CISSP-Study-Resources

CISSP Resources

View project on GitHub

CISSP Study Resources

Material and Resources pursing CISSP Certification!

CISSP Study Resources is a collection of study and reference materials and my notes gathered as I worked towards certification. I passed the exam at 100 questions in April 2025, but I want to continue to improve and add value to this resource to make your certification process easier.

Because there is so much material available, it can be a bit daunting to know where to begin, and what really merits your time and effort. No compilation is exhaustive, but my goal is to gather information that will be useful and encouraging to you as you undertake this effort. At the least, it provides a list of resources, tests, and reference material to review.

The study guides below have been updated for 2025, and now follow the (ISC)² updated objectives and the 10th edition of the Official Study Guide.

Feel free to share this repo or any of the resources if you find them useful. Tell me about mistakes or improvements you think should be made! Connect with me on LinkedIn.

Table of contents

Overview

There is a lot of information on the CISSP exam available, including from (ISC)², associated & third-party instructors and authors, as well as guides put together by those in preparation. If you’re just starting out, I’d recommend the Sybex Study Guide and Practice Test bundle (note that I get a small commission for purchases made through Amazon links).

  • Who is qualified to obtain the CISSP certification? Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Earning a four-year college degree (or regional equivalent) or an additional credential from the (ISC)² approved list will satisfy one year of the required experience. Pursue associate if you have less than that.

  • Think like an owner. The CISSP is a management-level certification. You’re expected to understand concepts, and be able to synthesize and apply them from across knowledge domains. Thinking like a manager, CEO or owner means that you are a business enabler, finding solutions that reduce risk in a cost-effective manner. It means answering test questions from a management or ownership point of view. What choices maximize business outcomes? The board / senior management is relying on you to put security issues and options in business language, work to reduce risk, provide the governance and controls that will help the organization fulfill its mission, and achieve its goals. You are accountable (have ownership) for this process.

  • General exam info
    • You will have 3 hours to answer between 100-150 questions. You can pass/complete or fail in first 100 questions. If you go beyond 100, you are somewhere in between.
    • All domains comprise between 10-16% of the total score.
  • Test-taking strategies
    • Take practice tests (see references below), and time yourself. You should get comfortable with the process, and the exam’s proclivities (e.g. you can’t skip and go back to a question, so answer and move on).
    • During the exam, try reading the question without looking at the answers. In a perfect world, what is the best solution that answers the question or resolves the scenario? I found it helpful to skim the question, and then re-read it looking for key words (MOST important, BEST option etc).
    • Now that you’ve read and processed the question, look at the potential answers. Remember that IRL, you might be able to apply several answers to satisfy the question. But in the test, you can only choose one! In other words, if it were your money or time being spent, which one provides the most “bang for the buck”? If needed, argue with each potential answer: does it meet all requirements in the question? Are any other answers more efficient for time and cost? Does one answer encompass the others?
    • If you have no idea what the answer is, you can generally eliminate at least two answers by thinking about the language used in the question. For instance, the question could be asking for a technology, and two of the answers are about process. Try to avoid answers with absolutes. If you’re still stumped look for one answer that stands out because it’s not like the others.
    • Remember that the first priority for any incident is saving human life.
    • Finally, believe in yourself. Know that you are able to accomplish this! Trust the process: your study and preparation will pay off.
  • Questions to ask on Material Coverage: common challenges during exam preparation relate to things like finding best resources for the way you learn, and staying on track. There is a large amount of preparation required to be ready for the exam, and it can be tough to know if you’re covering the right material, in enough depth, and at the right pace. It can also be challenging to stay accountable during your preparation.
    • Ways to tackle this challenge include staying in touch with others in the community who are also preparing to take the exam (see General & Communities section below). Ask yourself how different concepts relate, and look for areas across domains that are referential. Use test banks to find areas where you need further study.
  • Questions to ask on learning resources: aligning resources with the way you best learn is important. For me, reading, and writing out concepts helps me internalize them. Audio or videos help reinforce what I’ve learned. Your best learning modalities may be the opposite of mine. But it’s important to recognize and pursue the types of resources that best help you learn. See the areas below for different types that may best meet your needs.
  • My Approach: in preparing for the exam, I drew from a variety of sources to get a balanced viewpoint. I’ve used the Sybex Official Study Guide as my baseline, incorporating other material (such as the All-in-One guide by Maymi, Harris et al. – see below) to supplement with alternative explanations. Pete Zerger’s Exam Cram, and Destination Certification’s Mindmap YT videos are good resources that can help you keep perspective on what’s important. For testing, I used the OSG practice tests to start, then incorporated Learnzapp, and QuantumExams to gauge weak areas.
  • Memorization approach: my memorization techniques include using acronyms to remember items in a list, and creating visualizations and picmonics to aid recall. Don’t discount mindmaps and diagrams to help in keeping track of how areas or components fit together. Verbalizing answers via flashcards or studying with a friend (instead of just passively reading) can provide an additional channel to help your brain synthesize the material.

Reference Material

  • Books:
  • Courses/videos:
  • Mobile Apps:
    • I’ve found the Learnzapp to be useful, with study questions, flashcards, and practice tests (note that you’ll need a subscription to take advantage of most of these features).
    • Destination Certification app is a great resource with flashcards, acronyms, and glossary.
  • Practice Tests:
    • OSG and All-in-One Exam Guide practice tests: once you’ve traversed the OSG material, these tests are a good baseline.
    • CISSP Exam Prep users have commented on the “tricky questions” in this test bank; that might be a distraction or conversely force you to pay closer attention, depending on your POV; note that you’ll need a subscription ($24.99 for 6 months).
    • CertPreps user comments range from “very realistic” to “will make you worry unnecessarily.” Many questions focus on identifying the “most” significant/effective strategy/benefit, or “highest” priority.
    • CCCure freepracticetests.org redirects to CCCure, which requires a subscription (from single-user 1 month @ $59.99 to 12 months @ $149.99). I took a practice test and found it underwhelming, but YMMV.
    • QuantumExams helps to identify where you need work on understanding concepts holistically. The questions are challenging, but scenarios and descriptions are more like the exam than other tests.
  • General & Communities:
    • Understand Bloom’s Taxonomy: a framework used by educators and exam creators to guide learning or exam objectives. Cross-reference words used in the exam objectives with the framework to understand the specific meaning, and to guide the level of study required to master.
    • CISSP Study Group: this is a great place to share resources, get advice, and connect with peers studying cybersecurity.
    • Head over to the Certstation for support and communion with fellow travelers.

Note: You are advised to do your own analysis to determine what will be helpful to you in your study. The author disclaims all warranties, express or implied, regarding the accuracy, adequacy, or completeness of the contents of this material and explicitly disclaims any implied warranties of merchantability or fitness for a particular purpose. The publisher/author shall not be held liable for any damages, whether direct, indirect, incidental, special, consequential, or punitive.

Study Guides By Domain