My study material recommendations!

Always preview any materials before buying them to make sure they match your learning style.

  • 34 hours of CISSP videos
  • 5,000+ CISSP questions 625 Hard CISSP questions
    750 Complex questions
    3,250 Easy/Mid questions
    - Both as Exam emulation and Per-Domain tests
    201 Major Topic questions
    240 End of Domain questions
  • Updated for the 2024 curriculum
  • A 300-page CISSP PDF study guide 120-page CISSP PDF quick sheets
    CISSP PDF Mnemonics .
    A CISSP study plan
  • The 24/7 CISSP ThorBot (chatbot)
  • 2,500 CISSP Flashcards
  • A 2,500 word CISSP glossary
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil),
    French, Arabic, Chinese, Japanese and Hindi
  • Lifetime or 12-months access

12-months Access $299.95

I definitely pass the exam in less than 1 year.

Lifetime Access $399.95

Lifetime Access please, you just never know.

I recommend getting Luke Ahmed's CISSP course as well, always get diverse resources for something as complex as the CISSP:

StudyNotesandTheory by Luke Ahmed

Luke Ahmed's full CISSP course! - 2024

💻 44 hours of CISSP videos
📝 800 CISSP practice questions
📖 1,450 flashcards
$44.99 per month, $119.99 for 3 months

I recommend getting 2-4,000 Easy/Mid questions and 1-2,000 Hard/Complex questions.

Hard questions are my hard questions, Boson, and Luke Ahmeds.
Complex Questions are mine and some of Luke's.

Don't need the Complete bundle?
You can get the Questions ONLY.​

No Videos, Flashcards, Chatbot, or Glossary.

Easy, Mid, Hard, Complex CISSP questions Only

12-months access $224.95

I definitely pass the exam in less than 1 year.

Lifetime Access $299.95

Lifetime Access please, you just never know.

Hard/Complex CISSP questions Only

12-months access $119.95

I definitely pass the exam in less than 1 year.

Lifetime Access $159.95

Lifetime Access please, you just never know.

Get the 900 CISSP Boson questions at a discount! - 2024 exam ready

Boson ExSim-Max for CISSP
As a current student of ThorTeaches, you can get a discount on the Boson test.

CISSP OSG 2024 book

The Sybex CISSP questions

2024 ISC2 CISSP Official Study Guide (OSG) 4th Edition practice tests – preorder - Price ~$42

I recommend getting the OSG, Luke's and Wentz Wu's books

When the AIO book is released for the 2024 exam, I also recommend getting it.

CISSP OSG 2024 book

The Official Sybex book:

2024 ISC2 CISSP Official Study Guide (OSG) 10th Edition $70

CISSO AIO BOOK

The CISSP AIO book

2024 version – CISSP All-in-One Exam Guide 10th Edition – No publication date yet. For the 2021 update the AIO CISSP book was out in December.

2021 version – CISSP All-in-One Exam Guide 9th Edition – $55

CISSP LUKE Ahmed BOOK

Luke Ahmed's Think like a manager - 2024 Ready

How To Think Like A Manager for the CISSP Exam – Luke Ahmed $25

effective CISSP WENTZ WU BOOK

Wentz Wu's Effective CISSP - 2024 Ready

The Effective CISSP: Security and Risk Management – Wentz Wu $30

💻 2.5 hours of videos on how to study for your CISSP, find the materials, make your own study plan, approach practice questions, and much more.
📖 An 18-page study guide made from all the videos with links.
📖 CISSP Mnemonics.
📖 A CISSP study plan.

Free questions:

 

Study Guides:

 

Other:

 

All relevant NIST documents

General CISSP links:

General CISSP Links

Computer Fraud and Abuse Act of 1986 (CFAA)

CIA Triad

COBIT

Computer Ethics Principles

Copyright

Copyright Fair Use Index

Corporate IT governance

Due Diligence

Electronic Communications Privacy Act of 1986 (ECPA)

EU Artificial Intelligence Act (AI Act)

European Union Agency for Cybersecurity (ENISA)

Framework for Improving Critical Infrastructure Cybersecurity

Gap Analysis

General Data Protection Regulation (GDPR)

Gramm-Leach-Bliley Act

Governance, risk management, and compliance (GRC)

