The Secret 11th CISSP Domain: Understanding How to Learn, How to Study and How to Take A Test

Why didn't I take the blue pill?

I took this personality test in high school, the teacher was finishing up his masters or PHD or something and he passed out these self-examination tests to the class.  It focused on how one learns.  I remember answering a question regarding how I learned with one answer then basically getting the same question later on and answering it differently!  I remember thinking, “I have no clue how I learn”.  “Are there different styles or methods?”  I just didn’t know!

Fast forward 20 years, one failed CISSP exam behind me and a year of studying ahead; I had to figure out how I learned, how to study and how to pass a freaking test as I prepared for the CISSP exam 2.0!   The process that I went through to prepare and pass the (second) CISSP exam taught me a lot about how to study, learn and take the hardest exam I have ever taken!

OK, here’s the point:  Identifying how YOU learn and identifying the best study and test methods that work for YOU are vitally important to passing the CISSP exam.

I’m convinced of this:  Understanding how one learns, how to study and how to take a test could be the difference between passing or failing.  Especially those that have failed multiple times and feel like they have studied their asses off and can’t possibly memorize or cram any more security info into their brain, lest it will explode!  Take pause, take an introspective inventory, do some research on learning, studying and test taking and then switch gears.  Think of this as the secret eleventh domain.

I am not going to spend a lot of time talking about how one learns in general, it is just too vast of a topic.  If you read through the rest of this post and simply can’t identify with any of it, then please keep searching and take the time to understand what it is that makes you tick.  Take a few personality tests to see what type of social person you are.  Are you an introvert or extrovert.  This answers the question of if you should study alone or in a group.  If you have some sort of learning disability then you really need to spend some time understanding yourself and how to overcome and be successful.  Talk with experts.  This will help you in all areas of your life.  Do yourself a favor and seek professional educational counseling.  Are you ADD?  Then you have to structure your studying accordingly by eliminating distractions and stick to a more formal plan.

Open Brain, Insert Content

Remember the scene from the sci-fi movie The Matrix when Neo (Keanu Reeves) is learning how to fight?  They plug this cable into his head, they download all these different styles of martial arts, Neo’s eyes are fluttering and all of a sudden his eyes pop open and he says “I know Kung Fu”?  [In my best Chris Farley Impersonation]:  “Yeah that was really awesome”.  Bad news:  That  ONLY happens in the movies!

Book Worms

How do you get the info from the 10 CISSP CBKs into your head, process them into an organized and memorable fashion so that you can regurgitate all that info when it counts on the exam?  I know some folks who can take a book, read it from cover to cover and then KNOW the concepts and understand the subject.  They can turn around and put all of that knowledge into practice.  People who can do this are pretty smart people.  And I can’t begin to relate to these type of people!  If you are one of these people you are probably in pretty good shape.  Use Shon Harris‘ CISSP All-in-One Exam Guide and the Official (ISC)2 Guide to the CISSP CBK.  I started out by myself with Shon Harris’ book.  I read and read, I highlighted, I underlined, I wrote in the book, I tabulated the book with sticky tabs and sticky bookmarks.  Although I could find just about any topic fairly easily I wasn’t getting very deep and although I was learning, I was not memorizing and wasn’t able to regurgitate on any kind of detailed level.  It was a lot of dry reading, I saw the words, but, what did they mean?  And most of all how can I apply the knowledge to different situations?  So I was reading and re-reading which was a waste of time for me.  Reading books are great for some people.  But I needed more.
–(CISSP book resources & practice test info:  http://inchdeepmilewide.wordpress.com/cissp-resources/)

Experience

Some people like to just dig in, start taking stuff apart, or building something and they just learn as they go.  They start by taking the engine all apart for no real good reason but to learn how to put it all back together again.

Most of the time there is only a part or two left over!

They have to touch, they have to feel, they crack the manual now and again when they get stuck but at the end of the day they have a re-built engine in their car and most of the time there is only a part or two left over!  The other HUGE caveat-it took them 5 years to put it all back together.  Gaining experience takes time.  Most people who have extensive technical experience fall into this category.  There’s simply no substitute for time and experience gained, and if you have enough of it, most likely the CISSP exam will be cake for you.  If your background is deep and wide most likely the practice tests will be fairly easy.  If they are not, dig deeper and wider.  Can you turn around and teach it?  That’s the level of knowledge required to pass the CISSP.  If yes you are set, if you fumble a bit, keep going.  Although I have 5 plus years in a network security group, my background is not in building networks or building server systems or managing firewalls and routers.  Even if you can teach the telecom domain in your sleep you may struggle with the more in-depth security concepts.

