Welcome! Today we’ll be reviewing CISSP: All-In-One Exam Guide by Fernano Maymi and Shon Harris.
Review Summary
- Length: 25 chapters, 1253 pages
- Cover Type: Hard
- Personal Completion Time: Roughly 4 months
- TL;DR Summary: A comprehensive study guide for studying the CISSP exam. Thorough, complete, and a great resource. I would recommend this if you wanted a very comprehensive coverage of the CISSP exam material; I also think it’s best suited to be used as supplementary/reference material in conjugation with lots of study questions!
- Book Link: Amazon
- Final Rating: 5 / 5 Stars
Please check to make sure that you’re purchasing the latest edition of any certification study material you find on this website – these links go outdated easily!
In case you were wondering – yes, this is the book that is responsible for my current “Associate of ISC2” status and the passing score on my CISSP examination. Its long, its bulky, and it (strangely) looks eerily similar to one of Michael Meyer’s many CompTIA study guides – and strangely enough it’s formatted and conveyed like one of Mike’s study guides too, for all the right reasons. While you could use this book exclusively to study for your CISSP, I can tell you from first hand experience that in order to pass the exam you’ll want to practice as many study questions as possible! The exam itself is many hours long and generally ask you questions from the perspective of an ISSO – you’re the person with both the power and responsibility to make the changes that need to be made to successfully secure your companies information systems.
Truthfully, the CISSP is the hardest certification exam I’ve taken to date – and for a non obvious reason. When I took and passed this exam I had roughly 6 months of hands on experience as an AISSO while its generally expected that you have a minimum of 5 years of hands-on experience in cybersecurity prior to taking the exam. The reason for this is obvious – all the questions they ask you on the exam are easy to answer if you’re a cybersec pro, and difficult if you’re a novice. At this point you may be thinking to yourself, “How do create an exam, like the CISSP, that’s difficult to pass if don’t have the required experience? Don’t they cover everything in the CISSP study guide?”; this is a valid question, but the answer isn’t an obvious one. From a novice’s perspective, I can say that it appears like they made the questions very vague and, more frustratingly, often times there is no “perfect answer”.
When these facts are reflected on you may start to piece together why this makes it difficult for the novice – the novice doesn’t have the experience to realize this is how cybersecurity works in reality. In reality, it’s very rare to implement the “perfect cybersecurity solution” for a variety of reasons, usually boiling down to an odd mixture of constraints on both time and money. The cybersecurity veteran, however, realizes this intuitively – and, more importantly, has enough real-world experience to understand all options available, including the next best solution to any given problem. This, for better or for worse, is what the CISSP expects of you – the exam covers your intuitive understanding of all cybersecurity concepts, and how imperfect solutions can be used to solve real world problems; for the CISSP, knowing the CBK (“Common Body of Knowledge”) may not be enough, you need to know how to think on your toes from the real-world perspective of an ISSO tacking actual problems, and that was way more difficult than I originally thought.
Final thoughts on this study guide – it’s good, but you’ll definitely want to pair it with some secondary material to answer as many study questions as possible. While I did end up passing the exam, I think I would’ve had an easier time had I spent more time answering practice questions. In short, if you read this material cover-to-cover and take the exam seriously I think you’ll have a much easier time if you decide to go take the exam yourself and if you do I wish you the best of luck!