HIPAA

Information privacy

Information privacy law

Information security

Information Security Governance

Information Security Management

Information security policies

Intellectual property

ISO

ISO/IEC 27000-Series

IT law

NIST SP 800-30 Framework

Non-Disclosure Agreement

OECD Privacy Framework

Organizational Processes

Patent

Patriot Act

PCI-DSS

Sarbanes-Oxley Act

Security Breach Notification Laws

Trademark

PCI Security Standards Council

ISO 22301 Standard

COBIT ISACA resources

Committee of Sponsoring Organizations (COSO)

End-User License Agreement (EULA)

FedRAMP

NIST

NIST SP 800-12 Rev. 1

NIST SP 800-37 Rev. 1

NIST SP 800-37 Rev. 2

NIST SP 800-53

IT Risk

IT risk management

Risk

Risk – Attackers/Attacks

Risk Assessment

Risk Management

Risk management tools

Threat Modeling

Threat Modeling Process Article

Key Risk Indicator

Supply chain risk management

Separation of duties

Security Awareness Training

Software supply chain

Business continuity

Business Continuity Planning

ISC2 Ethics

OCTAVE

The Business Continuity Institute

Capital Expenditure

Center for Internet Security (CIS)

ITIL Framework

Montreal Protocol

Operating Expense

RACI Charts

Rainbow Series

SABSA

SWOT Analysis

Wassenaar Arrangement

 

Address Resolution Protocol (ARP)

Bluetooth

Cellular Network

Cellular/Mobile Networks

Challenge-Handshake Authentication Protocol (CHAP)

Cisco Internetworking Basics

Classless Inter-Domain Routing (CIDR)

Computer Networking

Content Distribution Networks (CDN)

Converged Protocols

Data Communications

Distance-Vector Routing Protocol

Domain Name System (DNS)

Dynamic Host Configuration Protocol (DHCP)

Ethernet

Fiber-Optic

File Transfer Protocol (FTP)

Firewalls

Frame Relay

Global Area Network (GAN)

Internet Assigned Numbers Authority (IANA)

Internet Control Message Protocol (ICMP)

IP Addresses

IPv4

IPv6

Layer 1-3 Devices

MAC Address

Micro-Segmentation

Modems

Multiprotocol Label Switching (MPLS)

Network Access Control

Network Management

Network Switch

Network topology

OSI Model

Ping Networking Utility

Quality of Service (QoS)

Remote access service

Remote Desktop Protocol (RDP)

Remote desktop software

Router

Routing Protocols

Satellite Internet Access

Secure Access Service Edge

Secure Communication Channels

Secure Shell (SSH)

Simple Network Management Protocol (SNMP)

Software Defined Networks

TCP and UDP Port Numbers

TCP/IP Model

Transmission Control Protocol (TCP)

Transmission Media

Twisted Pair

User Datagram Protocol (UDP)

Virtual Private Network (VPN)

VLAN

Voice over IP (VoIP)

WAN Protocols

WiFi

Wireless Access Point

Wireless LAN

Wireless Networks

Zero Trust

ZigBee

Transport Layer Security (TLS)

Denial-of-Service Attack

Eavesdropping

Intrusion detection system

Carrier-Sense Multiple Access (CSMA)

Coaxial Cable

Duplex

Diameter Protocol

Internet Architecture Board

Storage area network (SAN)

 

  • 32 hours of CISM videos
  • 900 CISM questions
  • 2,500 CISM Flashcards
  • Updated for the 2022 curriculum
  • A 200-page CISM PDF study guide CISM PDF Mnemonics
    A CISM study plan
  • The 24/7 CISM ThorBot (chatbot)
  • A 2,500 word CISM glossary
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil),
    French, Arabic, Chinese, Japanese and Hindi
  • Lifetime or 12-months access

12-months access $119.95

I will definitely finish studying in less than 1 year.

Lifetime Access $159.95

Lifetime Access please, you just never know.

I think the CISM QAE questions are critical to passing.

They are retired CISM exam questions, you will learn exactly HOW ISACA asks the questions

CISM QAE book

The official ISACA QAE questions

CISM Review QAE, 10th Edition (2022)
$140 on Amazon – totally worth it!

