My study material recommendations!
Always preview any materials before buying them to make sure they match your learning style.
-
34 hours of CISSP videos
-
5,000+ CISSP questions 625 Hard CISSP questions
750 Complex questions
3,250 Easy/Mid questions
- Both as Exam emulation and Per-Domain tests
201 Major Topic questions
240 End of Domain questions -
Updated for the 2024 curriculum
-
A 300-page CISSP PDF study guide 120-page CISSP PDF quick sheets
CISSP PDF Mnemonics .
A CISSP study plan -
The 24/7 CISSP ThorBot (chatbot)
-
2,500 CISSP Flashcards
-
A 2,500 word CISSP glossary
-
Subtitles English, Spanish (Latin America), Portuguese (Brazil),
French, Arabic, Chinese, Japanese and Hindi -
Lifetime or 12-months access
12-months Access $299.95
I definitely pass the exam in less than 1 year.
Lifetime Access $399.95
Lifetime Access please, you just never know.
I recommend getting Luke Ahmed's CISSP course as well, always get diverse resources for something as complex as the CISSP:
Luke Ahmed's full CISSP course! - 2024
💻 44 hours of CISSP videos
📝 800 CISSP practice questions
📖 1,450 flashcards
$44.99 per month, $119.99 for 3 months
I recommend getting 2-4,000 Easy/Mid questions and 1-2,000 Hard/Complex questions.
Hard questions are my hard questions, Boson, and Luke Ahmeds.
Complex Questions are mine and some of Luke's.
Don't need the Complete bundle?
You can get the Questions ONLY.
No Videos, Flashcards, Chatbot, or Glossary.
Easy, Mid, Hard, Complex CISSP questions Only
- 4,625 CISSP questions, including:
- 625 Hard CISSP questions
- 750 Complex questions
-
3,250 Easy/Mid CISSP questions
both as exam emulation and domain tests.
- CISSP Mnemonics
- Lifetime or 12-months unlimited access
- (Optional +$75) 900 Boson practice questions.
- Updated for the 2024 curriculum
12-months access $224.95
I definitely pass the exam in less than 1 year.
Lifetime Access $299.95
Lifetime Access please, you just never know.
Hard/Complex CISSP questions Only
- 625 Hard CISSP questions
- 750 Complex questions
- (Optional +$75) 900 Boson practice questions.
- CISSP Mnemonics
- Lifetime or 12-months unlimited access
- Updated for the 2024 curriculum
12-months access $119.95
I definitely pass the exam in less than 1 year.
Lifetime Access $159.95
Lifetime Access please, you just never know.
Get the 900 CISSP Boson questions at a discount! - 2024 exam ready
Boson ExSim-Max for CISSP
As a current student of ThorTeaches, you can get a discount on the Boson test.
The Sybex CISSP questions
2024 ISC2 CISSP Official Study Guide (OSG) 4th Edition practice tests – preorder - Price ~$42
I recommend getting the OSG, Luke's and Wentz Wu's books
When the AIO book is released for the 2024 exam, I also recommend getting it.
The Official Sybex book:
2024 ISC2 CISSP Official Study Guide (OSG) 10th Edition $70
The CISSP AIO book
2024 version – CISSP All-in-One Exam Guide 10th Edition – No publication date yet. For the 2021 update the AIO CISSP book was out in December.
2021 version – CISSP All-in-One Exam Guide 9th Edition – $55
Luke Ahmed's Think like a manager - 2024 Ready
How To Think Like A Manager for the CISSP Exam – Luke Ahmed $25
Wentz Wu's Effective CISSP - 2024 Ready
The Effective CISSP: Security and Risk Management – Wentz Wu $30
💻 2.5 hours of videos on how to study for your CISSP, find the materials, make your own study plan, approach practice questions, and much more.
📖 An 18-page study guide made from all the videos with links.
📖 CISSP Mnemonics.
📖 A CISSP study plan.
