CISSP Tips and Tricks | How to find your study materials – Free resources

In this lecture, we’re going to continue to look at the materials you should use for your studying.
And in this video, we’re going to look at the free materials.
We just covered videos and books.
Now let’s look at the free resources and materials.
And I do that because that’s the order I think you need to use it in– videos, books, free materials and then questions.
But remember, 50% or more of your time is going to be spent on questions.
First, you gain the knowledge with the videos, the books and the other materials.
Then you take a practice test and then you go restudy using all the books, the videos and other.
And you do that studying until you’re clear on all the questions you got wrong on the test you just finished, why they’re wrong and you are at a point where you’re able to explain it.
Once you have done that for all the questions you had wrong, you do another test and then rinse, repeat, study everything you got wrong or you were in doubt of to a point where you able to explain it.
Now the test, more restudying.
So let’s start out with the free stuff and with OWASP.
OWASP is the open web application security project.
They do a ton of awesome things.
But for this certification what I would look at is the OWASP top 10 and you can find all that on owasp.org.
And when you go look, you can see there’s a 2013, a 2017, a 2021.
And I have many students who ask what, “Well Thor, should I do this one or that one?”
And the answer is yes, you should probably do all of them because just because a vulnerability is not in the current top 10, that doesn’t mean it stops being a vulnerability.
And you don’t need to know that 2021 number five is this.
That’s not how the exam works.
You get a description of an attack or a compromise and then you need to figure out what happened here.
And if you’re completely clear on all the OWASPs, how they work, where we can use them, where we wouldn’t use them, what we can do to mitigate that specific attack, well then you know what the question is asking and you can answer it, right.
Just like anything else on the exam.
It is very rarely definitions.
It is a scenario.
And in this scenario, this is what is happening or this is the best response.
Which then brings us to NIST.
And this is the National Institute of Standards and Technology.
I don’t think I’ve ever heard anyone refer to anything other than NIST.
It is a US government agency and we care about them because they publish a ton of different documents or as they call them, special publications that are relevant to your certification.
So if you go to Thorteaches.com/study, you can see all the resources that I recommend.
If you click on the tab that says free and scroll down, you can see all the NIST documents that are relevant for your certification.
There are 15, maybe 20, and some of them are pretty long.
And when students say, Thor, do I really need to know all that? Then, maybe is my best answer.
Here again, you don’t need to know that this NIST publication is that, but you need to understand how each of them work, why we use it, where we use it, when we use it, and how we use it.
It’s almost like I’m repeating myself, right?
So go to thorteaches.com/study, click on free and then go to the NIST publications and download them to your system.
Even if some of them are 300 pages long, the part that you need is maybe 30, 40, which then brings us to the free study guides.
Awesome, amazing materials.
They are all made by people who passed their CISSP exam and want to give back to the community.
First off, we have the Sunflower Notes made by Maarten de Frankrijker, 37 pages PDF and it really just is a memory dump or highlights for each of the domains, and for any of these study guides, I suggest reading them at least once early on in the studying, just after you do your book and then again the last month, month and a half, just to reaffirm all the topics.
Next up, we have the Memory Palace by Prashant Mohan again, PDF.
141 pages with tips and tricks, how to remember things, things that are important to focus on and some things on point of view.
And then as the last study guide, we have the CISPP study guide by Fadi Sodah or Madunix, again, PDF, 51 pages, very precise, very just to the point, this is exactly what this topic is.
Fadi has a unique experience in management and audit.
And you can see that in this document.
Very, very useful. That then brings us to the other stuff here.
First off, let’s look at the study groups and the forums, because being on this journey alone is super hard.
Why not go in and talk to someone else who studying for the CISSP just like you, who can have different points of view, who can help you topics that are difficult or just someone who’s there to listen.
First off, we have the Facebook groups.
Thorteaches on Facebook is just Facebook.com/groups/thorteaches, a lot of really good discussion, I post free practice questions, study guides and much, much more.
Than we have Study Notes and Theory.
Also a huge study group, Ahmed, by far the biggest CISSP study group on Facebook, I think 40,000 plus members, ton of a good discussion, sharing knowledge, and just an all around great community.
Then we have Effective CISSP by Wentz Wu, smaller group, but still a tremendous amount of great knowledge, great sharing of information and a great community.
And while Facebook is great for many things, it’s not really good for a natural organic discussion, which that brings us to the discord servers.
And there really only are two that I know of that are good.
My own, discord.Thorteaches.com that will take you to the invitation, and then certification station, discord.gg/certstation.
Both are great communities, but I have to be honest,certification station is amazing.
There are just so many active, super helpful people in there.
It is really what I was wanting when I built my server and something that I think is tremendously valuable in your studying.
And as the last two mentions here, Reddit, reddit.com/r/cissp, great community, really supporting, really helpful.
And on top of that, they have a ton of posts of this is how I did it.
This is how I passed my exam.
And then finally, glossaries, even though it is technically not for the CISSP, go look at the ISACA CISM glossary, there’s a ton of good information there that can help.
And just so you don’t have to remember, all the different things I mentioned here, all in this lecture, OWASP, NIST, study guides, Facebook groups, discord, reddit, everything you can find on thorteaches.com/study.
And with that, we are done with this lecture.
I will see you in the next one where we talk about practice questions.