CISM AIO Questions book

The CISM AIO questions

CISM AIO Practice Exams 1st Edition $26

I recommend the CISM AIO book over the official book. The CISM AIO is better, in more in detail, and cheaper.

CISM AIO BOOK

The CISM AIO book

CISM AIO (All-in-One)
Exam Guide 2nd Edition
$42 on Amazon

CISM Official BOOK

The official CISM book

CISM Review Manual (2022)
16th Edition by ISACA
$140 on Amazon – Official book

General CISM links:

General CISM Links

Separation of duties

Security Awareness Training

Software supply chain

Digital rights management (DRM)

Asset management

Software as a Service (SaaS)

Data at rest

Data Destruction

Data in transit

Data in use

Data Protection Methods

Data Remanence

Data loss prevention (DLP) software

Information Lifecycle

Modern Encryption

Chain of trust

Firmware

Flash Memory

Memory Protection

Verification and Validation

Computer Security

Security Models

Bell-LaPadula Model

Biba Model

Clark–Wilson model

Graham-Denning Model

Physical security

Cloud Access Security Broker (CASB)

Cloud computing

Cloud computing security

Cloud Security Article

Cloud Security Threats Article

Defense in Depth

Distributed Systems

Edge Computing

Embedded Systems

Hypervisor

Industrial Control Systems

Infrastructure as a Service (IaaS)

Internet of things (IoT)

IoT Security Guidelines

Platform as a Service (PaaS)

Serverless Computing

Virtual Private Cloud

Virtualized Systems

Asymmetric Encryption

Cryptographic Nonce

Cryptography

Digital Signatures

Encryption

Hashing

Hybrid Cryptosystem

Initialization Vector

IPSec

Key Management

One-Time Pad

Pretty Good Privacy (PGP)

Public Key Infrastructure

Secure Defaults

Secure Design Principles

Security by Design Principles

Symmetric Encryption

Architectural Design

Common Criteria

Covert Channels

Emerging Technologies

Fault Injection

Hardware Architecture

Harrison-Ruzzo-Ullman (HRU) Model

Microservices

Multilevel security

Operating System Kernel

Server (computing)

System integration

Trusted Computer System Evaluation Criteria (TCSEC)

Trusted Platform Module

Address Resolution Protocol (ARP)

Bluetooth

Cellular Network

Cellular/Mobile Networks

Challenge-Handshake Authentication Protocol (CHAP)

Cisco Internetworking Basics

Classless Inter-Domain Routing (CIDR)

Computer Networking

Content Distribution Networks (CDN)

Converged Protocols

Data Communications

Distance-Vector Routing Protocol

Domain Name System (DNS)

Dynamic Host Configuration Protocol (DHCP)

Ethernet

Fiber-Optic

File Transfer Protocol (FTP)

Firewalls

Frame Relay

Global Area Network (GAN)

Internet Assigned Numbers Authority (IANA)

Internet Control Message Protocol (ICMP)

IP Addresses

IPv4

IPv6

Layer 1-3 Devices

MAC Address

Micro-Segmentation

Modems

Multiprotocol Label Switching (MPLS)

Network Access Control

Network Management

Network Switch

Network topology

OSI Model

Ping Networking Utility

Quality of Service (QoS)

Remote access service

Remote Desktop Protocol (RDP)

Remote desktop software

Router

Routing Protocols

Satellite Internet Access

Secure Access Service Edge

Secure Communication Channels

Secure Shell (SSH)

Simple Network Management Protocol (SNMP)

Software Defined Networks

TCP and UDP Port Numbers

TCP/IP Model

Transmission Control Protocol (TCP)

Transmission Media

Twisted Pair

User Datagram Protocol (UDP)

Virtual Private Network (VPN)

VLAN

Voice over IP (VoIP)

WAN Protocols

WiFi

Wireless Access Point

Wireless LAN

Wireless Networks

Zero Trust

ZigBee

Transport Layer Security (TLS)

IAAA Framework

Attribute-based access control (ABAC)

Access Control

Access control link 2

Access Control Matrix

Access management

Active Directory

Authentication

Authorization

Credential Management Systems

Discretionary access control (DAC)

Federated Identity Management FIDM

Identity management

Identity Provisioning

Identity verification service

Least Privilege

Mandatory access control (MAC)

