To some extent, doing leads to learning like no other approach. The lack of confidence can probably be addressed by reading, visiting key security related Web sites and online forums, and keeping up with news, trends, and events in the security industry. You might want to address this same query to the great community online at Clement DuPuis’s outstanding CISSP-focused site www.cccure.org.
Look at job postings that mention CISSP online (dice, hotjobs, etc.) and see what skill sets they’re seeking. This will help you decide what subjects to bone up on, and lead you toward books and online materials to help supplement your knowledge base.