My co-worker falls into these first two categories.  He can read a book or manual from cover to cover and he can turn around and explain it in technical and deep articulation.  He has been in the technology and telecom industry for 30 plus years and he paid very close attention.  He can program in several languages, not only build a PC but explain how it works in detail, he can re-build a car engine while he explains the history and physics behind every detail.  He is by far the smartest person I know.  He finished the exam in just over 3 hours and he passed his first time out.  The other 99,9% of the population just do not function this way!  There’s hope…keep reading.
–(Practice test info:  http://inchdeepmilewide.wordpress.com/cissp-resources/)

Back to School

Many people are traditional student learners, they can listen to or watch lectures, take quality notes, make study cards, study in groups, create cheat sheets and take practice tests.   Most classrooms fall into this category.  If college was the best learning experience of your life then this is for you!  If this is definitely you skip reading a book from cover to cover and please, don’t bother with an expensive boot camp. Purchase a couple of video (Shon Harris CISSP Video Seminar) and/or audio lectures (Management 414 SANS +S Training Program for the CISSP Certification Exam presented  by Eric Cole or enroll in college classes or a semester worth of classes that focus on CISSP.  If you thrive in a classroom spend the time and money and take a few quality instructor-led courses either in a real classroom or find something outside of your home (like a conference room or library) and create your own personal classroom.  For the most part I used this method.  I took a book with me to a conference room that I would turn into a classroom.  I found a study buddy and we watched a couple of different Shon Harris’ lectures, listened to an audio lecture and paid for online video lectures.  For the most part this worked for me.  If you are a social learner like me, take classes or create a classroom environment with others.
–(CISSP resources & practice test info:  http://inchdeepmilewide.wordpress.com/cissp-resources/)

Note To Self:  Take Better Notes!

Remember taking notes in school?  Of course you do!   Taking notes and studying them solidifies and reinforces what you’ve been hearing and seeing.  There are many different methods of taking notes.  There are outline techniques, term/definition techniques, shorthand, flash cards and the list goes on and on.  If you struggle in this area find a book or a webinar or lecture or a college orientation class or materials that focus on taking notes!  Heck, find a person who can take excellent notes and learn from them.  I have excellent index-style study cards, but I don’t want to merely give them to you because as you make them yourself you are organizing and learning!  And of course the last word on notes is to actually review them, study them.  I took way too many notes that I never looked at after I penned or typed them.  That was just stupid.

How to take a test

Unless you have a photographic memory, very few people have some magical edge when taking tests.  Stick to the basics:

• Spend the night at or near where the exam will be given
• Don’t cram
• Go to bed early-take a Tylenol PM (Benadryl) if you are restless
• Awake at least 2 hours before the exam doors open
• Eat a healthy and hefty breakfast
• Arrive before the doors open, check in find a good seat
• Turn off all noisy electronics, don’t just mute or vibrate, pack the distractions away, forget about them
• Bring Your Registration Letter and ID
• Bring food and drink
• Bring your own #2 pencils and a huge eraser
• Bring meds in case of a headache
• Take notes on the test-mark the questions you don’t know or aren’t sure of (use different markings)
• Circle the answer on the test THEN transfer the answer to your answer sheet
• Read the question carefully and completely
• Read all answers before choosing an answer
• Answer all questions
• First answers are usually right-but mark and review those that were a complete guess
• Take breaks-at least one per 60 to 90 minutes
• Break the test up into sections and when you reach the end reward yourself with a break, go potty, walk around or stretch for a minute or two, relax, consume food and drink, get back to it.
• Pay attention to the time
• Use all 6 hours, if you finish early take a break, review, then review again
• Be one of the last to leave

I think I am pretty good at taking tests in general-mostly because I commit to an answer and move on.  Most of the time if you know it, you know it, and if you don’t you don’t.  Failing the exam the first time simply told me I wasn’t quite prepared enough.

However, some people are worse at taking tests in general than others.  Some people suffer from test anxiety.  Some people psych themselves up for failure or get overly nervous or anxious or just freak out once they get the test in front of them.  From eHow.com, “Relax on the day of the test. Once you’re in the testing room, you can do nothing more to prepare. Worrying when you can do nothing more to improve your chances of scoring high on the test will affect your performance.”  People do weird things like read things into the questions that’s not there or second guess everything.  Although most of these folks know the content and understand the concepts they’ve studied, they are a completely different person as they take the real exam.  They go slower or faster, their minds go blank, they sweat, they have negative conversations with themselves, etc.  If you are one of these people then you HAVE to figure out a way to compensate.  Train your mind to take the exam.  Take lots of practice tests.  Take many long 250 question practice test.  Print out a practice test with the questions and use a Scantron to record the answers-just like the real exam.  Time yourself.  Pace yourself.  Find new questions so you’re not memorizing the question and answer rather than learning the concepts. Take practice tests at a crowded McDonald’s.

Knowledge is Power

Finally, learn from others’ experiences and mistakes and successes.  Walking into the exam my first time and sitting down to take the exam was like ice cold water or a bitchslap to the face-it was incredibly painful, frustrating and shocking.  Read my personal experiences.  Join CISSP forums.  Read security blogs.