Mobile Device Management

Mobile Device Security

Multi-factor authentication

Mutual Authentication

Network Authentication

Password Authentication Protocol (PAP)

Privilege Escalation

Role-based access control (RBAC)

Service Accounts Management

Single Sign-On

System Access

Type 1 Authentication

Type 3 Authentication

Challenge-Response Authentication

Extensible Authentication Protocol (EAP)

Kerberos

RADIUS

Salting

Session Management

TACACS

Security Account Manager

Security Controls Testing

Vulnerability Mitigation

Core Security Penetration Testing Services

Code Review and Testing

Continuous Monitoring

Kali Linux

Coverage Analysis

Dynamic Testing

Fire Sprinkler System

Physical Information Security

AI in Security

Antivirus software

Application Positive-listing

Configuration Management

Endpoint Security

Keystroke Logging

Logging and Monitoring

Patch Management

Sandboxing

Security Tools

SIEM Article

Software deployment

Artificial Intelligence (AI)

Managed security service

Managed Services

API Security

Application Programming Interface (API)

Database security

Databases

2021 OWASP Top 10

Application Security

Buffer Overflow

CI/CD

DevOps

Integrated Development Environment

Integrated Product Team

OWASP

OWASP Main Page

OWASP Top 10

OWASP Vulnerability Category

Secure SDLC Principles and Practices

Software Configuration Management

Software Vulnerabilities

Source-Code Security

Agile

All-Pairs Testing

Continual improvement (CI) process

Secure Coding Guidelines

Software development

Software Development Methodologies

Software Testing

Systems development life cycle SDLC

Version control

  • 17 hours of Certified in Cybersecurity videos
  • 1,700 CC questions 17x 100 question tests
    60 After Topic questions
  • Updated for the 2022 curriculum
  • A 120-page CC PDF study guide CC PDF Mnemonics
    A CC study plan
  • The 24/7 CC ThorBot (chatbot)
  • 2,500 CC Flashcards
  • A 2,500 word CC glossary
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil),
    French, Arabic, Chinese, Japanese and Hindi
  • Lifetime or 12-months access

12-months access $49.95

I definitely pass the exam in less than 1 year.

Lifetime Access $64.95

Lifetime Access please, you just never know.

There are no CC practice question only books or engines as of now, but my Complete CC course has over 1,750 CC practice questions.

  • 17 hours of Certified in Cybersecurity videos
  • 1,700 CC questions 17x 100 question tests
    60 After Topic questions
  • Updated for the 2022 curriculum
  • A 120-page CC PDF study guide CC PDF Mnemonics
    A CC study plan
  • The 24/7 CC ThorBot (chatbot)
  • 2,500 CC Flashcards
  • A 2,500 word CC glossary
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil),
    French, Arabic, Chinese, Japanese and Hindi
  • Lifetime or 12-months access

12-months access $49.95

I definitely pass the exam in less than 1 year.

Lifetime Access $64.95

Lifetime Access please, you just never know.

I think the Cybersecurity Fundamentals from ISACA is a better study book of the ones below, but pick one that is written in a style that you like.

ISACA Certified in Cybersecurity book

Cybersecurity Fundamentals Study Guide, 3rd Edition

Definitely my recomnded CC book ~$44

Certified in Cybersecurity book OSG

CC Certified in Cybersecurity Study Guide (Sybex)

A good study guide, I still like the ISACA one better $25

Certified in Cybersecurity AIO book

CC Certified in Cybersecurity All-in-One Exam Guide 1st Edition

A good study guide, I still like the ISACA one better $30

Certified in Cybersecurity official book

Official ISC2 Certified in Cybersecurity (CC) eTextbook

The official book, lacked a lot of topics when I read it $30

There are not a ton of free study materials for the Certified in Cybersecurity (CC) since it is relatively new.

