best CISSP study guide pdf

CISSP study guide PDF eBook – for FREE

I know that people studying for the CISSP exam are by nature very busy people and I recognize that navigating websites trying to find all the advice you need is often a frustrating experience (even where the navigation is good). To give you a leg up I’ve carefully compiled a new 49 page CISSP study guide pdf which you can download for FREE!

best CISSP study guide pdf

CISSP study guide pdf – what’s in it

This study guide covers practical advice for people who are looking to study for and pass the CISSP exam with a view to becoming CISSP certified. This CISSP Study Guide offers guidance on what the CISSP is and reasons why you may decide to pursue it, strategies and tactics on effective study and advice on last minute preparation before taking the exam. Further to that, it also includes guidance on what happens after you pass the CISSP exam with a view to getting your CISSP certification application completed (and what to do if you don’t pass first time).

This guide isn’t just another technical guide – there are other people who have produced comprehensive guides (such as the Official Study Guide from Sybex and Shon Harris’ guide). This CISSP Study Guide covers advice about how to prepare yourself to give yourself the best chances of success in passing your CISSP exam first time. Here’s a sneak preview of the table of contents to give you a flavor of the content:

  1. What is CISSP?
  2. Planning for certification
  3. Study options
  4. Planning your CISSP study
  5. Note taking
  6. Flashcards
  7. How to revise
  8. How to know when you’re ready
  9. 24hrs to go…
  10. My top 5 CISSP exam tips
  11. Passed? – now get certified
  12. Thanks for reading (and where you can get more)
  13. Appendix A – Didn’t quite make it first time? Don’t give up!
  14. Appendix B – List of study resources
  15. Disclaimer

The CISSP Study Guide PDF is structured to read in the order that you progress through the CISSP certification process: from the initial decision to get certified and the requirements to get certified, through planning and structuring your studies, revision techniques, last minute exam preparation  and how to get certified after passing.

I know someone else who would benefit from this CISSP study guide, can I share it?

Yes! Absolutely! The guide is free and I actively encourage you to share the guide with anyone you feel could benefit. The only request that I have is that you include a reference and hyperlink to when you do so.

OK, I want it – how do I get it?

Simply scroll down and fill in your email address in the box below and press the blue ‘Submit’ button – I’ll email you the link where you can download your CISSP Study Guide PDF straight away. Hate being on mailing lists? No problem, every email (including the initial one you’re sent) has an unsubscribe link built in. If you decide to stick around I’ll be pleased to have you on board – subscribers get stuff before everyone else and it gives you a way to email me directly if you have any questions.

Good luck with your studies!


Planning for certification


The purpose of this article is to discuss the various options for getting CISSP certified and to answer some of the common questions that arise. If you have any further questions then by all means leave a comment at the foot of the article. The bottom line in terms of getting certified is that there are two primary hurdles:

  • you must pass the CISSP examimage of calendar
  • you must have 5 (or in some circumstances 4) years of relevant experience

Although you may have your sights set on the exam and are concentrating on that being the challenge, it’s important that you consider the experience requirement carefully. From the point that you pass the exam, you start a timer which gives you 6 years to certify. If you don’t manage this, you have to take the exam again (which no one wants to have to do, believe me, once is enough). This 6 year window gives you time to build up your experience in order to get certified but what sort of experience do you require?

Experience requirement

The first thing to know, is how much experience is needed. You may have noticed that in the bullet points above I referred to either 5 or 4 years being required. This depends on whether you can waive a year by having a relevant qualification or certification. The (ISC)2 guidelines state that:

“A candidate shall be permitted a waiver of one  year experience if:

  • Based on a candidate’s educationman fishing - demonstrating patience
    Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree or regional equivalent or an advanced degree in information security from the U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE).


  • For holding an additional credential on the (ISC)² approved list below
    Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator, or instructor that requires information security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual full-time information security work (not just information security responsibilities for a five-year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.”

(source: (ISC)2 February 2017)

So, if you want to use 4 rather than 5 years, you either need an undergraduate degree (or the alternative listed above) or you need a credential from the approved list. In addition the work must be paid and cover at least two of the 8 domains from the Common Body of Knowledge. The best source that I’ve found to decide whether your experience is sufficient, is to use the exam outline provided by (ISC)2 because it breaks down each domain into sub topics, which make it much easier to gauge your level of relevant experience. You can download a free copy of the exam outline here.

Planning when to take the exam


By now you should have noticed that this decision is dictated largely by how you intend to fulfill the experience requirement. If you already have the 4/5 years of experience then it doesn’t matter when you pass. If you’re looking to change careers and feel being certified would be of benefit, or if you have a significant period of free time in which to study, then of course these factors will affect your decision of when to take the exam, but having the experience already makes the tactical decision of when to study for/take the exam moot.

You can pass the exam without the experience and become an Associate of (ISC)2. This effectively means that you get to bank your exam for 6 years, at the end of which you must have your 4/5 years of experience in order to certify as a full CISSP. You can call yourself an Associate of (ISC)2 but cannot call yourself CISSP, or imply that you are certified in any way while you are an associate. This 6 year timer can give you a good idea of how to plan your certification if you don’t yet have the required amount of experience. There are a number of situations you may find yourself in which I have laid out below:

  1. you have no relevant experience and are not in a job that will give you that experience
  2. you have no relevant experience but have started a permanent full time job that will give you the relevant experience (in 2+ domains)
  3. you have some years of relevant experience but are short of the required 4-5 years

If you fall into scenario 1 you may wish to think twice about whether you really want to study for the exam just yet. If you pass, you then have the pressure of finding the relevant 4-5 years of experience when don’t yet even have a job that will give you that experience. My recommendation in this case is to wait until you are in a relevant role. For those of you who are in scenario 2 then there’s nothing stopping you taking the exam and becoming an Associate of (ISC)2 until you have accrued the relevant experience. Your timing in this case will probably depend on when you have the time to study (e.g. if you’re planning on having children in the next couple of years then now might be a better time to hit the books!). The 3rd scenario is similar but gives you a little more of a cushion in that you can already knock some time of the 4/5 year requirement.


The decision of when to study for and take the CISSP exam depends on a combination of:

  • how you will fulfill the experience requirement
  • when you will have sufficient time to study
  • when you are planning a career change that would benefit from being certified

The long and short of it is that you must either have the required 4/5 years of experience when you pass the exam, or be confident that you will have within 6 years of passing the exam. If you have found this article useful or have any feedback please comment below and share with anyone you think might benefit from it! You can also get hold of study materials to help you pass your exam from the resources page!

Next – Study options