CISSP Study Group: CISSP in 12 Weeks


Article text was originally published as an e-mail on the (now defunct) Yahoo CISSPStudy_1 mailing list. It was a great list, sad to see it go. The picture and hyperlinks were added for this web page.

CISSP In 12 Weeks: A Study Group's Story
By Dale McGladdery, CISSP No. 26654
January 31, 2002

Last summer I decided now was the time to get my CISSP but I couldn't find a study group and didn't want to go it alone. There was excellent study material available but I couldn't find much on running my own study group. I did manage to put a group together and we've all joined the CISSP ranks. Here's how I did it. It's offered to those of you looking for ideas on running a study group.

I sent out an e-mail invitation via a local computer mailing list. It outlined the following:

  • One meeting per week
  • Meetings 1 1/2 to 2 hours long
  • Review one domain each meeting
  • No teaching or seminars; meetings are for review, questions and resource pooling
  • The target date of the exam

Our last meeting before the exam

A lot of people were interested and four joined the group, with one volunteering his house as a meeting location (Thanks again Efren!). One person dropped out due to time pressures and two people joined the group after it started.

The meeting agenda was:

  • 15 minutes or so socializing
  • Questions and concerns on material studied
  • Material review
  • Wrap up/general comments

Using the bullet points from the (ISC)2 CBK Study Guide, each person spoke for 1 to 3 minutes on the subject of the point. The group briefly commented on the answer if it was appropriate (for example, if they saw it differently, had seen a killer reference, or didn't understand the answer). The next person took the next point. Sometimes it made sense to group points up and other times to split them apart. When we couldn't understand what the Study Guide was getting at we just struggled through as best we could. The important thing was the crystallizing effect of having to explain something, listening to the other explanations to see if they matched yours, and the general discussion. We briefly tried a question and answer format but it didn't work as well.

This process definitely needs a moderator. Since I had organized the group this duty fell on me. We had an awesome group, so it was very easy to lead and done almost entirely by consensus. The hardest part was staying on track and not getting into war stories!

When we discovered the Boson exams a group member bought a copy. Another group member had access to a conference room with a projection screen. We had two special Sunday meetings where - with a supply of Timbits (a Canadian version of donut holes) - we went through the exam like we went through Study Guide at our weekly meetings. Each person answered a question, the group commented, then we saw if we were right. The questions didn't reflect the CISSP exam very well, but proved useful for group review. We did the first exam around week 6. It only took 2 hours and was very easy. We did the second exam around week 9. It took 4 hours and was more challenging. If I had it to do again I'd want to do the first exam at the beginning and the second exam around week 7 or 8.

For material we used the www.cccure.org web site, "Information Security Management Handbook" (Tipton) Volumes 1 & 2, "The CISSP Prep Guide", and a wealth of information available from the Internet. One reference we kept coming back too was "The NIST Handbook", SP 800-12. This mailing list and the Security Focus CISSP mailing list were also very helpful.

The day before the exam we got together for a "last lunch." We'd all been doing our own review over the weekend and it was great to pause for a rest before the exam. Speaking for myself it was nice to be with people who knew exactly what I was feeling!

There have already been a number of very good posts on tips for taking the exam. Be sure to read them when the time comes.

One final note. Somewhere around week 4 or 5 my enthusiasm was at a low. Without the weekly meetings I wouldn't have studied those weeks. Without the other members of the group to spot the holes in my knowledge I wouldn't have known they were there. I might still have written the exam in November and I might have passed. I definitely wouldn't have had as much fun, been as well prepared, or made friends along the way.

Syndicate content