Some of the materials below are for the CISSP, but many topics are relevant.
When you sign up for the exam, you also get a 6-hour video course.
It is not enough to pass the exam on its own but it is a start and it is free.
https://www.isc2.org/landing/1MCC

Free questions:

Study Guides:

 

Other:

 

All relevant NIST documents

General Certified in Cybersecurity Links

Software as a Service (SaaS)

Cloud Sccess Security Broker (CASB)

Cloud computing

Cloud computing security

Cloud Security Article

Cloud Security Threats Article

Containerization

Defense in Depth

Distributed Systems

Edge Computing

Embedded Systems

Hypervisor

Industrial Control Systems

Infrastructure as a Service (IaaS)

Internet of things (IoT)

IoT Security Guidelines

Platform as a Service (PaaS)

Serverless Computing

Virtual Private Cloud

Virtualized Systems

Address Resolution Protocol (ARP)

Bluetooth

Cellular Network

Cellular/Mobile Networks

Challenge-Handshake Authentication Protocol (CHAP)

Cisco Internetworking Basics

Classless Inter-Domain Routing (CIDR)

Computer Networking

Content Distribution Networks (CDN)

Converged Protocols

Data Communications

Distance-Vector Routing Protocol

Domain Name System (DNS)

Dynamic Host Configuration Protocol (DHCP)

Ethernet

Fiber-Optic

File Transfer Protocol (FTP)

Firewalls

Frame Relay

Global Area Network (GAN)

Internet Assigned Numbers Authority (IANA)

Internet Control Message Protocol (ICMP)

IP Addresses

IPv4

IPv6

Layer 1-3 Devices

MAC Address

Micro-Segmentation

Modems

Multiprotocol Label Switching (MPLS)

Network Access Control

Network Management

Network Switch

Network topology

OSI Model

Ping Networking Utility

Quality of Service (QoS)

Remote access service

Remote Desktop Protocol (RDP)

Remote desktop software

Router

Routing Protocols

Satellite Internet Access

Secure Access Service Edge

Secure Communication Channels

Secure Shell (SSH)

Simple Network Management Protocol (SNMP)

Software Defined Networks

TCP and UDP Port Numbers

TCP/IP Model

Transmission Control Protocol (TCP)

Transmission Media

Twisted Pair

User Datagram Protocol (UDP)

Virtual Private Network (VPN)

VLAN

Voice over IP (VoIP)

WAN Protocols

WiFi

Wireless Access Point

Wireless LAN

Wireless Networks

Zero Trust

ZigBee

Core Security Penetration Testing Services

AI in Security

Antivirus software

API Security

Application Programming Interface (API)

Attacks on Cryptography

Brute Force Attack

MITM Attack

Denial-of-Service Attack

Eavesdropping

Intrusion detection system

0-day Attacks

Pen Testing Tools

Penetration Testing

Security Fuzzers

Honeynets/Honeypots

Malware

Carrier-Sense Multiple Access (CSMA)

Coaxial Cable

Duplex

Data Classification

Data Collection

Data Retention

Auditing and Logging

Information security audit

IT Audits

NIST SP 800-115

Security Audits

NIST SP 800-92

Change Management

Security Assessments

Vulnerability Assessments vs. Penetration Tests

Security Awareness Training

Data at rest

Data Destruction

Data in transit

Data in use

Data Protection Methods

Data Remanence

Data loss prevention (DLP) software

Information Lifecycle

Modern Encryption

Cryptographic Nonce

Cryptography

Digital Signatures

Encryption

Hashing

Hybrid Cryptosystem

Initialization Vector

IPSec

Key Management

One-Time Pad

Pretty Good Privacy (PGP)

Public Key Infrastructure

Secure Defaults

Secure Design Principles

Security by Design Principles

Symmetric Encryption

Transport Layer Security (TLS)

Challenge-Response Authentication

Extensible Authentication Protocol (EAP)

Kerberos

RADIUS

Salting

Session Management

TACACS

Code Review and Testing

Continuous Monitoring

Kali Linux

Application Positive-listing

Configuration Management

Endpoint Security

Keystroke Logging

Logging and Monitoring

Patch Management

Sandboxing

Security Tools

SIEM Article

Software deployment

Database security

Databases

2021 OWASP Top 10

Application Security

Buffer Overflow

CI/CD

DevOps

Integrated Development Environment

Integrated Product Team

OWASP

OWASP Main Page

OWASP Top 10

OWASP Vulnerability Category

Secure SDLC Principles and Practices

Software Configuration Management

Software Vulnerabilities

Source-Code Security

Metasploit

Nessus Software

Password Cracking

Rainbow Table

Incident Handling and Response Plan

Phishing

Ransomware

Security information and event management (SIEM)

Security orchestration, automation and response (SOAR)

History of Cryptography