Free questions:
- Free daily CISSP practice questions (Facebook group)
- Wentz Wu QOTD (Blog)
- Adam Gordon QOTD (LinkedIn)
- IT Dojo (YouTube)
Study Guides:
- Study guide (free) – The Memory Palace – Prashant Mohan v5.0 – 2024 Exam Ready
- Study guide (free) – CISSP Process Guide – Fadi Sodah (madunix) v21.0
- Study guide (free) – Sunflower Notes – Maarten de Frankrijker v2.0
- Study guide – CISSP notes – Luc Desfosses
Other:
- CISSP Glossary – Student Guide
- NIST – RMF for Systems and Organizations Introductory Course
- Flash cards – Brainscrape
- Awesome Security – Github
- GDPR – Advisera
- OWASP top 10 – 2013
- OWASP top 10 – 2017
- OWASP top 10 – 2021
All relevant NIST documents
- NIST 800-30 – Guide for Conducting Risk Assessments
https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final - NIST 800-12 – An Introduction to Information Security
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final - NIST 800-34 – Contingency Planning Guide for Information Technology Systems https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
- NIST 800-37 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final - NIST 800-39 – Managing Information Security Risk: Organization, Mission, and Information System View
https://csrc.nist.gov/publications/detail/sp/800-39/final - NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organization
https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft - NIST 800-86 – Guide to Integrating Forensic Techniques into Incident Response https://csrc.nist.gov/publications/detail/sp/800-86/final
- NIST 800-88 – Guidelines for Media Sanitization
https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final - NIST 800-115 – Technical Guide to Information Security Testing and Assessment
https://csrc.nist.gov/publications/detail/sp/800-115/final - NIST 800-128 – Guide for Security-Focused Configuration Management of Information Systems
https://csrc.nist.gov/publications/detail/sp/800-128/final - NIST 800-137 – Information Security Continuous Monitoring
https://csrc.nist.gov/publications/detail/sp/800-137/final - NIST 800-145 – The NIST Definition of Cloud Computing
https://csrc.nist.gov/publications/detail/sp/800-145/final - NIST 800-46 – Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
https://csrc.nist.gov/publications/detail/sp/800-46/rev-2/final - NIST 800-61 Computer Security Incident Handling Guide
https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final - NIST 800-160 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
https://csrc.nist.gov/pubs/sp/800/160/v1/r1/final
Join certification study groups!
- Facebook – CISSP, CISM, CC, and PMP certification training and mentoring by Thor Teaches!
- Facebook – Effective CISSP by Wentz Wu
- Facebook – CISSP Exam Preparation – Study Notes and Theory!
- Discord study group CISSP, CISM, CC, PMP – by Thor Teaches.
- Discord study group Certification Station.
- Reddit – CISSP subreddit!
- Infosecinstitute forum!
Earn the CPEs you need!
- ISC2 explaining how the CPE’s work
- ISC2 – 500+ CPE’s available (Webinar).
- SANS – 500+ CPE’s available (Webinar).
- ISACA – 100+ CPE’s available (Webinar).
- Brighttalk – 100s of webcasts for ISC2 CPEs
- Infosecurity-magazine + 350+ CPE’s available (Webinar).
- wh1t3rabbit – 250+ CPE’s available (Podcast).
- OWASP 100+ CPE’s available (Podcast).
- org – 200+ CPE’s available (Podcast).
- org – 250+ CPE’s available (Online training).
- Coursera – 250+ CPE’s available (Online training).
- Securitytube – 10,000+ CPE’s available (Videos).
- Youtube – 100,000+ CPE’s available (Videos).
