Cram YT Video + 2025 addendum and drill-down videos - Sybex Official Study Guide (OSG) 10th edition - Sybex Practice Tests book - Destination CISSP - Handwritten note cards - Quantum Exams # Study Methodology: My typical exam strategy is repetitive multi-modal learning with a blitz of practice tests leading up to exam day in order to peak at the right time. I started with Pete Zerger's exam cram plus the addendum. Next, read 1 to 2 chapters of the OSG a day until complete. Then, worked my way through 20 Qs per chapter from the OSG to identify my weak spots while referring to Destination CISSP and hand writing notecards. I circled back to Pete Zerger's drill-down videos on cryptography, frameworks, etc. Finally, I scheduled my exam for 3 weeks out and set a practice test schedule. I took three days off from work with two weeks remaining to devote to practice tests where I would take a QE test in the morning and a Sybex practice test in the afternoon. In the end. I took 3 timed QE exams and 8 Sybex practice tests. The most important part here was to identify remaining gaps and determine why I was getting Qs wrong. I forwent any studying the day prior to the exam but did some light studying the day of the exam to review memory mnemonics and frameworks. # What Worked and What Didn't: - Carrying momentum forward from previous certs helped the most. I sat for and passed the Network+, Security+, and CIPP/US certs (in that order) within the past 12 months. There was tremendous overlap between these certs and the CISSP. - I'm probably in the minority, but I much preferred the OSG to Destination CISSP. The OSG is detailed and provides both context and perspective, whereas I found Destination CISSP too high level for my liking. - My main gripe with the OSG is its index. - I found many terms (even italicized ones) missing from the index such as split-response attacks, TLS offloading, and Graham-Denning. - Sybex practice tests are better written but easier than the actual exam. - However, these were great for comprehensive coverage of the material. - QE practice tests were a better analogue to the actual test. - When answering Qs, QE repeatedly places you in what I'll call the "gray zone" where you have to select the BEST answer from 2/3 right answers. - And, the QE questions can be poorly written at times; like the actual exam. - Finally, a quick plug for Technical Institute of America's 50 hard questions. The mindset espoused in this video was great for framing how to select between answers while in the "gray zone." If you pick one answer, you are forsaking the others, so pick the broadest, most encompassing answer. ![[images/Pasted image 20250808153849.png]] # Endorsement Process - Passed in May 2025. Fully certified on late June 2025. - I went through the self-endorsement route without a referral from a current member. - It took about a month from submission of my employment and educations docs to become a fully fledged CISSP member. This included one reach from ISC2 via email for additional docs with clarifying questions.