General CISSP links:
General CISSP Links
Recommended CISSP Study Groups:
CISSP Job outlooks:
Practical CISSP exam information:
CISSP Domain 1 links
Computer Fraud and Abuse Act of 1986 (CFAA)
Electronic Communications Privacy Act of 1986 (ECPA)
EU Artificial Intelligence Act (AI Act)
European Union Agency for Cybersecurity (ENISA)
Framework for Improving Critical Infrastructure Cybersecurity
General Data Protection Regulation (GDPR)
Governance, risk management, and compliance (GRC)
Information Security Governance
Information Security Management
Security Breach Notification Laws
PCI Security Standards Council
Committee of Sponsoring Organizations (COSO)
End-User License Agreement (EULA)
Threat Modeling Process Article
The Business Continuity Institute
Center for Internet Security (CIS)
CISSP Domain 2 links
CISSP Domain 3 links
CISSP Domain 4 links
Address Resolution Protocol (ARP)
Challenge-Handshake Authentication Protocol (CHAP)
Classless Inter-Domain Routing (CIDR)
Content Distribution Networks (CDN)
Distance-Vector Routing Protocol
Dynamic Host Configuration Protocol (DHCP)
Internet Assigned Numbers Authority (IANA)
Internet Control Message Protocol (ICMP)
Multiprotocol Label Switching (MPLS)
Simple Network Management Protocol (SNMP)
Transmission Control Protocol (TCP)
Transport Layer Security (TLS)
Carrier-Sense Multiple Access (CSMA)
CISSP Domain 5 links
CISSP Domain 6 links
CISSP Domain 7 links
Computer Security Incident Management
Disaster Recovery Solution Design
Post-Disaster Recovery Planning Forum Notes
Incident Handling and Response Plan
Security information and event management (SIEM)
Security orchestration, automation and response (SOAR)
User and entity behavior analytics (UEBA)
CISSP Domain 8 links
Application Programming Interface (API)
Integrated Development Environment
Secure SDLC Principles and Practices
Software Configuration Management
Continual improvement (CI) process
Software Development Methodologies
Systems development life cycle SDLC
Database Management System (DBMS)
Berkeley Software Distribution (BSD)
Computer-Aided Software Engineering (CASE)
Commercial off-the-shelf (COTS)
Object-Oriented Programming (OOP)
Rapid Application Development (RAD)
Relational Database Management System (RDBMS)
-
32 hours of CISM videos
-
900 CISM questions
-
2,500 CISM Flashcards
-
Updated for the 2022 curriculum
-
A 200-page CISM PDF study guide CISM PDF Mnemonics
A CISM study plan -
The 24/7 CISM ThorBot (chatbot)
-
A 2,500 word CISM glossary
-
Subtitles English, Spanish (Latin America), Portuguese (Brazil),
French, Arabic, Chinese, Japanese and Hindi -
Lifetime or 12-months access
12-months access $119.95
I will definitely finish studying in less than 1 year.
Lifetime Access $159.95
Lifetime Access please, you just never know.
I think the CISM QAE questions are critical to passing.
They are retired CISM exam questions, you will learn exactly HOW ISACA asks the questions
The official ISACA QAE questions
CISM Review QAE, 10th Edition (2022)
$140 on Amazon – totally worth it!
The CISM AIO questions
CISM AIO Practice Exams 1st Edition $26
I recommend the CISM AIO book over the official book. The CISM AIO is better, in more in detail, and cheaper.
The CISM AIO book
CISM AIO (All-in-One)
Exam Guide 2nd Edition
$42 on Amazon
The official CISM book
CISM Review Manual (2022)
16th Edition by ISACA
$140 on Amazon – Official book
Join certification study groups!
Earn the CPEs you need!
- ISACA CPE reporting FAQs
- CISM How to report and earn CPEs
- ISC2 – 500+ CPE’s available (Webinar).
- SANS – 500+ CPE’s available (Webinar).
- ISACA – 100+ CPE’s available (Webinar).
- Brighttalk – 100s of webcasts for ISC2 CPEs
- Infosecurity-magazine + 350+ CPE’s available (Webinar).
- wh1t3rabbit – 250+ CPE’s available (Podcast).
- OWASP 100+ CPE’s available (Podcast).
- org – 200+ CPE’s available (Podcast).
- org – 250+ CPE’s available (Online training).
- Coursera – 250+ CPE’s available (Online training).
- Securitytube – 10,000+ CPE’s available (Videos).
- Youtube – 100,000+ CPE’s available (Videos).
General CISM links:
General CISM Links
Recommended CISM Study Groups:
CISM Job outlooks:
Practical CISM exam information:
CISM Domain 1 links
Computer Fraud and Abuse Act of 1986 (CFAA)
Electronic Communications Privacy Act of 1986 (ECPA)
EU Artificial Intelligence Act (AI Act)
European Union Agency for Cybersecurity (ENISA)
Framework for Improving Critical Infrastructure Cybersecurity
General Data Protection Regulation (GDPR)
Governance, risk management, and compliance (GRC)
Information Security Governance
Information Security Management
Security Breach Notification Laws
PCI Security Standards Council
Committee of Sponsoring Organizations (COSO)
End-User License Agreement (EULA)
CISM Domain 2 links
CISM Domain 3 links
Digital rights management (DRM)
Data loss prevention (DLP) software
Cloud Access Security Broker (CASB)
Cloud Security Threats Article
Infrastructure as a Service (IaaS)
Harrison-Ruzzo-Ullman (HRU) Model
Trusted Computer System Evaluation Criteria (TCSEC)
Address Resolution Protocol (ARP)
Challenge-Handshake Authentication Protocol (CHAP)
Classless Inter-Domain Routing (CIDR)
Content Distribution Networks (CDN)
Distance-Vector Routing Protocol
Dynamic Host Configuration Protocol (DHCP)
Internet Assigned Numbers Authority (IANA)
Internet Control Message Protocol (ICMP)
Multiprotocol Label Switching (MPLS)
Simple Network Management Protocol (SNMP)
Transmission Control Protocol (TCP)
Transport Layer Security (TLS)
Attribute-based access control (ABAC)
Discretionary access control (DAC)
Federated Identity Management FIDM
Mandatory access control (MAC)
Password Authentication Protocol (PAP)
Role-based access control (RBAC)
Challenge-Response Authentication
Extensible Authentication Protocol (EAP)
Core Security Penetration Testing Services
Application Programming Interface (API)
Integrated Development Environment
Secure SDLC Principles and Practices
Software Configuration Management
Continual improvement (CI) process
Software Development Methodologies
-
17 hours of Certified in Cybersecurity videos
-
1,700 CC questions 17x 100 question tests
60 After Topic questions -
Updated for the 2022 curriculum
-
A 120-page CC PDF study guide CC PDF Mnemonics
A CC study plan -
The 24/7 CC ThorBot (chatbot)
-
2,500 CC Flashcards
-
A 2,500 word CC glossary
-
Subtitles English, Spanish (Latin America), Portuguese (Brazil),
French, Arabic, Chinese, Japanese and Hindi -
Lifetime or 12-months access
12-months access $49.95
I definitely pass the exam in less than 1 year.
Lifetime Access $64.95
Lifetime Access please, you just never know.
There are no CC practice question only books or engines as of now, but my Complete CC course has over 1,750 CC practice questions.
-
17 hours of Certified in Cybersecurity videos
-
1,700 CC questions 17x 100 question tests
60 After Topic questions -
Updated for the 2022 curriculum
-
A 120-page CC PDF study guide CC PDF Mnemonics
A CC study plan -
The 24/7 CC ThorBot (chatbot)
-
2,500 CC Flashcards
-
A 2,500 word CC glossary
-
Subtitles English, Spanish (Latin America), Portuguese (Brazil),
French, Arabic, Chinese, Japanese and Hindi -
Lifetime or 12-months access
12-months access $49.95
I definitely pass the exam in less than 1 year.
Lifetime Access $64.95
Lifetime Access please, you just never know.
I think the Cybersecurity Fundamentals from ISACA is a better study book of the ones below, but pick one that is written in a style that you like.
Cybersecurity Fundamentals Study Guide, 3rd Edition
Definitely my recomnded CC book ~$44
CC Certified in Cybersecurity Study Guide (Sybex)
A good study guide, I still like the ISACA one better $25
CC Certified in Cybersecurity All-in-One Exam Guide 1st Edition
A good study guide, I still like the ISACA one better $30
Official ISC2 Certified in Cybersecurity (CC) eTextbook
The official book, lacked a lot of topics when I read it $30
There are not a ton of free study materials for the Certified in Cybersecurity (CC) since it is relatively new.
Some of the materials below are for the CISSP, but many topics are relevant.
When you sign up for the exam, you also get a 6-hour video course.
It is not enough to pass the exam on its own but it is a start and it is free.
https://www.isc2.org/landing/1MCC
Free questions:
Study Guides:
- Study guide (free) – The memory palace – Prashant Mohan v4.0
- Study guide (free) – Sunflower notes – Maarten de Frankrijker v2.0
- Study guide (free) – CISSP Process guide – Fadi Sodah (madunix) v21.0
Other:
- CISSP Glossary – Student Guide
- NIST – RMF for Systems and Organizations Introductory Course
- Flash cards – Brainscrape
- Awesome Security – Github
- GDPR – Advisera
- OWASP top 10 – 2013
- OWASP top 10 – 2017
- OWASP top 10 – 2021
All relevant NIST documents
- NIST 800-30 – Guide for Conducting Risk Assessments
https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final - NIST 800-12 – An Introduction to Information Security
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final - NIST 800-34 – Contingency Planning Guide for Information Technology Systems https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
- NIST 800-37 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final - NIST 800-39 – Managing Information Security Risk: Organization, Mission, and Information System View
https://csrc.nist.gov/publications/detail/sp/800-39/final - NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organization
https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft - NIST 800-86 – Guide to Integrating Forensic Techniques into Incident Response https://csrc.nist.gov/publications/detail/sp/800-86/final
- NIST 800-88 – Guidelines for Media Sanitization
https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final - NIST 800-115 – Technical Guide to Information Security Testing and Assessment
https://csrc.nist.gov/publications/detail/sp/800-115/final - NIST 800-128 – Guide for Security-Focused Configuration Management of Information Systems https://csrc.nist.gov/publications/detail/sp/800-128/final
- NIST 800-137 – Information Security Continuous Monitoring
https://csrc.nist.gov/publications/detail/sp/800-137/final - NIST 800-145 – The NIST Definition of Cloud Computing
https://csrc.nist.gov/publications/detail/sp/800-145/final - NIST 800-46 – Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
https://csrc.nist.gov/publications/detail/sp/800-46/rev-2/final - NIST 800-61 Computer Security Incident Handling Guide
https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final - NIST 800-160 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
Join certification study groups!
- Facebook – CISSP, CISM, CC, and PMP certification training and mentoring by Thor Teaches!
- Facebook – Effective CISSP by Wentz Wu
- Facebook – CISSP/CC Exam Preparation – Study Notes and Theory!
- Discord study group CISSP, CISM, CC, PMP – by Thor Teaches.
- Discord study group Certification Station.
- Reddit – ISC2 subreddit!
- Infosecinstitute forum!
Earn the CPEs you need!
- ISC2 explaining how the CPE’s work
- ISC2 – 500+ CPE’s available (Webinar).
- SANS – 500+ CPE’s available (Webinar).
- ISACA – 100+ CPE’s available (Webinar).
- Brighttalk – 100s of webcasts for ISC2 CPEs
- Infosecurity-magazine + 350+ CPE’s available (Webinar).
- wh1t3rabbit – 250+ CPE’s available (Podcast).
- OWASP 100+ CPE’s available (Podcast).
- org – 200+ CPE’s available (Podcast).
- org – 250+ CPE’s available (Online training).
- Coursera – 250+ CPE’s available (Online training).
- Securitytube – 10,000+ CPE’s available (Videos).
- Youtube – 100,000+ CPE’s available (Videos).
General Certified in Cybersecurity Links
Recommended CC Study Groups:
CC Job outlooks:
Practical CC exam information:
Certified in Cybersecurity Domain 1 links
Computer Fraud and Abuse Act of 1986 (CFAA)
Electronic Communications Privacy Act of 1986 (ECPA)
EU Artificial Intelligence Act (AI Act)
European Union Agency for Cybersecurity (ENISA)
Framework for Improving Critical Infrastructure Cybersecurity
General Data Protection Regulation (GDPR)
Governance, risk management, and compliance (GRC)
Information Security Governance
Information Security Management
Security Breach Notification Laws
PCI Security Standards Council
Certified in Cybersecurity Domain 2 links
Certified in Cybersecurity Domain 3 links
Certified in Cybersecurity Domain 4 links
Cloud Sccess Security Broker (CASB)
Cloud Security Threats Article
Infrastructure as a Service (IaaS)
Address Resolution Protocol (ARP)
Challenge-Handshake Authentication Protocol (CHAP)
Classless Inter-Domain Routing (CIDR)
Content Distribution Networks (CDN)
Distance-Vector Routing Protocol
Dynamic Host Configuration Protocol (DHCP)
Internet Assigned Numbers Authority (IANA)
Internet Control Message Protocol (ICMP)
Multiprotocol Label Switching (MPLS)
Simple Network Management Protocol (SNMP)
Transmission Control Protocol (TCP)
Core Security Penetration Testing Services
Application Programming Interface (API)
Certified in Cybersecurity Domain 5 links
Vulnerability Assessments vs. Penetration Tests
Data loss prevention (DLP) software
Transport Layer Security (TLS)
Challenge-Response Authentication
Extensible Authentication Protocol (EAP)
Integrated Development Environment
Secure SDLC Principles and Practices
Software Configuration Management
Incident Handling and Response Plan
Security information and event management (SIEM)